Re: Outlook XOAUTH2 "AUTHENTICATE failed" message with working mutt_oauth2.py

[Norm W. <nor...@fa...>]

Hi Peter and list,

I just realized that I received some advice off-list from another list 
member.  It helped me resolve the problem, but the conversation about 
how I resolved the problem isn't in the list for future readers.

The problem was in my mbsyncrc.  In the IMAPAccount section, I had set 
the "User" entry as:

    User username@wor...@ou...

This is the form used by my email client for connecting to my work's 
IMAP server.  For mbsync, it just should be

    User username@workdomain

With this change, the authentication error was resolved and mbsync 
started syncing my work email.

I ran into one other problem - my work's IMAP server terminated the 
connection after the sync had partially processed my messages.  To avoid 
this, I added an entry

    PipelineDepth 1

to my IMAPAccount section.

With these changes, I was able to successfully sync with my work email
using mbsync with mutt_oauth2.py.

Regards,
Norm


On 09 Jul, Norm Wood wrote:
>Hi Peter,
>
>Thanks for providing the details of how you set this up with oauth2ms.
>
>I ended up returning to using mutt_oauth2.py, since I was already 
>using it with mutt.  It worked fine after correcting the "User" entry 
>in the IMAPAccount section of my mbsyncrc as pointed out by Marton 
>(and as described in Marton's webpage, a detail that I overlooked).
>
>One thing I'll mention to possibly help future readers is that I 
>didn't need to install the Moriyoshi cyrus-sasl-xoauth2 plugin.  Some 
>linux distributions include libkdexoauth2 (in Slackware 15, this is in 
>/usr/lib64/sasl2) and this provides the xoauth2 plugin.
>
>Thanks for the support, it's appreciated!
>
>Regards,
>Norm
>
>
>On 08 Jul, Peter P. wrote:
>>Hi Norm,
>>
>>* Norm Wood <nor...@fa...> [2025-07-07 19:36]:
>>[...]
>>>appreciate suggestions on how to diagnose the problem further.  After
>>>looking through isync-devel, I've also tried authenticating using the
>>>oauth2ms tool.
>>
>>I had success here with the instructions from
>>https://people.maths.bris.ac.uk/~mb13434/linux_m_uob/o365_imap_smtp.html
>>and below are my notes from how I did it about two years ago. Perhaps
>>this is helpful? They come without any warranty though.
>>
>>best, Peter
>>
>>------>
>>	sudo aptitude install libsasl2-dev
>>	git clone https://github.com/moriyoshi/cyrus-sasl-xoauth2.git
>>	./autogen.sh
>>	./configure
>>Edit Makefile to have the line
>>	pkglibdir = ${CYRUS_SASL_PREFIX}/lib/sasl2
>>yield
>>	pkglibdir = ${CYRUS_SASL_PREFIX}/lib/x86_64-linux-gnu/sasl2
>>and run
>>	sudo make install
>>which installs libraries into /usr/lib/x86_64-linux-gnu/sasl2
>>Reinstall isync to make it aware of the new sasl plugin(?)
>>	sudo aptitude reinstall isync
>>Get this following tool to fetch oauth2 tokens and copy it into ~/bin
>>	git clone https://github.com/harishkrupo/oauth2ms.git
>>	cd oauth2ms
>>	cp oauth2ms ~/bin/
>>Install requirements via apt
>>	apt install python3-xdg python3-msal python3-gnupg
>>Now I need to create and edit ~/.config/oauth2ms/config.json to yield
>>	{
>>		"tenant_id": "TENANT_ID",
>>		"client_id": "CLIENT_ID",
>>		"client_secret": "CLIENT_SECRET",
>>		"redirect_host": "localhost",
>>		"redirect_port": "5000",
>>		"redirect_path": "/getToken/",
>>		"scopes": ["https://outlook.office.com/IMAP.AccessAsUser.All", "https://outlook.office.com/SMTP.Send"]
>>	}
>>Where TENANT_ID and CLIENT_ID are long strings which I got from the
>>local administrators of that email service.
>>Then I ran oauth2ms and it opened a browser through which I logged in and oauth2ms received a token in return, which got stored as ~/.local/share/oauth2ms/credentials.bin
>>
>>
>>_______________________________________________
>>isync-devel mailing list
>>isy...@li...
>>https://lists.sourceforge.net/lists/listinfo/isync-devel