|
|
a12cfd |
From bf0f75de095dc7ecb7171ab61009fab2631b4bee Mon Sep 17 00:00:00 2001
|
|
|
a12cfd |
From: Luca Boccassi <luca.boccassi@microsoft.com>
|
|
|
a12cfd |
Date: Tue, 2 Apr 2019 16:06:35 +0200
|
|
|
a12cfd |
Subject: [PATCH] M!1 - Simplify OAuth2 for outlook.office365.com server
|
|
|
a12cfd |
|
|
|
a12cfd |
Two changes:
|
|
|
a12cfd |
1) preset default tenant to "common"
|
|
|
a12cfd |
2) do not pass 'scope' parameter in the requests, which is optional
|
|
|
a12cfd |
and can cause errors like:
|
|
|
a12cfd |
error:invalid_request description:AADSTS65002:
|
|
|
a12cfd |
Consent between first party applications and resources must be
|
|
|
a12cfd |
configured via preauthorization.
|
|
|
a12cfd |
|
|
|
a12cfd |
Closes https://gitlab.gnome.org/GNOME/evolution-ews/merge_requests/1
|
|
|
a12cfd |
---
|
|
|
a12cfd |
CMakeLists.txt | 2 +-
|
|
|
a12cfd |
src/configuration/e-mail-config-ews-backend.c | 15 +++------------
|
|
|
a12cfd |
src/server/e-oauth2-service-office365.c | 17 -----------------
|
|
|
a12cfd |
3 files changed, 4 insertions(+), 30 deletions(-)
|
|
|
a12cfd |
|
|
|
a12cfd |
diff --git a/CMakeLists.txt b/CMakeLists.txt
|
|
|
a12cfd |
index e8ea9875..dbc58832 100644
|
|
|
a12cfd |
--- a/CMakeLists.txt
|
|
|
a12cfd |
+++ b/CMakeLists.txt
|
|
|
a12cfd |
@@ -180,7 +180,7 @@ endif(ENABLE_TESTS)
|
|
|
a12cfd |
add_printable_variable(WITH_OFFICE365_TENANT "Office365.com OAuth 2.0 tenant" "")
|
|
|
a12cfd |
|
|
|
a12cfd |
if(WITH_OFFICE365_TENANT STREQUAL "")
|
|
|
a12cfd |
- set(WITH_OFFICE365_TENANT "")
|
|
|
a12cfd |
+ set(WITH_OFFICE365_TENANT "common")
|
|
|
a12cfd |
endif(WITH_OFFICE365_TENANT STREQUAL "")
|
|
|
a12cfd |
|
|
|
a12cfd |
add_printable_variable(WITH_OFFICE365_CLIENT_ID "Office365.com OAuth 2.0 client ID" "")
|
|
|
a12cfd |
diff --git a/src/configuration/e-mail-config-ews-backend.c b/src/configuration/e-mail-config-ews-backend.c
|
|
|
a12cfd |
index fbf341b2..e62d3922 100644
|
|
|
a12cfd |
--- a/src/configuration/e-mail-config-ews-backend.c
|
|
|
a12cfd |
+++ b/src/configuration/e-mail-config-ews-backend.c
|
|
|
a12cfd |
@@ -348,9 +348,9 @@ mail_config_ews_backend_insert_widgets (EMailConfigServiceBackend *backend,
|
|
|
a12cfd |
G_BINDING_SYNC_CREATE);
|
|
|
a12cfd |
|
|
|
a12cfd |
mail_config_ews_backend_set_oauth2_tooltip (widget, OFFICE365_TENANT,
|
|
|
a12cfd |
- /* Translators: 'Tenant' here means a term used by Microsoft to identify a company or organization in an Office 365 world.
|
|
|
a12cfd |
+ /* Translators: 'Tenant' here means a term used by Microsoft to identify a company or organization in an Office 365 world. Same for 'common', it's a default URL path.
|
|
|
a12cfd |
You probably do not want to translate it. More for example here: https://powerbi.microsoft.com/en-us/blog/what-is-a-tenant/ */
|
|
|
a12cfd |
- _("There is not set any default tenant"),
|
|
|
a12cfd |
+ _("Default tenant is “common“"),
|
|
|
a12cfd |
/* Translators: 'Tenant' here means a term used by Microsoft to identify a company or organization in an Office 365 world.
|
|
|
a12cfd |
You probably do not want to translate it. More for example here: https://powerbi.microsoft.com/en-us/blog/what-is-a-tenant/ */
|
|
|
a12cfd |
g_strdup_printf (_("Default tenant is “%s”"), OFFICE365_TENANT));
|
|
|
a12cfd |
@@ -586,23 +586,14 @@ mail_config_ews_backend_check_complete (EMailConfigServiceBackend *backend)
|
|
|
a12cfd |
e_util_set_entry_issue_hint (priv->user_entry, correct ? NULL : _("User name cannot be empty"));
|
|
|
a12cfd |
|
|
|
a12cfd |
if (correct && camel_ews_settings_get_auth_mechanism (ews_settings) == EWS_AUTH_TYPE_OAUTH2) {
|
|
|
a12cfd |
- const gchar *tenant, *client_id;
|
|
|
a12cfd |
+ const gchar *client_id;
|
|
|
a12cfd |
|
|
|
a12cfd |
if (camel_ews_settings_get_override_oauth2 (ews_settings)) {
|
|
|
a12cfd |
- tenant = camel_ews_settings_get_oauth2_tenant (ews_settings);
|
|
|
a12cfd |
client_id = camel_ews_settings_get_oauth2_client_id (ews_settings);
|
|
|
a12cfd |
} else {
|
|
|
a12cfd |
- tenant = OFFICE365_TENANT;
|
|
|
a12cfd |
client_id = OFFICE365_CLIENT_ID;
|
|
|
a12cfd |
}
|
|
|
a12cfd |
|
|
|
a12cfd |
- correct = tenant && *tenant;
|
|
|
a12cfd |
- complete = complete && correct;
|
|
|
a12cfd |
-
|
|
|
a12cfd |
- /* Translators: 'Tenant' here means a term used by Microsoft to identify a company or organization in an Office 365 world.
|
|
|
a12cfd |
- You probably do not want to translate it. More for example here: https://powerbi.microsoft.com/en-us/blog/what-is-a-tenant/ */
|
|
|
a12cfd |
- e_util_set_entry_issue_hint (priv->oauth2_tenant_entry, correct ? NULL : _("Tenant cannot be empty"));
|
|
|
a12cfd |
-
|
|
|
a12cfd |
correct = client_id && *client_id;
|
|
|
a12cfd |
complete = complete && correct;
|
|
|
a12cfd |
|
|
|
a12cfd |
diff --git a/src/server/e-oauth2-service-office365.c b/src/server/e-oauth2-service-office365.c
|
|
|
a12cfd |
index 4be84f6f..d660458c 100644
|
|
|
a12cfd |
--- a/src/server/e-oauth2-service-office365.c
|
|
|
a12cfd |
+++ b/src/server/e-oauth2-service-office365.c
|
|
|
a12cfd |
@@ -30,21 +30,6 @@
|
|
|
a12cfd |
|
|
|
a12cfd |
#define OFFICE365_RESOURCE "https://outlook.office.com"
|
|
|
a12cfd |
|
|
|
a12cfd |
-#define OFFICE365_SCOPE "openid offline_access profile " \
|
|
|
a12cfd |
- "Mail.ReadWrite " \
|
|
|
a12cfd |
- "Mail.ReadWrite.Shared " \
|
|
|
a12cfd |
- "Mail.Send " \
|
|
|
a12cfd |
- "Mail.Send.Shared " \
|
|
|
a12cfd |
- "Calendars.ReadWrite " \
|
|
|
a12cfd |
- "Calendars.ReadWrite.Shared " \
|
|
|
a12cfd |
- "Contacts.ReadWrite " \
|
|
|
a12cfd |
- "Contacts.ReadWrite.Shared " \
|
|
|
a12cfd |
- "Tasks.ReadWrite " \
|
|
|
a12cfd |
- "Tasks.ReadWrite.Shared " \
|
|
|
a12cfd |
- "MailboxSettings.ReadWrite " \
|
|
|
a12cfd |
- "People.Read " \
|
|
|
a12cfd |
- "User.ReadBasic.All"
|
|
|
a12cfd |
-
|
|
|
a12cfd |
struct _EOAuth2ServiceOffice365Private
|
|
|
a12cfd |
{
|
|
|
a12cfd |
GMutex string_cache_lock;
|
|
|
a12cfd |
@@ -253,7 +238,6 @@ eos_office365_prepare_authentication_uri_query (EOAuth2Service *service,
|
|
|
a12cfd |
|
|
|
a12cfd |
e_oauth2_service_util_set_to_form (uri_query, "response_mode", "query");
|
|
|
a12cfd |
e_oauth2_service_util_set_to_form (uri_query, "prompt", "login");
|
|
|
a12cfd |
- e_oauth2_service_util_set_to_form (uri_query, "scope", OFFICE365_SCOPE);
|
|
|
a12cfd |
e_oauth2_service_util_set_to_form (uri_query, "resource", OFFICE365_RESOURCE);
|
|
|
a12cfd |
}
|
|
|
a12cfd |
|
|
|
a12cfd |
@@ -321,7 +305,6 @@ eos_office365_prepare_refresh_token_form (EOAuth2Service *service,
|
|
|
a12cfd |
{
|
|
|
a12cfd |
g_return_if_fail (form != NULL);
|
|
|
a12cfd |
|
|
|
a12cfd |
- e_oauth2_service_util_set_to_form (form, "scope", OFFICE365_SCOPE);
|
|
|
a12cfd |
e_oauth2_service_util_set_to_form (form, "resource", OFFICE365_RESOURCE);
|
|
|
a12cfd |
e_oauth2_service_util_set_to_form (form, "redirect_uri", e_oauth2_service_get_redirect_uri (service, source));
|
|
|
a12cfd |
}
|
|
|
a12cfd |
--
|
|
|
a12cfd |
GitLab
|
|
|
a12cfd |
|