From d551e4c163c2c83dd6c95f422e34c7eabbac25cf Mon Sep 17 00:00:00 2001 From: Tim Otten Date: Mon, 9 Nov 2020 16:47:50 -0800 Subject: [PATCH] dev/mail#79 - Use OpenID Connect with MS Exchange At time of writing, there appears to be a problem in Microsoft's services: if you request both `User.Read` and `IMAP.AccessAsUser.All`, then the token does not actually work for IMAP access. However, it is does work to combine `openid` and `IMAP.AccessAsUser.All`. This patch revises the MS Exchange definition to get resource-owner details via OpenID Connect's `id_token`. --- ext/oauth-client/providers/ms-exchange.dist.json | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/ext/oauth-client/providers/ms-exchange.dist.json b/ext/oauth-client/providers/ms-exchange.dist.json index 5cf1317614..b496c5cb01 100644 --- a/ext/oauth-client/providers/ms-exchange.dist.json +++ b/ext/oauth-client/providers/ms-exchange.dist.json @@ -3,24 +3,25 @@ "options": { "urlAuthorize": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize", "urlAccessToken": "https://login.microsoftonline.com/common/oauth2/v2.0/token", - "urlResourceOwnerDetails": "https://graph.microsoft.com/v1.0/me", + "urlResourceOwnerDetails": "{{use_id_token}}", "scopeSeparator": " ", "scopes": [ - "User.Read", "https://outlook.office.com/IMAP.AccessAsUser.All", "https://outlook.office.com/POP.AccessAsUser.All", "https://outlook.office.com/SMTP.Send", + "openid", + "email", "offline_access" ] }, "mailSettingsTemplate": { - "name": "{{token.resource_owner.mail}}", - "domain": "{{token.resource_owner.mail|getMailDomain}}", + "name": "{{token.resource_owner.email}}", + "domain": "{{token.resource_owner.email|getMailDomain}}", "localpart": null, "return_path": null, "protocol:name": "IMAP", "server": "outlook.office365.com", - "username": "{{token.resource_owner.mail}}", + "username": "{{token.resource_owner.email}}", "password": null, "is_ssl": true } -- 2.25.1