mekeor

today, i set up emacs gnus as mail client for my work email at microsoft outlook. an administrator of our microsoft-tenant had to approve my client-id and -secret beforehand.

- emacs mail reader: gnus (with some custom elisp)
- sasl plugin kdexoauth2 for cyrus sasl method
- pizauth as oauth2 daemon
- msmtp for smtp
- isync / mbsync for imap

my custom elisp code ensures that pizauth server is running; opens the approval-URL in my browser; and asks me if i have clicked the button in the browser, before it fetches the emails.

as a final step, i'm going to set up mu as gnus search backend. just like i do for my personal emails on my personal computer.

#emacs #gnus #mail #email #outlook #microsoft #oauth #oauth2 #mbsync #isync #msmtp

Mar 27 at 11:07amWeb
Show threadAshish Panigrahi1d ago
@mekeor How did you get your administrator to approve? My org has specifically whitelisted only outlook webmail and thunderbird. Along with 2FA authentication, this seems like way too much work just to get mail working (but believe me I'm still trying to convince our IT to approve notmuch, mu4e and GNUS).
Show threadgraywolf1d ago
@paniash @mekeor You can always just use the -id and -secret from thunderbird, that is what I did in the last job.
Show threadmekeor1d ago
@graywolf @paniash right. (see my other comment.) in my case, the admin also had to approve the thunderbird credentials.
Show threadAshish Panigrahi1d ago
@graywolf @mekeor Ah interesting! So I guess just spoofing the mail user agent is enough? I thought Microsoft had some low-level authentication for email clients.
Show threadmekeor1d ago

@paniash you can try to use the client-id and -secret of older thunderbird. it's public:

- client-id: "08162f7c-0fd2-4200-a84a-f25a4db0b584"
- client-secret: "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82"
- source: https://simondobson.org/2024/02/03/getting-email/

a tenant-administrator needs to approve the client-id:

- opening following URL (with replaced tenant- and client-id)
https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id={client-id}
- giving following priviledges:
- IMAP.AccessAsUser.All
- POP.AccessAsUser.All
- SMTP.Send
- offline_access
- source: https://support.mozilla.org/en-US/kb/microsoft-oauth-authentication-and-thunderbird-202

Local email from Office365 using OAUTH2 with mbsync | Simon Dobson