Ubuntu
evolution-ews package

OAuth2 for Office365 Fails to Obtain Access Token

Asked by Paul Gregory

Hi,

I'm struggling to get the EWS plugin to work for my 2FA enabled Office365 Mailbox and can't find any answers.

I followed this guide: https://wiki.gnome.org/action/login/Apps/Evolution/EWS/OAuth2

I configured the Enterprise Application on my tenant, and although some of the steps in the guide don't fully map to where the settings are (I guess the Azure AD portal has been updated since the guide was written) I have found and set everything OK.

I configured the Evolution client and when I try to test it I do get prompted with a Microsoft 2FA windows as expected, and authorise it in my Authenticator app, but when the client tries to obtain the access token it fails.

I get a long message, but I think they key part of it is this:

"Failed to obtain access token from address" followed by https://login.microsoftonline.com/MYTENANTID/oauth2/token

"the request body must contain the following parameter: 'client_assertion' or 'client_secret'

It seems to be that the Office365 side is set right, but the EWS plugin is sending a malformed request.

FYI my day job is, among other unified communication platforms, an Office365 / Exchange admin so I am familiar with that side of things.

Anyone got any advice?

Thanks

Paul

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu evolution-ews Edit question
Assignee:
No assignee Edit question
Solved by:
Paul Gregory
Solved:
Last query:
Last reply:
Revision history for this message
Paul Gregory (paulgregory) said : 		#1

Hi Again

After some more digging I found the problem - it's a setting in Azure AD and not a problem with the EWS plugin.

This is the post where I found someone having the same problem as me:

https://www.mail-archive.com/search?<email address hidden>&q=subject:%22Re%5C%3A+%5C%5BEvolution%5C%5D+trouble+with+Office+365+and+OAuth2%22&o=newest&f=1

This links to the Gitblab page where the fix is detailed:

https://gitlab.gnome.org/GNOME/evolution-ews/issues/58

This was what I had to do to fix it:

Note: I had to switch my Azure AD portal back to classic appearance to see the Redirect URI setting as shown in the Github post.

Open the Azure AD portal

Navigate to Dashboard-TENANT-App registrations

Open the properties of your app

Choose the Authentication page

Edit the Redirect URI's

Add in Public client/native (mobile & desktop)

Set the Redirect URI to none-local://test

Save.

Once that was done the client started working.

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#2

So... Issue with portal and not Linux ;)

Great to add the solution. It may help others