I’m in a similar position to this post, but their solution doesn’t work in my case.
I’m trying to use IMAP with OAuth2 to access my university email account, which is an Office365 account. This works fine in Thunderbird, but when I use the same settings (documented here) in Evolution, I get redirected to login.live.com which is the wrong location (my university account is not a live .com account).
I’ve tried setting it up as a “Microsoft 365” account instead, but my university doesn’t grant access to Evolution, so that ends in an “Need admin approval” error. I’ve tried getting around this following Milan’s suggestions in the thread at the first link above, but no luck: the solution that worked for that poster ends with an error in my case (AADSTS65002: Consent between first party application and first party resource must be configured via preauthorization).
Hi,
the IMAP for corporate accounts is not enabled, the “OAuth2 (Outlook)”
authentication method works only for the free accounts, due to the
OAuth2 entry point that auth method uses.
No idea what the Thunderbird uses for the IMAP/SMTP OAuth2 against the office365.com addresses.
(AADSTS65002: Consent between first party application and first party
resource must be configured via preauthorization).
I do not recall seeing that error before. Does it happen when you
changed the application ID in the mail settings of that Microsoft 365
account at the OAuth2 section? Those changes are tricky to apply,
especially in the background processes, unfortunately, thus I suggested
the evolution --force-shutdown to have everything restarted from
scratch. You probably tried also the third application ID from the wiki
page I mentioned in that post, right? It identifies the app as an
Outlook plugin, thus something what the server usually auto-allows.
Well, unless the university admins are very cautious and strict for
what they let log in.
In general, to my current knowledge and experience, the Microsoft 365
account (the Microsoft Graph API) is more friendly on the server side
than the EWS. You’d need the very latest version of the evolution-ews,
currently 3.56.x series, because the previous versions have sever bugs
in this protocol implementation.
Anyway, I think I could look on the IMAP a bit, but I’m currently busy
with other fun, thus it’ll take a long time before I’d get to it. I’m
sorry.
Bye,
Milan
P.S.: or try the Thunderbird app ID, but pssst, I did not say that
Thanks for the swift reply! The AADSTS65002 error happens when I set the Application ID to the third option on the Wiki page. I did try doing evolution --force-shutdown first to get a clean state (I even tried rebooting!), but it still gets that same error.
I also tried using the Thunderbird App ID given here, but got the “Need admin approval” error again. Which is strange, because I can successfully set up Thunderbird using its “Exchange/Office365” option (not IMAP!). Maybe they’re using a different App ID now?
Anyway, if you ever do get the IMAP option figured out, I’d love to come back and give Evolution another try! Thanks again.
The AADSTS65002 error happens when I set the Application ID to the
third option on the Wiki page.
Hi,
I see, according to this thread [1] they claim the app ID cannot be
used intentionally. I guess that key has disabled IMAP scope, or some
such thing, because for EWS and Microsoft 365 it works fine (or it
worked the last time I tried).
Which is strange, because I can successfully set up Thunderbird using
its “Exchange/Office365” option (not IMAP!). Maybe they’re using a
different App ID now?
No idea about Thunderbird, though it can also use different entry
point, not the live.com address.
Anyway, if you ever do get the IMAP option figured out, I’d love to
come back and give Evolution another try! Thanks again.
