Open Bug 1999328 Opened 4 months ago Updated 3 months ago

Add Okta OAuth provider to Thunderbird

Categories

(MailNews Core :: Networking: Exchange, defect)

Product:
MailNews Core
Component:
Networking: Exchange
Version:
Thunderbird 146
Type:
defect

Tracking

(Not tracked)

People

(Reporter: dave.wiegman, Unassigned, NeedInfo)

References

(Blocks 2 open bugs)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:144.0) Gecko/20100101 Firefox/144.0

Steps to reproduce:

I have attempted to add my O365 based email as EWS both in a fresh new profile and manually configuring in Account Hub, however neither work. I have tried this with 144, 145 and 146

Actual results:

In a fresh profile, it does launch the Okta authentication, I grant access, but then it attempts to look up common server names, fails to find them, and then prompts for IMAP/SMTP server information.

In account hub, using the automated version or manual config, I set EWS, put in the O365 EWS URL, https://outlook.office365.com/EWS/Exchange.asmx, then it asks for a password. Of course it will error out with "Unable to log in at server. Probably wrong configuration, username or password.", since it should be forcing me to log in with Okta.

Expected results:

It should allow me to log in with Okta, so that I can authenticate with O365 and not be forced to switch to Evolution when they disable IMAP support.

Component: Untriaged → Networking: Exchange
Product: Thunderbird → MailNews Core
Blocks: tb-ms-exchange

Thanks for trying out Exchange support in Thunderbird!

Thunderbird doesn't currently have an application registered with Okta's identity platform, which is what is required for OAuth to work, but since Okta seems like a large identity provider, I think the solution to this is for us (Thunderbird) to register an application ID with Okta and add another OAuth provider to Thunderbird's list of providers to streamline this for all users from orgs that use Okta.

From a quick look at the documentation, I'm not sure what the OAuth scopes look like for mail and mail folder access and how they integrate with o365.

OAuth API integration: https://developer.okta.com/docs/guides/implement-oauth-for-okta/main/
Okta's Office365 page: https://www.okta.com/integrations/microsoft-office-365/

Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Unable to add EWS account with Okta authentication → Add Okta OAuth provider to Thunderbird

Dave, do you currently use an open-source client that works with your Okta provider? If so, which one? Also, has your organization provided you with OAuth details like client/application ID, tenant, or auth/token endpoints? If so, we currently have an experimental option to allow full customization of that information. If you do have that information (do not post it here), I can send you some instructions on enabling the experimental option and using that information to set up an account fully manually using that option.

I think the long term solution to this is as I said above, but if you're able to check this, it'd be super helpful for us to validate both the current experimental manual implementation and the specific proposed solution I wrote above.

Thanks again!

Flags: needinfo?(dave.wiegman)
You need to log in before you can comment on or make changes to this bug.