dev/mail#79 - Use OpenID Connect with MS Exchange

At time of writing, there appears to be a problem in Microsoft's services:
if you request both `User.Read` and `IMAP.AccessAsUser.All`, then the token
does not actually work for IMAP access.

However, it is does work to combine `openid` and `IMAP.AccessAsUser.All`.

This patch revises the MS Exchange definition to get resource-owner details
via OpenID Connect's `id_token`.

diff --git a/ext/oauth-client/providers/ms-exchange.dist.json b/ext/oauth-client/providers/ms-exchange.dist.json
index 5cf1317614aff413c796837dcd73ca5e4176ad85..b496c5cb01a1efebe8067fe8ea673f5ca4d8356c 100644 (file)
--- a/ext/oauth-client/providers/ms-exchange.dist.json
+++ b/ext/oauth-client/providers/ms-exchange.dist.json
@@ -3,24 +3,25 @@
   "options": {
     "urlAuthorize": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
     "urlAccessToken": "https://login.microsoftonline.com/common/oauth2/v2.0/token",
-    "urlResourceOwnerDetails": "https://graph.microsoft.com/v1.0/me",
+    "urlResourceOwnerDetails": "{{use_id_token}}",
     "scopeSeparator": " ",
     "scopes": [
-      "User.Read",
       "https://outlook.office.com/IMAP.AccessAsUser.All",
       "https://outlook.office.com/POP.AccessAsUser.All",
       "https://outlook.office.com/SMTP.Send",
+      "openid",
+      "email",
       "offline_access"
     ]
   },
   "mailSettingsTemplate": {
-    "name": "{{token.resource_owner.mail}}",
-    "domain": "{{token.resource_owner.mail|getMailDomain}}",
+    "name": "{{token.resource_owner.email}}",
+    "domain": "{{token.resource_owner.email|getMailDomain}}",
     "localpart": null,
     "return_path": null,
     "protocol:name": "IMAP",
     "server": "outlook.office365.com",
-    "username": "{{token.resource_owner.mail}}",
+    "username": "{{token.resource_owner.email}}",
     "password": null,
     "is_ssl": true
   }