[Davmail-users] How to read MFA authentication code with Thunderbird Lightning calendar?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

We've run a Davmail Linux server successfully for over 4 years with the 
davmail 5.2.0 code, in order to access our university's Exchange calendar 
from a Thunderbird Lightning client (up-to-date TB 102.10.0 Linux).

Two things have changed recently at our site:

1. I'm building a new Davmail server on an EL8 (AlmaLinux 8.7) server, 
where I built a davmail-6.1.0-1.el8.noarch.rpm from the latest source 
tar-ball.

2. Our university is migrating their Exchange server into Azure and will 
use Azure MFA authentication going forward.

Now, in order to use Azure MFA I've tried the following configuration file 
/etc/davmail.properties Basic settings:

davmail.server=true
davmail.mode=O365Modern
davmail.url=https://outlook.office365.com/EWS/Exchange.asmx
davmail.oauth.persistToken=true
davmail.oauth.redirectUri=https://login.microsoftonline.com/common/oauth2/nativeclient
(Further configuration I've copied from my old davmail 5.2.0 server.)

This ALMOST works!  When I create a new calendar in Thunderbird with the 
location https://<server>:1080/users/<USERNAME>@dtu.dk/calendar
then my Exchange calendar items appear in the Calendar pane, and a TB 
popup window asks me to enter my Azure MFA username and password.  So far, 
so good.

The O365Modern mode seems to be working correctly: My Microsoft 
Authenticator phone app now pops up and asks whether I would like to 
authenticate the login.  BUT: The app asks me to enter the numeric code 
which is supposedly displayed in my browser!

Question:  How can I get access to the numeric code which I should enter 
into the app??

I don't suppose that Thunderbird Calendar can do this?  But perhaps 
Thunderbird might open an URL (provided by Davmail) in a browser window on 
my Linux desktop?

I haven't been able to find any discussion of Davmail calendar with Office 
365 and Azure MFA.  Can anyone share their experiences or give hints at 
how this problem could be solved?

Interestingly, my old davmail 5.2.0 server keeps working correctly without 
any changes, and without any requirement of the user signing in to Azure 
MFA.  But then again, I have no insight into our university Exchange 
server setup, and whether they're going to shut down the old 
davmail.mode=EWS access after the migration to Azure has been completed.

Thanks a lot,
Ole

-- 
Ole Holm Nielsen
PhD, Senior HPC Officer
Department of Physics, Technical University of Denmark