Support of O365 client_credentials authorization flow
Brought to you by:
mguessan
Menu
▾
▴
4 Attachments
#58 Support of O365 client_credentials authorization flow
The patch set enables EWS+OAuth2 with the client_credentials flow and also updates the [English] GUI to permit setting all required values.
Microsoft is switching off Basic Authentication which means that non-interactive use of DavMail for automated email based services needs to move to app-only authentication which is client_credentials based.
The Exchange server needs to be configured for app-only auth. See https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-authenticate-an-ews-application-by-using-oauth If only specific email accounts should be accessible, suitable access control also needs to be enabled on the server.
Remember the usual: Not responsible for anything, no warranties expressed or implied, your mileage may vary, etc ... :-)
Hi,
We are using DavMail version: 6.0.1-339 and we are implementing O365 authentication, we are getting an error "-ERR Authentication failed: invalid user or password"
we suspect this error is coming due to Password is not passed to O365.
Can you please help us how to apply these patches into our current DavMail version?
error at the O365: Sign-in error code900144Failure reasonThe request body must contain the following parameter: '{name}'.Additional DetailsDeveloper error - the app is attempting to sign in without the necessary or correct authentication parameters.
I am able to manually add the script provided in the patches into source and build using build instructions then I have copied lib and other files from dist folder to exiting installation folder.
now we are able to pass the Client Secret value and Check the Enable OIDC/V2.0 option.
after these settings done, Siebel CRM is able to read emails using O365 via DavMail.
Very interesting contribution.
Can you please provide more details on the application registration process ?
This will only work with application registered in the target O365 tenant, correct ?
Did you have any issue with application registration for EWS access ?
Turns out that I had to implement against what our corporate IT permitted and configured on the Exchange side for the specific case I had of a 24x7 application serving a single account. I have neither control nor visibility of the infrastructure end.
This is why this patch set specifically implements the client_credentials flow based on app-only. The code may be at least partially useful for support of delegated authentication, but I had no means to even consider that.
Yes, this only works if the application has been registered, and is specific to the app-only flow (which is really a bit like user name/pw with the clientId/clientSecret in the end, but for an app).
From: patches@davmail.p.re.sourceforge.net patches@davmail.p.re.sourceforge.net On Behalf Of Mickael Guessant
Sent: Saturday, March 25, 2023 17:23
To: [davmail:patches] 58@patches.davmail.p.re.sourceforge.net
Subject: [EXT] [davmail:patches] #58 Support of O365 client_credentials authorization flow
Caution: EXT Email
Very interesting contribution.
Can you please provide more details on the application registration process ?
This will only work with application registered in the target O365 tenant, correct ?
Did you have any issue with application registration for EWS access ?
[patches:#58]https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceforge.net%2Fp%2Fdavmail%2Fpatches%2F58%2F&data=05%7C01%7Cheinz.wrobel%40nxp.com%7C92f09c0f97a84bbe499b08db2d4d2d6e%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638153581739029263%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=E5uDCMiLY8jcXy%2FywWv%2FU1Ohy4xoFmsJx9UNa%2BRssPk%3D&reserved=0 Support of O365 client_credentials authorization flow
Status: open
Group: v6.0.1
Created: Fri Oct 28, 2022 09:36 AM UTC by Heinz Wrobel
Last Updated: Fri Dec 02, 2022 06:25 PM UTC
Owner: nobody
Attachments:
The patch set enables EWS+OAuth2 with the client_credentials flow and also updates the [English] GUI to permit setting all required values.
Microsoft is switching off Basic Authentication which means that non-interactive use of DavMail for automated email based services needs to move to app-only authentication which is client_credentials based.
The Exchange server needs to be configured for app-only auth. See https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-authenticate-an-ews-application-by-using-oauthhttps://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fexchange%2Fclient-developer%2Fexchange-web-services%2Fhow-to-authenticate-an-ews-application-by-using-oauth&data=05%7C01%7Cheinz.wrobel%40nxp.com%7C92f09c0f97a84bbe499b08db2d4d2d6e%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638153581739029263%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=xPVr92o6m6UXR%2BHEdaUW1UDwIEIVsw8H0FotNxI%2Bjyg%3D&reserved=0 If only specific email accounts should be accessible, suitable access control also needs to be enabled on the server.
Remember the usual: Not responsible for anything, no warranties expressed or implied, your mileage may vary, etc ... :-)
Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/davmail/patches/58/https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceforge.net%2Fp%2Fdavmail%2Fpatches%2F58%2F&data=05%7C01%7Cheinz.wrobel%40nxp.com%7C92f09c0f97a84bbe499b08db2d4d2d6e%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638153581739029263%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=E5uDCMiLY8jcXy%2FywWv%2FU1Ohy4xoFmsJx9UNa%2BRssPk%3D&reserved=0
To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceforge.net%2Fauth%2Fsubscriptions%2F&data=05%7C01%7Cheinz.wrobel%40nxp.com%7C92f09c0f97a84bbe499b08db2d4d2d6e%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638153581739185496%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2FDoPtlgRoIM3Dj%2BUmT4yX1%2FK2QgNy2Iawt90MEpwFWk%3D&reserved=0
Related
Patches: #58