Your message dated Sun, 15 Mar 2026 09:56:17 +0100
with message-id <20260315095617.50be234f@mayene>
and subject line
has caused the Debian Bug report #1077728,
regarding claws-mail: Client secret not recognized for MS Exchange OAuth2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1077728: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077728
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: claws-mail
Version: 4.3.0-1+b1
Severity: normal
Tags: patch
Dear Maintainer,
the MS Exchange OAuth2 method does not recognize a client secret,
although it is sometimes needed. The attached patch fixes that without
changing the current behaviour if no client secret is provided.
Best regards,
Julian Wollrath
--
() ascii ribbon campaign - against html e-mail
/\ - against proprietary attachments
From 4766ab89c699208be5f3b04231996dc4a92e69d0 Mon Sep 17 00:00:00 2001
From: Julian Wollrath <[email protected]>
Date: Tue, 21 Nov 2023 11:30:22 +0100
Subject: [PATCH 1/1] OAuth2: Recognize client secret for MS Exchange
This enables providing a client secret for MS Exchange OAuth2 but
does not change the current behaviour if no client secret is set.
---
src/oauth2.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/oauth2.c b/src/oauth2.c
index eccdd49d8..77179ebba 100644
--- a/src/oauth2.c
+++ b/src/oauth2.c
@@ -85,7 +85,7 @@ static gchar *OAUTH2info[5][17]={
""},
{"login.microsoftonline.com",
"",
- "",
+ ".",
"http://127.0.0.1:8888";,
"/common/oauth2/v2.0/authorize",
"/common/oauth2/v2.0/token",
@@ -340,7 +340,7 @@ int oauth2_obtain_tokens (Oauth2Service provider, OAUTH2Data *OAUTH2Data, const
debug_print("Body: %s\n", body);
g_free(token);
- if(OAUTH2info[i][OA2_CLIENT_SECRET][0]){
+ if(OAUTH2info[i][OA2_CLIENT_SECRET][0] && !(OAUTH2info[i][OA2_CLIENT_SECRET][0] == "." && i == OAUTH2AUTH_EXCHANGE)){
//Only allow custom client secret if the service provider would usually expect a client secret
if(OAUTH2Data->custom_client_secret)
client_secret = g_strdup(OAUTH2Data->custom_client_secret);
@@ -480,7 +480,7 @@ gint oauth2_use_refresh_token (Oauth2Service provider, OAUTH2Data *OAUTH2Data)
body = g_strconcat ("client_id=", uri, "&refresh_token=", OAUTH2Data->refresh_token, NULL);
g_free(uri);
- if(OAUTH2info[i][OA2_CLIENT_SECRET][0]){
+ if(OAUTH2info[i][OA2_CLIENT_SECRET][0] && !(OAUTH2info[i][OA2_CLIENT_SECRET][0] == "." && i == OAUTH2AUTH_EXCHANGE)){
//Only allow custom client secret if the service provider would usually expect a client secret
if(OAUTH2Data->custom_client_secret)
client_secret = g_strdup(OAUTH2Data->custom_client_secret);
--
2.45.2
--- End Message ---
--- Begin Message ---
Version: 4.4.0-1
Fixed with upstream commit 28b2c38.
--
() ascii ribbon campaign - against html e-mail
/\ - against proprietary attachments
--- End Message ---
