450321 – KOrganizer: EWS broken on office365.com using OAuth2

Bug 450321 - KOrganizer: EWS broken on office365.com using OAuth2

Summary: KOrganizer: EWS broken on office365.com using OAuth2

Status:	RESOLVED FIXED

Alias:	None

Product:	korganizer
Classification:	Applications
Component:	groupware (other bugs)
Version First Reported In:	5.14.2
Platform:	openSUSE Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	kdepim bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2022-02-15 17:15 UTC by mac-wang
Modified:	2025-06-29 11:57 UTC (History)
CC List:	5 users (show)

See Also:
Latest Commit:
Version Fixed In:	n/a
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description mac-wang 2022-02-15 17:15:38 UTC

SUMMARY
***
NOTE: If you are reporting a crash, please try to attach a backtrace with debug symbols.
See https://community.kde.org/Guidelines_and_HOWTOs/Debugging/How_to_create_useful_crash_reports
***
The EWS add-on is broken on office365.com using OAuth2

STEPS TO REPRODUCE
1. Create a calendar account of type "EWS" in KOrganizer
2. Enter an outlook.com mail address, select OAuth2 authentication, and provide office365.com as the EWS URL
3. Click "Try connect" button and provide my account credentials

OBSERVED RESULT
On first login attempt, login.live.com complained:
"AADSTS165000: Invalid Request: The user session context is missing. One or more of the user context values (cookies; form fields; headers) were not supplied, every request must include these values and maintain them across a complete single user flow. The request did not return all of the form fields. Failure Reasons:[Missing session context cookie;Token is invalid;]", and login failed with KOrganizer reporting "Failed to process EWS request HTTP 401".
On a subsequent second attempt, only KOrganizer reported HTTP 401.
Closed KOrganizer and tried again, the above situation reappears.

EXPECTED RESULT
I should have my calendar set up and working

SOFTWARE/OS VERSIONS
Windows:
macOS:
Linux/KDE Plasma: openSUSE Leap 15.3/Linux 5.3.18-150300.59.49-default #1 SMP Mon Feb 7 14:40:20 UTC 2022 (77d9d02) x86_64
(available in About System)
KDE Plasma Version: 5.18.6
KDE Frameworks Version: 5.76.0
Qt Version: 5.12.7

ADDITIONAL INFORMATION

Comment 1 zabirraihan6 2022-02-16 07:03:07 UTC

Can only successfully add account by manually inputting email and password (or app password if you use 2fa) and also tryng to connect by manually putting in the office365 exchange URL.

But even so, task lists do show up but they are empty inside. 

Cannot immediately confirm if calendar data loads or not.

Comment 2 Allen Winter 2025-03-14 15:11:12 UTC

it would be nice if someone could test this bug with newer KOrganizer versions (like 6.3.0 or above)
and also with Frameworks 6.12

Comment 3 Allen Winter 2025-03-28 15:18:04 UTC

Krzysztof,  do you think we can resolve this one?

Comment 4 Krzysztof Nowicki 2025-03-29 06:33:13 UTC

The message from the OAuth2 server seems to indicate some missing cookies. Unless it is misleading, which I have sometimes seen in the past, it would indicate, that QWebEngine somehow lost cookies during the authentication flow. Hard to tell what this could have been. Some non-standard OAuth2 flow? I know that there is an option for organizations to customize the UI for the authentication flow.
I can try to reproduce with the accounts that I have access to, but otherwise without logs this will be impossible to debug.

Comment 5 Allen Winter 2025-03-29 11:20:50 UTC

ok then.  since this one is 3 years old now and there's been no reply to my comment since 2 weeks => I'll close

feel free to re-open if this still happens