GNU bug report logs - #72358
29.4; oauth2.el improvements

Previous Next

Full log

View this message in rfc822 format

From: Xiyue Deng <manphiz <at> gmail.com>
To: Björn Bidar <bjorn.bidar <at> thaodan.de>
Cc: Robert Pluim <rpluim <at> gmail.com>, 72358 <at> debbugs.gnu.org
Subject: bug#72358: 29.4; oauth2.el improvements
Date: Thu, 08 Aug 2024 01:29:49 -0700

Björn Bidar <bjorn.bidar <at> thaodan.de> writes:

> Xiyue Deng <manphiz <at> gmail.com> writes:
>
>> Xiyue Deng <manphiz <at> gmail.com> writes:
>>
>>> Björn Bidar <bjorn.bidar <at> thaodan.de> writes:
>>>
>>>> Robert Pluim <rpluim <at> gmail.com> writes:
>>>>
>>>>>     Xiyue> - This will invalidate all existing entries and a user will have to redo
>>>>>     Xiyue>   the authorization process again to get a new refresh token.  However,
>>>>>     Xiyue>   I think it's more important to ensure that oauth2.el works correctly
>>>>>     Xiyue>   for multiple accounts of the same provider, or a user may suffer from
>>>>>     Xiyue>   confusion when adding a new account invalidates a previous account.
>>>>>
>>>>> I donʼt think thatʼs too big a concern. 'modern' authentication flows
>>>>> regularly re-prompt, so this will not be too surprising (although
>>>>> maybe call it out in the packageʼs NEWS or README).
>>>>
>>>> In many cases the refreshing of tokens is transparent to the user there
>>>> doesn't have to be a re-prompt to refresh the token if the OAuth
>>>> provider support it.
>>>> Micrsofts OAuth workflow is quite good in this regard as there's a
>>>> non-standard error to indicate when the user has to re-authorize the
>>>> application.
>>>>
>>>
>>> Actually I am currently having trouble for a few weeks to get my
>>> outlook.com email work with MS OAuth2.  To avoid some repeated typing, I
>>> have documented the issues and steps I have tried in this stackoverflow
>>> question[1].  I would great appreciated it if you can shed some lights
>>> there
>>>
>>>> I assume all implementation of OAuth have their quirks.
>>>
>>> Indeed.
>>>
>>>
>>> [1] https://stackoverflow.com/questions/78787763/getting-aadsts65001-error-invalid-grant-when-trying-to-refresh-access-token-fo
>>
>> Just want to report back that after confirming with an MS representative
>> through online chat, outlook.com has actually disabled refreshing
>> access_token through the token endpoint, and users are asked to migrate
>> to Outlook app or compatibles apps (Thunderbird still works).  I'm not
>> sure whether this is also the case for organization emails, which may
>> also be disabled by default (or soonish if not already) but can be
>> enabled separately by an org admin.  Anyway, I'd suggest people stop
>> wasting your time here and use Gmail (or maybe Yahoo mail) which has
>> decent 3rd party OAuth2 support.
>
> Can you link a source about that?

Unfortunately the MS representative didn't provide any link for this.

-- 
Xiyue Deng

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.