Add Microsoft xoauth2 support

[ChristophWurst]

Fixes #6591

Todo

• Requires Move OAuth access token into a dedicated column #7721
• Oauth workflow
• User UI
• Admin UI

[ChristophWurst]

User UI

I'm facing a little challenge here.

Generally speaking, IMAP accounts with password auth require us to ask the user for a password. XOAUTH2 accounts do not need a password but use a popup screen for the vendor.

With the Gmail XOAUTH2 integration I chose to hide the password input as soon as someone enters an email address that ends with @gmail.com. This works. But it only works for Gmail accounts with the default Gmail domain. Any custom domain hosted by Google falls short. This was acceptable for a first version.

Now, with Microsoft, it seems even more likely that someone uses a domain that doesn't easily allow us to detect it's hosted by Microsoft. Some accounts seem to end with @onmicrosoft.com but there are many more.

A more sophisticated approach for detecting Gmail and Microsoft accounts is to use the IMAP and SMTP hosts found by auto config detection. But auto config detection only happens after the user clicks on Connect. At that point we should already have hidden the password, or not.

So there are at least two approaches we can take here.

1. Always show the password input, but no longer make it required for auto mode. Manual mode stays as is.
   If we detect that the account uses password auth then we abort the setup right after auto detection
   If we detect that it's a Gmail or Microsoft account we just discard the password.
2. Change the setup into a multi step dialogue
   1. Ask for the name and email address
   2. Perform auto detection in the background
   3. If XOAUTH2, open the vendor popup
   4. If config for a password account could be detected, ask for the password
   5. If no config could be detected, show the manual setup

For simplicity I'll probably go with the first one.

[julianfairfax]

User UI

I'm facing a little challenge here.

Generally speaking, IMAP accounts with password auth require us to ask the user for a password. XOAUTH2 accounts do not need a password but use a popup screen for the vendor.

With the Gmail XOAUTH2 integration I chose to hide the password input as soon as someone enters an email address that ends with @gmail.com. This works. But it only works for Gmail accounts with the default Gmail domain. Any custom domain hosted by Google falls short. This was acceptable for a first version.

Now, with Microsoft, it seems even more likely that someone uses a domain that doesn't easily allow us to detect it's hosted by Microsoft. Some accounts seem to end with @onmicrosoft.com but there are many more.

A more sophisticated approach for detecting Gmail and Microsoft accounts is to use the IMAP and SMTP hosts found by auto config detection. But auto config detection only happens after the user clicks on Connect. At that point we should already have hidden the password, or not.

So there are at least two approaches we can take here.

1. Always show the password input, but no longer make it required for auto mode. Manual mode stays as is.
   If we detect that the account uses password auth then we abort the setup right after auto detection
   If we detect that it's a Gmail or Microsoft account we just discard the password.

2. Change the setup into a multi step dialogue
   
   1. Ask for the name and email address
   2. Perform auto detection in the background
   3. If XOAUTH2, open the vendor popup
   4. If config for a password account could be detected, ask for the password
   5. If no config could be detected, show the manual setup

For simplicity I'll probably go with the first one.

I'm looking forward to seeing this support in Nextcloud Mail!

[ChristophWurst]

Tada

[julianfairfax]

When this is merged, how long will it take to receive it as an update?

[ChristophWurst]

Please be patient and refrain from commenting on PRs unless the comment adds value to the code changes or discussion. We are struggling too many notifications already. The comments just slow us down. Thank you.

[st3iny]

Tested and works with my personal account.