RIP M$ basic auth support πŸ’€ ────────────────────────────────────────────────────────────────────── Microsoft must hate their users. I've seen the news come up a few time, thinking that would be nothing but a joke. But here we are: Basic authentication for microsoft exchange is dead πŸ’€. This means that the only way to authenticate to your office 365 mail box is using the XOAuth2 mechanism. And hear me out, it's a pain! However, I'm not writing this post as yet another rant against microsoft. It is a brain dump of what I did to get it working again, because I'll need it sooner of later (and you'll probably need that too!). # Process This will let you retrieve/send email with isync/msmtp respectively. At the end of the day, you'll still use a username/password, it's just that getting that "password" (XOAUTH2 token) is a pain in the neck. 0. Get a stress ball, put it somewhere close to you 1. Login to https://portal.azure.com with your email account 2. Navigate to the "App Registration" page (use the searchbar) 3. Register a new "app" 3.0 Name it "blebleble" (this is important) 3.1 Select "Single tenant" access 4. Authentication 4.0 Add platform: Mobile + Desktop 4.1 Set redirect URI: http://localhost 4.2 Advanced settings Allow public client flow: YES 5. API Permissions 5.0 Microsoft Graph: (allow them all, really…) - email - offline_access - IMAP.AccessAsUser.All - POP.AccessAsUser.All - SMTP.Send - User.Read 6. Overview: copy "client" and "tenant" ID 7. Download xoauth2.py[0] (modified by me, thank you sir Perlis!) 8. Replace TENANT_ID and CLIENT_ID in the source with your own 8.1 (Optional) edit ENCRYPTION_PIPE/DECRYPTION_PIPE This currently use cat(1). Use a decent crypto tool if you care, like cream[1] or age 9. xoauth2 ~/.cache/o365.token -a 9.0 OAuth2 registration: microsoft 9.1 OAuth2 flow: localhostauthcode 9.2 Account email address: you@coolstory.bro 9.3 Navigate the link 9.4 Accept permissions VOILΓ€! πŸ˜«πŸ”« You should now be authorized to read your emails. Use the command `xoauth2 ~/.cache/o365.token` to get your current access token, and use it as your password. Here is my own ~/.mbsyncrc for reference: IMAPAccount o365 Host outlook.office365.com Port 993 User me@coolstory.bro PassCmd "xoauth2 ~/.cache/o365.token" SSLType IMAPS SSLVersions TLSv1.2 TLSv1.3 AuthMech XOAUTH2 Notes: For mbsync, you'll need to install the Cyrus sasl2-xoauth2 module The xoauth2 token is stored unencrypted on disk. Look for ENCRYPTION_PIPE and DECRYPTION_PIPE in xoauth2.py to handle encryption is you care (current encryption tool: cat(1)). -- ~wgs [0]: gopher://z3bra.org/0/notes/xoauth2.py [1]: gopher://z3bra.org/0/projects/cream.txt 20221025.1859