Bug 442180 - Unable to define Custom Oauth2 Settings
Summary: Unable to define Custom Oauth2 Settings
Status: REPORTED
Alias: None
Product: Akonadi
Classification: Frameworks and Libraries
Component: EWS Resource (show other bugs)
Version: unspecified
Platform: Debian unstable Linux
: NOR normal
Target Milestone: ---
Assignee: kdepim bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-09-08 15:00 UTC by Jonas Andradas
Modified: 2021-10-04 08:40 UTC (History)
3 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jonas Andradas 2021-09-08 15:00:58 UTC
In order for the EWS in my organization to work properly from Linux a set of custom Oauth2 settings need to be defined/overriden from the defaults.  It was possible to have this working from Evolution (using evolution-ews) when the following settings were defined to specific values:

* OAB URL:  in the form of https://outlook.office365.com/OAB/<UUID here>/oab.xml
* Tenant
* Application ID (for example using Outlook's "d3590ed6-52b3-4102-aeff-aad2292ab01c"
* Redirect URI:  urn:ietf:wg:oauth:2.0:oob

I do not see a way to setup these settings from KMail UI, but have read that I could modify the settings in ~/.config/akonadi_ews_resource_Xrc  (X being 0 or above, depending on the configuration).  I have modified this settings, adding an `Oauth2AppId` option, based on Chriss' blog entry [1], and tried to guess the names for the other settings, but to no avail. An example of how my configuration file is can be found below:

```
AuthMode=oauth2
AutoDiscovery=false
BaseUrl=https://outlook.office365.com/EWS/Exchange.asmx
OABUrl=https://outlook.office365.com/OAB/<REDACTED_UUID>/oab.xml
OAuth2AppId=d3590ed6-52b3-4102-aeff-aad2292ab01c
Oauth2Tenant=<REDACTED-TENANT>
Oauth2RedirectUri=urn:ietf:wg:oauth:2.0:oob
```

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Debian 11 (sid)
KDE Plasma Version:  5.21.5
KDE Frameworks Version: 5.85
Qt Version: 5.15.2
Comment 1 Jonas Andradas 2021-09-08 15:04:50 UTC
Sorry, forgot to add the URL to Chriss' blog [1] from where I got the Oauth2AppId setting name:

[1] https://micreabog.wordpress.com/2017/10/05/akonadi-ews-resource-now-part-of-kde-pim/
Comment 2 Iyán Méndez Veiga 2021-10-01 21:28:31 UTC
Hi Jonas,

I have exactly the same issue as you. My organization only allows Evolution EWS. Here is how I changed the value of the Oauth2AppId usign qdbus:

qdbus org.freedesktop.Akonadi.Resource.akonadi_ews_resource_0 /Settings org.kde.Akonadi.Ews.Settings.setOAuth2AppId "751cf8be-ca07-484b-9308-fac4b9d85eff"

However, it did not work, because not only they check the app id but also how the app responses and if it not as expected, you will not be able to log in. In my case I got the following error:

AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '751cf8be-ca07-484b-9308-fac4b9d85eff'.

Try with the Outlook's appid. In my case, that didn't do the trick either. Hope you are more lucky than me.
Comment 3 Jonas Andradas 2021-10-04 08:40:16 UTC
Hi Iyán, 

thank you for your comments.  I have tried changing this using qdbus as per your suggestions.  I have managed to change both the oAuthAppId and oAuth2ReturnURI with

qdbus org.freedesktop.Akonadi.Resource.akonadi_ews_resource_10 /Settings org.kde.Akonadi.Ews.Settings.oAuth2AppId "d3590ed6-52b3-4102-aeff-aad2292ab01c"

qdbus org.freedesktop.Akonadi.Resource.akonadi_ews_resource_10 /Settings org.kde.Akonadi.Ews.Settings.setOAuth2ReturnUri urn:ietf:wg:oauth:2.0:oob

These settings are changed fine, but when I try to authenticate, I am taken through the journey just as before, so still not able to use Kmail here :(  When access is not allowed because the device is not "configured properly", this is what I get from EWS in the error:

App name:
App id: 00000000-0000-0000-0000-000000000000
IP address: <REDACTED>
Device identifier: Not available
Device platform: Android
Device state: Unregistered

So, despite setting the Custom UserAgent to Microsoft Office 2016, and the OAuth2 App id to Outlook's, it seems that, for some reason, these are not being properly sent to EWS, or at least not in the way the server expects them.