Hi Milan,
On Wed, 1 Sept 2021 at 09:08, Milan Crha via evolution-list
<evolution-list@gnome.org> wrote:
>
> On Tue, 2021-08-31 at 18:32 +0200, Vincent Hennebert via evolution-list
> wrote:
> > None of those worked :( Every time the OAuth window shows up, I enter
> > my credentials, confirm the login from my phone’s app, and then get the
> > same error.
>
> Hi,
> I know those keys work fine, not only for me, thus the problem is
> somewhere else.
>
> Your second message in this thread contains a snippet of the OAuth2
> debug log, but not enough of it. I'd need to see what had been sent to
> the server, which resulted into the Bad Request response. The base64
> encoded things and the application and other IDs should be replaced,
> similarly as you did before.
Here is the full log:
(process:140669): libsoup-WARNING **: 17:38:32.604: gssapi step
failed: No credentials were supplied, or the credentials were
unavailable or inaccessible: SPNEGO cannot find mechanisms to
negotiate
(process:140669): libsoup-WARNING **: 17:38:32.833: gssapi step
failed: No credentials were supplied, or the credentials were
unavailable or inaccessible: SPNEGO cannot find mechanisms to
negotiate
[OAuth2] 2021-09-01 17:38:37.339 - Loaded URI: '<Org SSO URL>'
[OAuth2] 2021-09-01 17:38:53.665 - Loaded URI: '<MFA URL>'
[OAuth2] 2021-09-01 17:38:58.832 - Loaded URI: '<Another MFA URL>'
[OAuth2] 2021-09-01 17:39:11.090 - Loaded URI: '<Back to different
org SSO URL'
[OAuth2] 2021-09-01 17:39:11.111 - Loaded URI: 'none-local://'
> POST /<the_tenant_id>/oauth2/token HTTP/1.1
> Soup-Debug-Timestamp: 1630510751
> Soup-Debug: SoupSession 1 (0x561d22db7c40), SoupMessage 1
(0x561d239b0e60), SoupSocket 1 (0x561d2423d3f0)
> Host: login.microsoftonline.com
> Content-Type: application/x-www-form-urlencoded
> Connection: close
> Accept-Encoding: gzip, deflate
> Accept-Language: en-gb, en;q=0.9
>
>
grant_type=authorization_code&code=<the_code>&redirect_uri=https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Foauth2%2Fnativeclient&client_id=<the_client_id>
< HTTP/1.1 400 Bad Request
< Soup-Debug-Timestamp: 1630510752
< Soup-Debug: SoupMessage 1 (0x561d239b0e60)
< Cache-Control: no-store, no-cache
< Pragma: no-cache
< Content-Length: 485
< Content-Type: application/json; charset=utf-8
< Expires: -1
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< X-Content-Type-Options: nosniff
< P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
< x-ms-request-id: 2a59b83a-6019-45a9-b190-5bda25ba4300
< x-ms-ests-server: 2.1.11984.12 - SCUS ProdSlices
< Set-Cookie: fpc=<cookie>; expires=Fri, 01-Oct-2021 15:39:12 GMT;
path=/; secure; HttpOnly; SameSite=None
< Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; httponly
< Set-Cookie: stsservicecookie=estsfd; path=/; secure; httponly
< Date: Wed, 01 Sep 2021 15:39:12 GMT
< Connection: close
<
< {"error":"invalid_grant","error_description":"AADSTS9002313:
Invalid request. Request is malformed or invalid.\r\nTrace ID:
2a59b83a-6019-45a9-b190-5bda25ba4300\r\nCorrelation ID:
c9bef423-5107-4b78-9c31-0c1d445ded9c\r\nTimestamp: 2021-09-01
15:39:12Z","error_codes":[9002313],"timestamp":"2021-09-01
15:39:12Z","trace_id":"2a59b83a-6019-45a9-b190-5bda25ba4300","correlation_id":"c9bef423-5107-4b78-9c31-0c1d445ded9c","error_uri":"https://login.microsoftonline.com/error?code=9002313"}
[OAuth2] 2021-09-01 17:39:12.436 - Loaded URI: 'none-local://'
I thought the first 2 warnings might have been associated with my
other email accounts but actually not, I temporarily disabled them.
DavMail shows more intermediate connections, but otherwise seemingly
the same steps.
> What values do you change in the OAuth2 settings of the Office 365
> account? Most of the values should be left empty, it's usually enough
> to change/set the Application ID and left the rest empty.
I’m only changing the Tenant and Application IDs. I obtain the OAB URL
by clicking the ‘Fetch URL’ button, but I suppose it has nothing to do
with this issue.
> I think I saw similar error when I changed the Tenant ID to something
> else, when I did not left it to its default value, which is "common". I
> do not know how that works for your company though, due to the multi-
> factor login.
I’ve just tried again leaving the Tenant ID empty and I get the same error.
> I'd guess the settings you use for the DAVMail are not exactly the same
> as for the Evolution-EWS. The only other thing might be the resource
> URI. It's currently derived from the Host Name, while it used to be
> "https://outlook.office.com"; in the past. I understood from your
> messages that you did not update the evolution-ews, it's still the same
> version, you only changed the password on the server.
Well, I switched from the Flatpak version (3.40.3) to the distro
version (3.40.4) to have better GNOME integration (and also with the
vague hope that the issue might have been caused by some cached data),
but I get the exact same error in both cases. I know that several of
my colleagues are having the same issue.
I found ‘https://outlook.office365.com’ somewhere in the DavMail log,
so I tried to set the Resource URI to that in the Advanced Settings,
but again same issue.
> I cannot think of anything else right now, I'm sorry.
Sure, hopefully the above will give you some hints. Thanks for your
efforts anyway!
Vincent
_______________________________________________
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
