OAuth2 is not available for Microsoft 365 (Office 365) personal account
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
People
(Reporter: cai.0407, Unassigned)
Details
Steps to reproduce:
Microsoft 365 account:
my-account@outlook.com
personal account with annual Microsoft 365 license
initially created in the age of Hotmail
Server settings:
IMAP
Server Name: outlook.office365.com
Pot: 993
Authentication Method: OAuth2
Security: TLS/SSL
User Name: my-account@outlook.com
SMTP
Server Name: smtp.office365.com
Pot: 993
Authentication Method: OAuth2
Security: TLS/SSL
User Name: my-account@outlook.com
Actual results:
- Tb opens the OAuth2 window (https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=08162f7c-0fd2-4200-a84a-f25a4db0b584&redirect_uri=http%3A%2F%2Flocalhost&scope=https%3A%2F%2Foutlook.office365.com%2FIMAP.AccessAsUser.All+https%3A%2F%2Foutlook.office365.com%2FPOP.AccessAsUser.All+https%3A%2F%2Foutlook.office365.com%2FSMTP.Send+offline_access&login_hint=my-account@outlook.com)
- Confirm my mail address is correctly input in the field
- Click "Next"
- It says "Personal account is not available here. Please use company or school account instead" (roughly translated from Japanese).
Expected results:
Tb can access to Microsoft 365 account via OAuth2
Android K-9 Mail 6.202 (which will become Thunderbird for Android in the future) can access via OAuth2 with same settings.
Normal password authentication is of course OK.
Comment 1•2 years ago
|
||
Bug 1685414 fixed it. Will be uplifted to 102 soon.
Reporter | ||
Comment 2•2 years ago
|
||
(In reply to Magnus Melin [:mkmelin] from comment #1)
Bug 1685414 fixed it. Will be uplifted to 102 soon.
Thanks for navigation.
Comment 3•1 year ago
|
||
per https://bugzilla.mozilla.org/show_bug.cgi?id=1810760#c63 it looks like this account is using the wrong scopes. It should be using outlook.office.com, not outlook.office365.com
Reporter | ||
Comment 4•1 year ago
|
||
(In reply to Andrei Hajdukewycz [:sancus] from comment #3)
per https://bugzilla.mozilla.org/show_bug.cgi?id=1810760#c63 it looks like this account is using the wrong scopes. It should be using outlook.office.com, not outlook.office365.com
Which side have a problem?
Tb? M365?
Updated•1 year ago
|
Comment 5•1 year ago
|
||
Similar to Bug 1775077 - Thunderbird will not ask for an Oauth2 password for office 365 SMTP ?
Comment 6•1 year ago
•
|
||
(In reply to Kosuke Kaizuka from comment #4)
(In reply to Andrei Hajdukewycz [:sancus] from comment #3)
per https://bugzilla.mozilla.org/show_bug.cgi?id=1810760#c63 it looks like this account is using the wrong scopes. It should be using outlook.office.com, not outlook.office365.com
Which side have a problem?
Tb? M365?
We could use some more detailed testing of this one:
- Using 102.7.1, have you tried signing in on a brand new profile? Is that successful?
- Using 110 Beta, can you try signing in on a brand new profile? Is that successful?
This is just for testing, I'm not asking you to continue using a new profile. Thanks!
Comment 7•1 year ago
•
|
||
After testing this myself, I think we are retaining oAuth scopes attached to the account somehow even after they're changed in the oAuth settings.
If signing in using a new profile works, you should be able to delete prefs with "oauth2.scope" in the name to get the old account working again, I hope.
Reporter | ||
Comment 8•1 year ago
|
||
(In reply to Andrei Hajdukewycz [:sancus] from comment #6)
(In reply to Kosuke Kaizuka from comment #4)
(In reply to Andrei Hajdukewycz [:sancus] from comment #3)
per https://bugzilla.mozilla.org/show_bug.cgi?id=1810760#c63 it looks like this account is using the wrong scopes. It should be using outlook.office.com, not outlook.office365.com
Which side have a problem?
Tb? M365?We could use some more detailed testing of this one:
Environment: Win 10 22H2 x64, M365 personal account
IMAP: outlook.office365.com, TLS/SSL (993), OAuth2
SMTP: smtp.office365.com, STARTTLS (587), OAuth2
- Tb 102.7.1 x64 + brand new profile
- Tb 110.0b3 x64 + brand new profile
- Tb 111.0a1 (20230201095127) x64 + brand new profile
In all cases, IMAP is good. The scope used for OAuth2 is outlook.office.com, not outlook.office365.com.
On the other hand, SMTP is bad. As same as bug 1775077, login failed dialog appears, but neither "Retry" nor "Enter New Password" works, endless loop...
bug 1775077#c10 is not applicable for M365 personal account.
"AADSTS500200: User account 'my\account@outlook.com' is a personal Microsoft account. Personal Microsoft accounts are not supported for this application unless explicitly invited to an organization. Try signing out and signing back in with an organizational account."
(In reply to Andrei Hajdukewycz [:sancus] from comment #7)
After testing this myself, I think we are retaining oAuth scopes attached to the account somehow even after they're changed in the oAuth settings.
If signing in using a new profile works, you should be able to delete prefs with "oauth2.scope" in the name to get the old account working again, I hope.
I have found and deleted two prefs below in my usual profile, and tried OAuth2 again.
user_pref("mail.server.serverX.oauth2.scope", "https://outlook.office365.com/IMAP.AccessAsUser.All https://outlook.office365.com/POP.AccessAsUser.All https://outlook.office365.com/SMTP.Send offline_access");
user_pref("mail.smtpserver.smtpX.oauth2.scope", "https://outlook.office365.com/IMAP.AccessAsUser.All https://outlook.office365.com/POP.AccessAsUser.All https://outlook.office365.com/SMTP.Send offline_access");
Got it! IMAP works now!
I've tried OAuth2 with M365 personal account in the past, wrong scopes might be stored at that time.
new:
user_pref("mail.server.serverX.oauth2.scope", "https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send offline_access");
user_pref("mail.smtpserver.smtpX.oauth2.scope", "https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send offline_access");
SMTP does not work on the usual profile...
Now,
- IMAP with OAuth2 and SMTP with normal password authentication
and - IMAP and SMTP with normal password authentication
are available.
SMTP with OAuth2 is bug 1775077.
Reporter | ||
Comment 9•1 year ago
|
||
I think we can close this bug and should focus on bug 1810760 (IMAP/SMTP issue for some Linux users) and bug 1775077 (SMTP issue).
Comment 10•1 year ago
|
||
With version 102.6.1 getting access to the mail server outlook.office365.com with the account of my university works without perfectly.
With 102.7 I can no longer connect to that server.
I reverted back to 102.6.1 and everything worked again. I have waited for 102.7.1 which is supposed to fix this problem. It does not.
Again I reverted back to 102.6.1 to get everything working again.
Reporter | ||
Comment 11•1 year ago
|
||
(In reply to John Bijnens from comment #10)
With version 102.6.1 getting access to the mail server outlook.office365.com with the account of my university works without perfectly.
With 102.7 I can no longer connect to that server.
I reverted back to 102.6.1 and everything worked again. I have waited for 102.7.1 which is supposed to fix this problem. It does not.
Again I reverted back to 102.6.1 to get everything working again.
- The scope of this bug is about M365 personal account, not enterprise/organization account like company and university.
- The authentication problem after upgrading to 102.7.0/102.7.1 is bug 1810760.
Comment 12•1 year ago
|
||
(In reply to Kosuke Kaizuka from comment #11)
(In reply to John Bijnens from comment #10)
With version 102.6.1 getting access to the mail server outlook.office365.com with the account of my university works without perfectly.
With 102.7 I can no longer connect to that server.
I reverted back to 102.6.1 and everything worked again. I have waited for 102.7.1 which is supposed to fix this problem. It does not.
Again I reverted back to 102.6.1 to get everything working again.
- The scope of this bug is about M365 personal account, not enterprise/organization account like company and university.
- The authentication problem after upgrading to 102.7.0/102.7.1 is bug 1810760.
Thank you for this clear explanation. My apologies.
Updated•1 year ago
|
Description
•