Office 365 OAUTH2 #250
Comments
|
I don't know if imapsync Google OAUTH2 allows OAUTH2 for Office365 but I guess it doesn't work at all. |
|
I'm willing to test with my office 365 tennant. |
|
Hi. |
|
I'll try to implement this this year 2021, thanks to encourage me |
|
if you need more beta-testers, I would throw my setup into the ring. currently using the docker image... google syncing works perfect 👍🏼 just waiting for the office 365 oauth integration. thanks mate - for all the time you've invested! |
|
Hi Marcus! Thanks for your proposal. The basic OAUTH2 code is written now. It assumes you have already the access token. I haven't tested it yet on Office365 but since it is the protocol it should work. Tell me. Release 2.216 is there: https://imapsync.lamiral.info/imapsync Another point. Since you talk about a successful Gmail OAUTH2 with an old imapsync it may signify you have globally authenticated gmail users, ie as an admin. This is not available for Office365. A big complication for admins, I quote |
|
Hi @gilleslamiral, that sounds awesome - thanks for your effort and time invested! If you don't mind it would be perfect to push an image update to docker hub - as that gets automatically updated in my environment. I've read about the admin limitation already before - I don't think I will run into that issue as I tried to authorize through Thunderbird in parallel to imapsync (I think it's inside your FAQs to verify it's not a general issue) and Thunderbird authorized through OAuth2. Not sure about the access token yet - but I will figure out and will let you know if all works! Thanks again! |
Done imapsync release 2.143 https://hub.docker.com/r/gilleslamiral/imapsync/
In Thunderbird, the password stored is the refresh token. Combined with the Thunderbird client_id and perhaps client_secret, it There is also a client_id and client_secret for imapsync and a I wrote a shell script to use them to get a refresh token and regenerate access tokens. |
|
@gilleslamiral Where may one find the client_id/client_secret for imapsync and said shell script? |
|
Hi Gilles, any news on using oauth2 to authenticate imapsync in order to migrate mailboxes to office365 ? |
|
Same issue here, any news on OAuth2 for Office365 |
|
It works fine. You just need to obtain the oauth token manually. Method 1: Using mutt_oauth2 change: (from thunderbird, see https://hg.mozilla.org/comm-central/file/tip/mailnews/base/src/OAuth2Providers.jsm) Run Source: Method 2: Powershell |
|
@Yannik Thanks for the info; now i get; Fixed now Created a new Application for it, maybe i messed to much with the old one. But what is now the best command to use in the imapsync? ./imapsync --addheader --automap --host1 mail.server.nl --host2 outlook.office365.com --office2 --password1 '' --password2 '' --user1 USER@DOMAIN --user2 USER@DOMAIN --oauthaccesstoken2 tokenfile1 The Access Key that i got from the Python script is in the ____ Update 28-06 _____ Got it working! So got it working! Thanks |
|
The OAuth2 procedure is a nightmare. Even after investing multiple hours into it, I simply couldn't get it to work. I wish I never went down that rabbit hole which the docs lead me to believe was the only way to make it work. While in fact, BASIC IMAP authentication can simply be re-enabled and works without any issues using username and password. Here's the Python code I came up with for anyone trying to get the OAuth2 nightmare to work: import base64
import imaplib
from time import sleep
import requests
MAIL = 'migrate@domain.tld'
SERVER = 'outlook.office365.com'
# OAuth2 stuff
AUTH_URL = 'https://login.microsoftonline.com'
TENANT_ID = ''
CLIENT_ID = '' # application client id
def test_imap(auth_string):
imap_conn = imaplib.IMAP4_SSL(SERVER)
imap_conn.debug = 10
imap_conn.authenticate('XOAUTH2', lambda x: auth_string.encode())
imap_conn.select('INBOX')
imap_conn.list()
def generate_xoauth2(username: str, access_token: str, base64_encode: bool = True) -> str:
""" Generates XOauth2 String """
auth_string = f'user={username}\1auth=Bearer {access_token}\1\1'
if base64_encode: auth_string = base64.b64encode(auth_string.encode()).decode()
return auth_string
def device_auth_initiate() -> str:
data = {
'scope': 'user.read offline_access email openid profile https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send',
'client_id': CLIENT_ID
}
r = requests.post(f'{AUTH_URL}/{TENANT_ID}/oauth2/v2.0/devicecode', data=data)
response = r.json()
print(response.get('message'))
return response.get('device_code')
def device_auth_acquire(device_code):
data = {
'grant_type': 'urn:ietf:params:oauth:grant-type:device_code',
'code': device_code,
'client_id': CLIENT_ID
}
while True:
print('Polling M365 Graph API for successful authentication...')
r = requests.post(f'{AUTH_URL}/{TENANT_ID}/oauth2/v2.0/token', data=data)
response = r.json()
if response.get('refresh_token'):
print('Successfully authenticated M365 user!')
return response.get('access_token'), response.get('refresh_token')
sleep(10)
if __name__ == '__main__':
device_code = device_auth_initiate()
access_token, _ = device_auth_acquire(device_code)
auth_string = generate_xoauth2(MAIL, access_token, base64_encode=False)
print(auth_string)
test_imap(auth_string) |
|
@alfonsrv Did you get it to work? |
|
No. Not sure which part is not working; not errors showing up in the Sign-in logs – I tried both registering my own Azure app as well as using the Thunderbird Azure app, but it simply doesn't work. Using username + password now. 👍🏼 edit: Just checked again – the main reason it didn't work was because I thought the data has to be Base64 encoded separately, while in fact |
|
@alfonsrv having the exact same issue and tried your code above with no luck. Could you please share what you did to get it working as setting base64encode to false doesn't seem to do the trick. Would be very much appreciated! |
|
@madmudklip should work like that. Make sure:
Permissions:
|
|
@alfonsrv |
|
@madmudklip sure! Can also drop a quick |
|
so oauth itself isn't that bad - using mutt_oauth2.py saves you a lot of time. however the main issue is that at least office365's IMAP server terminates your existing connection when the token expires. so a biggersync taking more than ~75 minutes needs to be restarted every 75 minutes with a refreshed token... |
|
Hello, /usr/bin/imapsync -addheader --automap --disarmreadreceipts --office2 The Token is contained in the file "tokenfile2" I get always the error: Any suggestion? EDIT: EDIT2: |
2 months ago i've used mutt to get the token but now with the same settings in another tenant i cannot get it working. I'm using this settings: Everytime i start the script it return me a string to be used in the web. I retrieve form the page the link http://localhost:XXXXX and connect to it to authorize. I get: I'm using the file mutt_oauth2.py with Do you use different settings? EDIT: |
Hi, can somebody point me to where I get / can configure the oauthaccestoken inside Admin Center 365) Thanks! |
Open Azure Click on Authentication on the left Click on API Permissions (Always in the App Registration section)
Then click on "Grant administrator consent for XXX" I've the panel in Italian language so i've traduced them. |
|
Grazie! Potevi anche rispondere in italiano... capivo... ;-) Thanks a lot! Do I have to create an accesstoken for every user I want to sync or can I create some kind of "masteraccess"? |
For the migration i use a centos 7 VM server, and we dont install GUI on our servers. Just command line!!! So running a browser in the VM is not an option.
I run the command exactly as you wrote it.. Anyway thanks for your help. As the method of [ChilledCucumber], for creating an access & refresh token is working fine for me, i will stick with his method. I will also try the https://imapsync.lamiral.info/imapsync version to solve the problem of re-reading the token file. akops76 |
Ok.
That's strange. What release did you use? The current is 1.24 since 2023/07/18
Ok, good. |
|
Hello @gilleslamiral and thanks for giving oauth2 a tweak like this. I am having this below error on archlinux and MacOS that I tried it so far. Is there some package missing? |
In |
|
Oh thank you! Just tried it.
More I have to install? |
|
It worked after I comment the line. I got the token but then it errors with this |
So, it didn't work. It's because use Mail::IMAPClient is needed |
|
All ok after |
Install the Mail::IMAPClient module Install imapsync, |
|
|
You don't use imapsync? |
Of course I use imapsync, but I was missing IMAPClient.. |
|
i use the version v 1.25 2023/10/12 12:08:11 but something seems not right: |
|
Hi @krull I have a clue now. What I don't understand is how the docker is run?
|
Imapsync release 2.268 added this Get it at |
|
needed to install some modules but I am finally on 2.229 :) Thank you! |
2.229 is buggy... |
|
Best way to go back?
Maybe git clone?
Havent tried it yet…
Sent from Mail.ru app for iOS
Friday, 27 October 2023 at 11:05 PM +03:00 from ***@***.*** ***@***.***>:
…>needed to install some modules but I am finally on 2.229 :) Thank you!
2.229 is buggy...
—
Reply to this email directly, view it on GitHub , or unsubscribe .
You are receiving this because you commented. Message ID: <imapsync/imapsync/issues/250/1783444413 @ github . com>
|
Why go back instead of going forward? Imapsync release 2.268 : |
Tried it again today on fresh 365 tenant (account) but after using imapsync token way like i did on another tenant, i've started to get all those errors i've quoted above. Any help is much appreciate! Thanks in advance! |
|
Hello again :) |
#!/bin/sh
oauth2_office365/oauth2_office365_with_imap o365user@example.com
If using Docker you can do: docker run --rm --platform linux/amd64 -v $(pwd)/tokens:/var/tmp/tokens \
-v $(pwd)/oauth2_office365:/var/tmp/oauth2_office365 gilleslamiral/imapsync imapsync \
--host1 "imap.gmail.com" --user1 "gmailuser@example.com" --gmail1 --password1 'super-secret1' \
--host2 "outlook.office365.com" --user2 "o365user@example.com" --office2 \
--oauthaccesstoken2 /var/tmp/tokens/oauth2_tokens_user@example.com.txt \
--oauthrefreshcmd2 "/var/tmp/oauth2_office365/refresh-access-token.sh" --subfolder2 "my-gmail-import"Edit: Actually scratch that, the
|
|
The shit it takes to make it work! |
I couldn't get this to work. I have used this command: The tokens file seems to be ignored and imapsync cannot authenticate to destination host. And it is working (until token is valid, that is ca 30-60 min). And I am invoking it like this: and it is quitting and restarting with fresh token every 1 hour. |
|
It looks like the token file is not generated. leonroy said:
|
|
Hey guys! Hope you're all doing good. 👍 So the O365 Global Admin for OAUTH2 still no good right? I am in need to get the 1000s of mailboxes synced out of o365, and will be a pain with single User OAUTH2. I tried to read up here, in adding another I am getting Anyone successfully used Global Admin Token? 🤔 |
|
It worked fine for me using imapsync v2.277. I received a user that has access to all mailboxes I need to migrate. I used this script: https://imapsync.lamiral.info/oauth2/oauth2_office365/README.txt I couldn't use the app from lamiral so we created our own app and updated the client id and credentials inside the script. The app had permissions IMAP.AccessAsApp and IMAP.AccessAsAll ( Actually not sure which one is required but both worked). Then I ran the script and received tokens. I used this command on all of the mailboxes I needed to migrate: /usr/local/bin/imapsync --syncinternaldates --office1 --oauthaccesstoken1 ./tokens/oauth2_tokens_ MASKED.txt --user1 MASKED --password1 MASKED --host2 MASKED --tls2 --user2 MASKED --password2 MASKED --subscribe --allowsizemismatch --nofoldersizes --sep1 / --sep2 . --regextrans2 s,/,_,g Note that --user1 is the mailbox user and not the user that I used to create the oauth access token. I hope this helps! Good luck. |
Thank you for this confirmation! 🥳 Will report back with my findings on Cheers @mschering |
So I just tested I can't seem to find Will update once I have progress. |
and others
Since Office 365 stopped supporting Basic Auth, can the code for Google OAUTH2 be applied to Office 365 OAUTH logins ?
The text was updated successfully, but these errors were encountered: