On Thu, 2021-09-02 at 18:19 +0200, Milan Crha via evolution-list wrote: > On Thu, 2021-09-02 at 18:01 +0200, Vincent Hennebert via evolution-list > wrote: > > It looks like Evo is ignoring the content returned by > > the last SSO URL, but of course I may be wrong. > > Hi, > evo reads the returned auth code from the redirect URI and then asks > the server (by other channel) for the token. Just like DavMail or any > other. The token is received from the "/oauth2/token", which is the > place the office365.com rejects the data on your side. > > > After that I see a connection to > > https://login.microsoftonline.com/common/oauth2/nativeclient > > That's the application's redirect URI. The evo-ews uses it too, as its > default. You've got past this place, it's done before the > "/oauth2/token". > > If you can see what DavMail sends to the "/oauth2/token", then compare > it with what evo-ews sends. Maybe they use special scopes or something. > Do you see in the DavMail logs also the "/oauth2/authorize" call?
I do see an authorize call, but before the OAuth is triggered (split over multiple lines for readability): https://login.microsoftonline.com/<the_tenant_id>/oauth2/authorize?clie nt_id=<the_client_id> \ &response_type=code \ &redirect_uri=https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Foauth2 %2Fnativeclient \ &response_mode=query \ &login_hint=<email_address> \ &resource=https%3A%2F%2Foutlook.office365.com That gets a 302 response that redirects to an SSO URL and the authentication dance begins. I do not see any ‘/oauth2/token’ call. The form that posts to https://login.microsoftonline.com/login.srf contains 3 inputs: wa="wsignin1;0" wresult="<some XML with <wst:RequestSecurityTokenResponse xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust";> as a root element>" wctx="estsredirect=2&estsrequest=<a long alphanumeric string>" When POST’ed, that form returns a redirect URL to https://login.microsoftonline.com/common/oauth2/nativeclient?code=<long alphanum string>&session_state=<shorter alphanum string> And that call seems to return the token. Then I see a socket creation to outlook.office365.com, presumably using that token, and DavMail starts listing my email directories. Would EWS_DEBUG=2 and OAUTH_DEBUG=1 show all the connections Evo is making, or could we get more (the 2 seems to indicate a log level and not just an on/off switch)? Vincent _______________________________________________ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
