GNU bug report logs - #72358
29.4; oauth2.el improvements

Previous Next

Package: emacs;

Reported by: Xiyue Deng <manphiz <at> gmail.com>

Date: Tue, 30 Jul 2024 02:20:01 UTC

Severity: normal

Found in version 29.4

Done: Philip Kaludercic <philipk <at> posteo.net>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Björn Bidar <bjorn.bidar <at> thaodan.de>
To: Xiyue Deng <manphiz <at> gmail.com>
Cc: Robert Pluim <rpluim <at> gmail.com>, 72358 <at> debbugs.gnu.org
Subject: bug#72358: 29.4; oauth2.el improvements
Date: Thu, 08 Aug 2024 12:31:41 +0300

Xiyue Deng <manphiz <at> gmail.com> writes:

>>>>> In many cases the refreshing of tokens is transparent to the user there
>>>>> doesn't have to be a re-prompt to refresh the token if the OAuth
>>>>> provider support it.
>>>>> Micrsofts OAuth workflow is quite good in this regard as there's a
>>>>> non-standard error to indicate when the user has to re-authorize the
>>>>> application.
>>>>>
>>>>
>>>> Actually I am currently having trouble for a few weeks to get my
>>>> outlook.com email work with MS OAuth2.  To avoid some repeated typing, I
>>>> have documented the issues and steps I have tried in this stackoverflow
>>>> question[1].  I would great appreciated it if you can shed some lights
>>>> there
>>>>
>>>>> I assume all implementation of OAuth have their quirks.
>>>>
>>>> Indeed.
>>>>
>>>>
>>>> [1] https://stackoverflow.com/questions/78787763/getting-aadsts65001-error-invalid-grant-when-trying-to-refresh-access-token-fo
>>>
>>> Just want to report back that after confirming with an MS representative
>>> through online chat, outlook.com has actually disabled refreshing
>>> access_token through the token endpoint, and users are asked to migrate
>>> to Outlook app or compatibles apps (Thunderbird still works).  I'm not
>>> sure whether this is also the case for organization emails, which may
>>> also be disabled by default (or soonish if not already) but can be
>>> enabled separately by an org admin.  Anyway, I'd suggest people stop
>>> wasting your time here and use Gmail (or maybe Yahoo mail) which has
>>> decent 3rd party OAuth2 support.
>>
>> Can you link a source about that?
>
> Unfortunately the MS representative didn't provide any link for this.

OK that is to bad, if possible I would ask for an official
response. Microsoft counts as a gate keeper, at least officially in the
EU, they should not be able to act like this.

A workaround would be to request a manual token refresh by authorizing
the application all over again.

I will update you on anything new I have if I get new information that I
can post.
This bug report was last modified 258 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.