Summary: | oauth2 auth dialog needs more options for customization | ||
---|---|---|---|
Product: | Claws Mail | Reporter: | henning |
Component: | OAuth2 | Assignee: | users |
Status: | NEW --- | ||
Severity: | normal | ||
Priority: | P3 | ||
Version: | 4.1.1 | ||
Hardware: | PC | ||
OS: | Linux | ||
Attachments: |
connect as client "thunderbird"
part one of tenant-specific client part two of custom tenant application |
Description
henning
2022-03-31 13:59:14 UTC
If i wanted to appear to be "thunderbird" i would also need to change OA2_REDIRECT_URI to "http://localhost" can you attach your patch? I think what would need to happen is the following: - make OA2_SCOPE_FOR_AUTH = OA2_SCOPE_FOR_ACCESS - only add actually used protocols to OA2_SCOPE_FOR_ACCESS ... do not add POP when not used - or make OA2_SCOPE_FOR_ACCESS customizable in the GUI, maybe with its current defaults - use OA2_TENANT in OA2_AUTH_RESOURCE, OA2_ACCESS_RESOURCE, OA2_REFRESH_RESOURCE instead of hardcoded "common" - allow customization of OA2_TENANT in GUI - allow customization of OA2_REDIRECT_URI in GUI (In reply to Paul from comment #2) i do have a patch that maybe does a bit too much and does not actually do the GUI bits, but only changes hardcoded values in OAUTH2info[OAUTH2AUTH_EXCHANGE] Let me reduce that down to a minimum. But i am afraid it would not be of any use for anyone else, except for being a rewrite of my comment in C language. And i would not reveal the tenant id ... But i guess it will serve as a good starting point to illustrate which fields need to be customizable in the GUI to serve setups like mine, or very likely any corporate O365 setup. Created attachment 2277 [details]
connect as client "thunderbird"
uses the "client id" 08162f7c-0fd2-4200-a84a-f25a4db0b584 but needs a custom redirect URL and other capabilities, tenant can stay "common"
Created attachment 2278 [details]
part one of tenant-specific client
here i use a made up tenant, the one i really have to use stays secret, would not be useful to others anyway
my employer created their own "application" "client-id", in order to use that i need to talk to /<tenant-id>/ instead of /common/
Created attachment 2279 [details]
part two of custom tenant application
my employer does not allow POP for any application / client-id
the oauth2 link should not try to request it, or the return will be an error and not the code we need
I attached 3 patches where the last two belong together and turn "OAUTH2AUTH_EXCHANGE" into something that works for a tenant specific client-id, reachable under a custom tenant endpoint and only allowing SMTP and IMAP. These two let me in, via one of the two "applications" that are allowed for my account. The first patch is changing "OAUTH2AUTH_OUTLOOK" to let me in pretending to be "thunderbird". Here the redirect uri needs to be thunderbird (client-id) - specific. And which capabilities are allowed POP/SMTP/IMAP again needs to change according to what my employer allowed that application. This one lets me in via the second application ... "thunderbird". All patches should only do what is needed (for me) and are based on latest "master". I might even try to come up with a patch implementing https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4579#c3 But for now i will let it rest. Because i am not really looking forward to getting into GUI modifications and maybe someone will have better suggestions or be able to propose patches before i dig into gtk hacking. Anyone up to help here? I would really appreciate someone else writing the actual GUI patches and making those fields customizable and/or deriving the protocol caps from the actually used protocols. Being a gentoo user i do not mind too much having to carry local patches (not doing GUI but just hacking static strings to work for me). I might change my mind once those patches do not apply any longer. Fixing this might have great value to many, but i lack the skills to propose generic patches. maybe https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4669 can actually serve as an example if all the values where customizable and a new "provider" could be created in some dialog that guides a bit and has some sane defaults ... not only custom tenants on M365 but also entirely new providers could just be configured without having to change code |