Added Outlook OAuth test provider

2025-02-20 21:27:07 +00:00 · 2021-09-25 14:46:24 +02:00 · 2021-09-25 14:46:24 +02:00 · 3bb984924a
commit 3bb984924a
parent e51ff622c6
2 changed files with 51 additions and 6 deletions
--- a/app/src/main/java/eu/faircode/email/FragmentOAuth.java
+++ b/app/src/main/java/eu/faircode/email/FragmentOAuth.java
@ -63,8 +63,10 @@ import net.openid.appauth.AuthorizationServiceConfiguration;
 import net.openid.appauth.ClientAuthentication;
 import net.openid.appauth.ClientSecretPost;
 import net.openid.appauth.CodeVerifierUtil;
+import net.openid.appauth.GrantTypeValues;
 import net.openid.appauth.NoClientAuthentication;
 import net.openid.appauth.ResponseTypeValues;
+import net.openid.appauth.TokenRequest;
 import net.openid.appauth.TokenResponse;
 import net.openid.appauth.browser.BrowserDescriptor;
 import net.openid.appauth.browser.BrowserMatcher;
@ -78,6 +80,7 @@ import org.json.JSONObject;
 import java.io.FileNotFoundException;
 import java.net.URL;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Iterator;
@ -331,10 +334,6 @@ public class FragmentOAuth extends FragmentBase {
            if ("gmail".equals(provider.id))
                params.put("access_type", "offline");

-            // https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
-            if ("office365".equals(provider.id))
-                params.put("tenant", "common");
-
            if ("yandex".equals(provider.id)) {
                params.put("device_name", "Android/FairEmail");
                params.put("force_confirm", "true");
@ -369,8 +368,11 @@ public class FragmentOAuth extends FragmentBase {
            if ("gmail".equals(provider.id))
                authRequestBuilder.setPrompt("consent");

+            // https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
            if ("office365".equals(provider.id))
                authRequestBuilder.setPrompt("select_account");
+            if ("outlook".equals(provider.id))
+                authRequestBuilder.setPrompt("consent");

            AuthorizationRequest authRequest = authRequestBuilder.build();

@ -423,8 +425,23 @@ public class FragmentOAuth extends FragmentBase {
            else
                clientAuth = new ClientSecretPost(provider.oauth.clientSecret);

+            TokenRequest.Builder builder = new TokenRequest.Builder(
+                    auth.request.configuration,
+                    auth.request.clientId)
+                    .setGrantType(GrantTypeValues.AUTHORIZATION_CODE)
+                    .setRedirectUri(auth.request.redirectUri)
+                    .setCodeVerifier(auth.request.codeVerifier)
+                    .setAuthorizationCode(auth.authorizationCode)
+                    .setAdditionalParameters(Collections.<String, String>emptyMap())
+                    .setNonce(auth.request.nonce);
+
+            if ("office365".equals(provider.id) || "outlook".equals(provider.id))
+                builder.setScope(TextUtils.join(" ", provider.oauth.scopes));
+
+            TokenRequest request = builder.build();
+
            authService.performTokenRequest(
-                    auth.createTokenExchangeRequest(),
+                    request,
                    clientAuth,
                    new AuthorizationService.TokenResponseCallback() {
                        @Override
@ -852,7 +869,7 @@ public class FragmentOAuth extends FragmentBase {
        if ("gmail".equals(id))
            tvGmailDraftsHint.setVisibility(View.VISIBLE);

-        if ("office365".equals(id)) {
+        if ("office365".equals(id) || "outlook".equals(id)) {
            if (ex instanceof AuthenticationFailedException)
                tvOfficeAuthHint.setVisibility(View.VISIBLE);
        }
--- a/app/src/main/res/xml/providers.xml
+++ b/app/src/main/res/xml/providers.xml
@ -103,6 +103,34 @@
            enabled="true"
            privacy="https://privacy.microsoft.com/privacystatement"
            redirectUri="https://oauth.faircode.eu/"
+            scopes="profile,openid,email,offline_access,https://outlook.office.com/IMAP.AccessAsUser.All,https://outlook.office.com/SMTP.Send"
+            tokenEndpoint="https://login.microsoftonline.com/common/oauth2/v2.0/token" />
+        <!-- https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth -->
+    </provider>
+    <provider
+        name="Outlook"
+        description="Outlook"
+        id="outlook"
+        link="https://github.com/M66B/FairEmail/blob/master/FAQ.md#user-content-faq14"
+        order="5"
+        partial="false"
+        useip="false">
+        <imap
+            host="outlook.office365.com"
+            port="993"
+            starttls="false" />
+        <smtp
+            host="smtp.office365.com"
+            port="587"
+            starttls="true" />
+        <oauth
+            askAccount="true"
+            authorizationEndpoint="https://login.microsoftonline.com/common/oauth2/v2.0/authorize"
+            clientId="17e57eca-a59b-4574-ac91-b343004898a6"
+            clientSecret="k847Q~ZKtIBNp~ls_riKEbFDsvOQEdUA.YDNt"
+            enabled="false"
+            privacy="https://privacy.microsoft.com/privacystatement"
+            redirectUri="https://oauth.faircode.eu/"
            scopes="openid,email,offline_access,https://outlook.office.com/IMAP.AccessAsUser.All,https://outlook.office.com/SMTP.Send"
            tokenEndpoint="https://login.microsoftonline.com/common/oauth2/v2.0/token" />
        <!-- https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth -->