Re: [Evolution] Failing to connect to Office365 account with MFA

[Apologies if I’m breaking the thread, I don’t seem to have received
the version of this message that was sent to the list.]

On Thu, 2021-08-19 at 19:37 +0200, Vincent Hennebert wrote:
Hi there,

Evolution 3.40.3 on Fedora 34 (flatpak version, but same issue occurs
with version from repository).

My organisation uses Office365 with multi-factor authentication for
email and calendar. I have custom Application and Tenant IDs. The first
time I set up my account, I went through the authentication and it all
worked fine.

Until I had to change my password. Now the MFA window shows up, I enter
my credentials, acknowledge the login from the MFA app on my phone, and
get the following error:

Failed to obtain access token from address [...] Bad Request
({"error":"invalid_grant","error_description":"AADSTS9002313: Invalid
request. Request is malformed or invalid" [...] })

As a workaround I set up DavMail so that I can keep accessing my
account using imap and caldav, but it’s not working super well and I’d
prefer to stick to Evolution’s native EWS support.

In case that matters: before I had to change my password, the MFA
window would show up several times a day, but I found that I could just
ignore it (press Escape) and still be able to refresh my email and
calendar. DavMail displays the MFA window only at startup and never
after (or maybe just once a day, haven’t been observing its behaviour
for long enough yet).

Any ideas?


Hoping to elicit an answer to this request, I followed the
troubleshooting instructions on the following page:

I’m seeing OAuth2 messages that look OK. At some point I have


Then this:
< HTTP/1.1 400 Bad Request
< Soup-Debug-Timestamp: 1629992911
< Soup-Debug: SoupMessage 1 (0x559af3719e80)
< Cache-Control: no-store, no-cache
< Pragma: no-cache
< Content-Type: application/json; charset=utf-8
< Expires: -1
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< X-Content-Type-Options: nosniff
< x-ms-request-id: dc8c48b0-c12e-40c1-ac8f-4742c8cece01
< x-ms-ests-server: 2.1.11935.14 - WUS2 ProdSlices
< Set-Cookie: fpc=<cookie>; expires=Sat, 25-Sep-2021 15:48:31 GMT;
path=/; secure; HttpOnly; SameSite=None
< Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; httponly
< Set-Cookie: stsservicecookie=estsfd; path=/; secure; httponly
< Date: Thu, 26 Aug 2021 15:48:30 GMT
< Connection: close
< Content-Length: 485
< {"error":"invalid_grant","error_description":"AADSTS9002313: Invalid
request. Request is malformed or invalid.\r\nTrace ID: dc8c48b0-c12e-
40c1-ac8f-4742c8cece01\r\nCorrelation ID: 8a4456d1-91f2-451e-af96-
4f5e36d8d660\r\nTimestamp: 2021-08-26
[OAuth2] 2021-08-26 17:48:31.215 - Loaded URI: 'none-local://'
[OAuth2] 2021-08-26 17:48:31.236 - Loaded URI: 'none-local://'

I obfuscated some data that I was not sure if it was sensitive. Happy
to share off-list if necessary.

Does that shed any light on what the issue might be?

I am able to successfully go through the MFA using DavMail with the
same account, so the problem seems to be on Evolution’s side. But I’m
having plenty of other issues with DavMail so I’d really rather get
back to EWS if I can.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]