Bug 500123

Summary: SMTP XOAUTH2 fails to auth after period of time when using outlook.com
Product: [Applications] kmailtransport Reporter: tcb1618
Component: generalAssignee: kdepim bugs <kdepim-bugs>
Status: REPORTED ---    
Severity: normal CC: john, kodemeister
Priority: NOR    
Version First Reported In: 6.3.2   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description tcb1618 2025-02-15 12:05:50 UTC 
SUMMARY
When using outlook.com or office365.com for smtp in kmail, sending mail will fail to send with authorization error after period of time. smtp for gmail.com works.

STEPS TO REPRODUCE
1. Create smtp send account using smtp.office365.com or smtp-mail.outlook.com in kmail
2. Send mail. First time will auth app for use
3. Wait for period of time

OBSERVED RESULT
After a period of time sending mail will fail with authorization error.

EXPECTED RESULT
Mail successfully sent

SOFTWARE/OS VERSIONS
Operating System: Fedora Linux 41
KDE Plasma Version: 6.3.0
KDE Frameworks Version: 6.11.0
Qt Version: 6.8.2
Kernel Version: 6.12.13-200.fc41.x86_64 (64-bit)
Graphics Platform: Wayland
 

ADDITIONAL INFORMATION
Comment 1 tcb1618 2025-02-15 12:10:20 UTC 
*** Bug 500105 has been marked as a duplicate of this bug. ***
Comment 2 John Veitch 2025-05-16 08:10:55 UTC 
I am having the same issue. The authentication via browser will sometimes open at a later time, but I don't know how to trigger this manually. When I came back to my computer yesterday after a day of being away I found a dozen open browser tabs that had authenticated with office365, but this morning I have an email in my outbox waiting to be sent and no way to force the authentication to happen!
Comment 3 tcb1618 2025-05-16 09:25:35 UTC 
I was able to correct my problem by patching outlookpasswordrequester.cpp and forcing token refresh.
Comment 4 Arthur Kasimov 2025-05-17 23:49:58 UTC 
I also ran into the same issue. Indeed, the OAuth2 access token expires after several hours, but KMail never attempts to refresh it.

The workaround is to delete the access token in KWalletManager (mailtransports -> Binary Data -> some_id). This forces a fresh authentication via the browser. Unfortunately, this only works for several hours. After that you'll need to reset the access token again.

kmailtransport triggers the token refresh only when ksmtp returns KSmtp::LoginJob::TokenExpired error. In turn, ksmtp returns this error when the server responds with a 334 reply containing a base64-encoded SASL challenge. This works well with GMail but not with Outlook. I guess either kmailtransport or ksmtp should be fixed to handle Outlook's specific behavior.