From Newsgroup: comp.mail.pine
Dear Eduardo,
Thanks very much for this.
Microsoft: client-id - 08162f7c-0fd2-4200-a84a-f25a4db0b584,
client-secret - TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82
So, first try to see if the client-id and client-secret above work for
you.
I tried using the Thunderbird client-id/client-secret pair given in
your post to access my university email using Outlook with the
Authorize flow. I was able to sign into Microsoft after following the
URL from Alpine, but I then got a text box in my browser asking me to
justify my request and explaining that permission from an
administrator would be needed. I filled in the text box, but have not
heard back from them. I'll let you know if anything happens on this
front.
Meanwhile I have created my own Microsoft account to try to understand
what is needed.
If I set up xoauth2 authorisation (M S U) in Alpine using the
Thunderbird client-id/client-secret pair, i.e.,
Outlook
Client-Id = 08162f7c-0fd2-4200-a84a-f25a4db0b584
Client-Secret = TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82
Tenant = <No Value Set: using "common">
Auth Flow = Authorize
Username = XXX
then I get the message "You can't sign in here with a personal
account. Use your work or school account instead." when I open the URL
offered by Alpine.
I also tried registering Alpine in Azure by going to the "Microsoft
Entra admin center" and clicking on "App registrations". I chose "Any
Entra ID tenant + personal Microsoft accounts" as the supported
account type and a redirect URI of "
http://localhost" for "Mobile and
desktop applications". Registering the account gave me the client-id.
I could then click on "Certificates and secrets" and then "New client
secret" to obtain my client-secret. Under "API permissions" I added permissions for IMAP.AccessAsUser.All and SMTP.Send.
When I put the client-id and client-secret in Alpine, I could open the
URL generated by Alpine in my browser, authenticate, and confirm that
I wanted Alpine to access my email. I then got a promising "Unable to
connect" page with URL
http://localhost/?code=BLAH%24%24, which I
copied and pasted into Alpine. But Alpine just briefly flashed up a
message
[>Code 400: invalid_grant: AADSTS70000: The provided value for the 'code' parameter is not valid. Trace ID:<]
If I remove the trailing %24%24 from the URL before pasting into
Alpine, I instead get the message
[>Code 400: invalid_request: AADSTS90023: Public clients can't send a client secret. Trace ID: df7ca99c-585b-<]
Have I done anything obviously wrong when registering Alpine?
(I've just discovered that the trailing %24%24 problem can be avoided
by disabling live SDK support in "Authentication (preview) / settings"
when registering Alpine. However, the "Public clients can't send a
client secret" problem persists.)
Thanks again for your help,
Neil.
--- Synchronet 3.22a-Linux NewsLink 1.2