Request Office365 ID token

2025-01-01 12:44:42 +00:00 · 2020-06-07 20:54:09 +02:00 · 2020-06-07 20:54:09 +02:00 · 6ee17a7e5c
commit 6ee17a7e5c
parent f77042470b
2 changed files with 26 additions and 3 deletions
--- a/app/src/main/java/eu/faircode/email/FragmentOAuth.java
+++ b/app/src/main/java/eu/faircode/email/FragmentOAuth.java
@ -27,6 +27,7 @@ import android.net.Uri;
 import android.os.Bundle;
 import android.os.Handler;
 import android.text.TextUtils;
+import android.util.Base64;
 import android.util.Pair;
 import android.view.LayoutInflater;
 import android.view.Menu;
@ -338,6 +339,8 @@ public class FragmentOAuth extends FragmentBase {
                                    throw error;

                                Log.i("OAuth got token provider=" + provider.id);
+                                if (BuildConfig.DEBUG)
+                                    Log.i("TokenResponse=" + access.jsonSerializeString());
                                authState.update(access, null);
                                if (BuildConfig.DEBUG)
                                    Log.i("OAuth response=" + authState.jsonSerializeString());
@ -345,7 +348,7 @@ public class FragmentOAuth extends FragmentBase {
                                if (TextUtils.isEmpty(access.refreshToken))
                                    throw new IllegalStateException("No refresh token");

-                                onOAuthorized(access.accessToken, authState);
+                                onOAuthorized(access.accessToken, access.idToken, authState);
                            } catch (Throwable ex) {
                                showError(ex);
                            }
@ -356,11 +359,12 @@ public class FragmentOAuth extends FragmentBase {
        }
    }

-    private void onOAuthorized(String accessToken, AuthState state) {
+    private void onOAuthorized(String accessToken, String idToken, AuthState state) {
        Bundle args = new Bundle();
        args.putString("id", id);
        args.putString("name", name);
        args.putString("token", accessToken);
+        args.putString("jwt", idToken);
        args.putString("state", state.jsonSerializeString());
        args.putBoolean("askAccount", askAccount);
        args.putString("personal", etName.getText().toString().trim());
@ -372,11 +376,30 @@ public class FragmentOAuth extends FragmentBase {
                String id = args.getString("id");
                String name = args.getString("name");
                String token = args.getString("token");
+                String jwt = args.getString("jwt");
                String state = args.getString("state");
                boolean askAccount = args.getBoolean("askAccount", false);
                String personal = args.getString("personal");
                String address = args.getString("address");

+                if (jwt != null) {
+                    String[] segments = jwt.split("\\.");
+                    if (segments.length > 1)
+                        try {
+                            String payload = new String(Base64.decode(segments[1], Base64.DEFAULT));
+                            Log.i("jwt payload=" + payload);
+                            JSONObject jpayload = new JSONObject(payload);
+                            if (jpayload.has("email")) {
+                                String email = jpayload.getString("email");
+                                Log.i("jwt email=" + email);
+                                if (!TextUtils.isEmpty(email))
+                                    address = email;
+                            }
+                        } catch (Throwable ex) {
+                            Log.e(ex);
+                        }
+                }
+
                String primaryEmail = null;
                List<Pair<String, String>> identities = new ArrayList<>();

--- a/app/src/main/res/xml/providers.xml
+++ b/app/src/main/res/xml/providers.xml
@ -64,7 +64,7 @@
            clientSecret="r=o4@SlzU:MA6MlXM6mPG[44i4gYPq[@"
            enabled="true"
            redirectUri="https://oauth.faircode.eu/"
-            scopes="offline_access,https://outlook.office365.com/IMAP.AccessAsUser.All,https://outlook.office365.com/SMTP.Send"
+            scopes="openid,email,offline_access,https://outlook.office365.com/IMAP.AccessAsUser.All,https://outlook.office365.com/SMTP.Send"
            tokenEndpoint="https://login.microsoftonline.com/common/oauth2/v2.0/token" />
        <!-- https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth -->
    </provider>