Mail accounts with domain @bildung.gv.at using outlook.com don't authenticate with xoauth2

[flowlee]

Steps to reproduce

1. Attempt to add a new mail account with @bildung.gv.at domain
2. Enter correct details
3. IMAP and SMTP servers are correctly identified as outlook.office365.com and smtp.outlook.com
4. Click "Connect".

Expected behavior

According to #7722 there should be an option to authenticate via Microsoft.

Actual behavior

No popup is opened and there is no redirect to authenticate via Microsoft.

Error message: IMAP username or password is wrong

Mail app version

3.4.0

Mailserver or service

outlook.com

Operating system

Ubuntu

PHP engine version

PHP 8.2

Web server

Nginx

Database

MariaDB

Additional info

Email accounts using this domain are the official addresses used for education by teachers in Austria.

[ChristophWurst]

Have MS OAuth client ID and secret been configured in the admin settings?

[ChristophWurst]

https://docs.nextcloud.com/server/latest/admin_manual/groupware/mail.html#xoauth2-authentication-with-microsoft-azure-ad

[flowlee]

Thank you for the hint.

The problem is that I can't register an application since these addresses are pretty locked down and I don't have permission to do that. I tried registering an app for another account but that predictably doesn't work either.

Is there no way to do this without administrative rights?

By the way, the popup did appear once I entered the client ID and secret, but in the manual settings it still says "Connect to Google".

[Arcau]

I too am having an issue with this.
I have setup the App registration and everything as per the guide.
However after the pop up comes up the mail app only shows

When clicking into the mail account to check settings it shows down the bottom.
And when attempting to "recconect"

No mail ever actually loads in

[ChristophWurst]

"There was an error"

-> give us relevant console logs and nextcloud.log entries

[Arcau]

Sorry I thought I had attached the paste bin link :/

https://pastebin.com/NbjR68SH

[ChristophWurst]

The account has no access token. Decryption of the empty value fails.

[ChristophWurst]

Second error happens because the account has no account name (e.g. "Jane Doe"). It might just be empty and therefore appear "missing" on as HTTP body argument. Check if your account has a name set.

[Arcau]

The account has no access token. Decryption of the empty value fails.

Forgive my ignorance on this one, is that the app integration portion?

I followed the steps in the guide linked above and did get the prompt to allow access.

I have removed the account and tried to re-add.
On the first attempt it errors.
On the second it then prompts the pop up

Attempting to add the account with

Have changed Name to see if that helped but the same issue happens.
I can hit the connect button multiple times to get the approve prompt.
and it will add the account multiple times, but not actually connect.

I tried to name the account differently to my Nextcloud username also but no luck it seems.

[ChristophWurst]

It's about the name you enter for the account in Nextcloud Mail

Setup	Settings

[Arcau]

I try with Just First and also First and LastName

the logs show some DNS fields also but the DNS server shows a pass through to Outlook

When trying to add it in fresh with all traces removed, I get errors as this.

However I have copied the secret from my AAD so it is correct. Unsure why it is giving this error.
I have also double checked that permissions were set for the app registration also