Use OAuth client id with a https (secure) redirect url

[sevalsixarci]

Hi,
I'm exploring the project to replicate my current email setup which use mu, mbsync, msmtp, and pizauth (OAuth token fetcher/daemon). I compiled himalaya from git with OAuth2 and keyring features enabled (the repository's head at the time of compilation was commit 92814d6).

The issue is that I can read mail from account using standard IMAP, but OAuth authentication fails for my Outlook work accounts. Since I am authenticating as Thunderbird (authorized with HTTPS redirects on localhost), attempting to fetch mail gives the following error:

To complete your OAuth 2.0 setup, click on the following link:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=XXXXXXXXXX&state=o2cFdGrpKm_qDCcEfM-hMw&code_challenge=WK7Q_eEk1UngQ9Cj4d-y35pC3B-Xwxs-p7HgEydWFtE&code_challenge_method=S256&redirect_uri=https%3A%2F%2Flocalhost%3A49152&scope=https%3A%2F%2Foutlook.office.com%2FIMAP.AccessAsUser.All
Error:
0: cannot wait for oauth2 redirection error
1: stream did not contain valid UTF-8

Config snippet:

backend.type = "imap"
backend.auth.type = "oauth2"
backend.auth.method = "xoauth2"
backend.host = "outlook.office365.com"
backend.port = 993
backend.login = "XXXXXXXXXXXXXX"
backend.auth.client-id = "XXXXXXXXXXXXXX"
backend.auth.auth-url = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"
backend.auth.token-url = "https://login.microsoftonline.com/common/oauth2/v2.0/token"
backend.auth.pkce = true
backend.auth.scope = "https://outlook.office.com/IMAP.AccessAsUser.All"
backend.auth.redirect-scheme = "https"
backend.auth.redirect-host = "localhost"

I also tried to bypass this by reusing the OAuth tokens from pizauth, with these config lines (but I think I may have misunderstood some of the config keys):

backend.auth.access-token.cmd = "pizauth show accountXXXX"
backend.auth.refresh-token.cmd = "pizauth refresh accountXXXX" 

---

Some logs:

djus@satellite:~/dev$ himalaya account configure accountXXXX --trace
2024-11-01T18:55:54.971161Z DEBUG keyring::service: define global service name name="himalaya-cli"
2024-11-01T18:55:54.972197Z  INFO himalaya::account::command::configure: executing configure account command
2024-11-01T18:55:54.972255Z DEBUG keyring: creating entry with service himalaya-cli, user accountXXXX-imap-oauth2-client-secret, and no target    
2024-11-01T18:55:54.972278Z DEBUG keyring: created entry SsCredential { attributes: {"username": "accountXXXX-imap-oauth2-client-secret", "target": "default", "service": "himalaya-cli", "application": "rust-keyring"}, label: "accountXXXX-imap-oauth2-client-secret@himalaya-cli:default (keyring v3.6.1)", target: Some("default") }    
2024-11-01T18:55:54.972294Z DEBUG keyring: creating entry with service himalaya-cli, user accountXXXX-imap-oauth2-access-token, and no target    
2024-11-01T18:55:54.972302Z DEBUG keyring: created entry SsCredential { attributes: {"target": "default", "username": "accountXXXX-imap-oauth2-access-token", "service": "himalaya-cli", "application": "rust-keyring"}, label: "accountXXXX-imap-oauth2-access-token@himalaya-cli:default (keyring v3.6.1)", target: Some("default") }    
2024-11-01T18:55:54.972311Z DEBUG keyring: creating entry with service himalaya-cli, user accountXXXX-imap-oauth2-refresh-token, and no target    
2024-11-01T18:55:54.972320Z DEBUG keyring: created entry SsCredential { attributes: {"application": "rust-keyring", "target": "default", "service": "himalaya-cli", "username": "accountXXXX-imap-oauth2-refresh-token"}, label: "accountXXXX-imap-oauth2-refresh-token@himalaya-cli:default (keyring v3.6.1)", target: Some("default") }    
2024-11-01T18:55:54.972330Z DEBUG keyring: creating entry with service himalaya-cli, user accountXXXX-smtp-oauth2-client-secret, and no target    
2024-11-01T18:55:54.972338Z DEBUG keyring: created entry SsCredential { attributes: {"username": "accountXXXX-smtp-oauth2-client-secret", "target": "default", "application": "rust-keyring", "service": "himalaya-cli"}, label: "accountXXXX-smtp-oauth2-client-secret@himalaya-cli:default (keyring v3.6.1)", target: Some("default") }    
2024-11-01T18:55:54.972351Z DEBUG keyring: creating entry with service himalaya-cli, user accountXXXX-smtp-oauth2-access-token, and no target    
2024-11-01T18:55:54.972362Z DEBUG keyring: created entry SsCredential { attributes: {"service": "himalaya-cli", "username": "accountXXXX-smtp-oauth2-access-token", "target": "default", "application": "rust-keyring"}, label: "accountXXXX-smtp-oauth2-access-token@himalaya-cli:default (keyring v3.6.1)", target: Some("default") }    
2024-11-01T18:55:54.972372Z DEBUG keyring: creating entry with service himalaya-cli, user accountXXXX-smtp-oauth2-refresh-token, and no target    
2024-11-01T18:55:54.972382Z DEBUG keyring: created entry SsCredential { attributes: {"service": "himalaya-cli", "target": "default", "application": "rust-keyring", "username": "accountXXXX-smtp-oauth2-refresh-token"}, label: "accountXXXX-smtp-oauth2-refresh-token@himalaya-cli:default (keyring v3.6.1)", target: Some("default") }    
2024-11-01T18:55:54.972393Z DEBUG keyring: get keyring secret key="accountXXXX-imap-oauth2-access-token"
2024-11-01T18:55:54.972583Z DEBUG keyring: get password from entry SsCredential { attributes: {"target": "default", "username": "accountXXXX-imap-oauth2-access-token", "service": "himalaya-cli", "application": "rust-keyring"}, label: "accountXXXX-imap-oauth2-access-token@himalaya-cli:default (keyring v3.6.1)", target: Some("default") }    
2024-11-01T18:55:54.973015Z TRACE perform: zbus::connection::handshake::client: Initializing
2024-11-01T18:55:54.973044Z TRACE perform:authenticate: zbus::connection::handshake::client: Trying EXTERNAL mechanism
2024-11-01T18:55:54.973122Z TRACE perform:authenticate:write_command{command=Auth(Some(External), Some([49, 48, 48, 48]))}:write_commands{commands=[Auth(Some(External), Some([49, 48, 48, 48]))] extra_bytes=None}: zbus::connection::handshake::common: Wrote all commands
2024-11-01T18:55:54.973173Z TRACE perform:authenticate:read_command:read_commands{n_commands=1}: zbus::connection::handshake::common: Reading OK 1ed58543edcf355b31594b21aa039eab

2024-11-01T18:55:54.973202Z TRACE perform:authenticate: zbus::connection::handshake::client: Received OK from server
2024-11-01T18:55:54.973328Z TRACE perform:send_secondary_commands{challenge_response=None}:write_commands{commands=[NegotiateUnixFD, Begin] extra_bytes=Some([108, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 109, 0, 0, 0, 1, 1, 111, 0, 21, 0, 0, 0, 47, 111, 114, 103, 47, 102, 114, 101, 101, 100, 101, 115, 107, 116, 111, 112, 47, 68, 66, 117, 115, 0, 0, 0, 3, 1, 115, 0, 5, 0, 0, 0, 72, 101, 108, 108, 111, 0, 0, 0, 6, 1, 115, 0, 20, 0, 0, 0, 111, 114, 103, 46, 102, 114, 101, 101, 100, 101, 115, 107, 116, 111, 112, 46, 68, 66, 117, 115, 0, 0, 0, 0, 2, 1, 115, 0, 20, 0, 0, 0, 111, 114, 103, 46, 102, 114, 101, 101, 100, 101, 115, 107, 116, 111, 112, 46, 68, 66, 117, 115, 0, 0, 0, 0])}: zbus::connection::handshake::common: Wrote all commands
2024-11-01T18:55:54.973404Z TRACE perform:receive_secondary_responses{expected_n_responses=1}:read_commands{n_commands=1}: zbus::connection::handshake::common: Reading AGREE_UNIX_FD

2024-11-01T18:55:54.973424Z TRACE perform: zbus::connection::handshake::client: Handshake done
2024-11-01T18:55:54.978136Z TRACE zbus::connection::socket: Sending message: Msg { type: MethodCall, serial: 2, sender: UniqueName(":1.265"), path: ObjectPath("/org/freedesktop/secrets"), iface: InterfaceName("org.freedesktop.Secret.Service"), member: MemberName("OpenSession"), body: Signature("sv"), fds: [] }
2024-11-01T18:55:54.978174Z TRACE zbus::connection::socket: Sent message with serial: 2
2024-11-01T18:55:54.978192Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket..
2024-11-01T18:55:54.978278Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: Signal, serial: 4294967295, sender: UniqueName("org.freedesktop.DBus"), path: ObjectPath("/org/freedesktop/DBus"), iface: InterfaceName("org.freedesktop.DBus"), member: MemberName("NameAcquired"), body: Signature("s"), fds: [] }
2024-11-01T18:55:54.978298Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..)
2024-11-01T18:55:54.978309Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: Signal, serial: 4294967295, sender: UniqueName("org.freedesktop.DBus"), path: ObjectPath("/org/freedesktop/DBus"), iface: InterfaceName("org.freedesktop.DBus"), member: MemberName("NameAcquired"), body: Signature("s"), fds: [] })
2024-11-01T18:55:54.978320Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket..
2024-11-01T18:55:54.982051Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: MethodReturn, serial: 2081, sender: UniqueName(":1.41"), reply-serial: 2, body: Signature("vo"), fds: [] }
2024-11-01T18:55:54.982078Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..)
2024-11-01T18:55:54.982093Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: MethodReturn, serial: 2081, sender: UniqueName(":1.41"), reply-serial: 2, body: Signature("vo"), fds: [] })
2024-11-01T18:55:54.982104Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket..
2024-11-01T18:55:54.986393Z TRACE zbus::connection::socket: Sending message: Msg { type: MethodCall, serial: 3, sender: UniqueName(":1.265"), path: ObjectPath("/org/freedesktop/secrets"), iface: InterfaceName("org.freedesktop.Secret.Service"), member: MemberName("SearchItems"), body: Signature("a{ss}"), fds: [] }
2024-11-01T18:55:54.986422Z TRACE zbus::connection::socket: Sent message with serial: 3
2024-11-01T18:55:54.986794Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: MethodReturn, serial: 2082, sender: UniqueName(":1.41"), reply-serial: 3, body: Signature("aoao"), fds: [] }
2024-11-01T18:55:54.986817Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..)
2024-11-01T18:55:54.986831Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: MethodReturn, serial: 2082, sender: UniqueName(":1.41"), reply-serial: 3, body: Signature("aoao"), fds: [] })
2024-11-01T18:55:54.986842Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket..
2024-11-01T18:55:54.986966Z TRACE zbus::connection::socket: Sending message: Msg { type: MethodCall, serial: 4, sender: UniqueName(":1.265"), path: ObjectPath("/org/freedesktop/secrets"), iface: InterfaceName("org.freedesktop.Secret.Service"), member: MemberName("ReadAlias"), body: Signature("s"), fds: [] }
2024-11-01T18:55:54.986988Z TRACE zbus::connection::socket: Sent message with serial: 4
2024-11-01T18:55:54.987509Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: MethodReturn, serial: 2083, sender: UniqueName(":1.41"), reply-serial: 4, body: Signature("o"), fds: [] }
2024-11-01T18:55:54.987529Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..)
2024-11-01T18:55:54.987541Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: MethodReturn, serial: 2083, sender: UniqueName(":1.41"), reply-serial: 4, body: Signature("o"), fds: [] })
2024-11-01T18:55:54.987550Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket..
2024-11-01T18:55:54.987676Z TRACE zbus::connection::socket: Sending message: Msg { type: MethodCall, serial: 5, sender: UniqueName(":1.265"), path: ObjectPath("/org/freedesktop/secrets/collection/kdewallet"), iface: InterfaceName("org.freedesktop.Secret.Collection"), member: MemberName("SearchItems"), body: Signature("a{ss}"), fds: [] }
2024-11-01T18:55:54.987698Z TRACE zbus::connection::socket: Sent message with serial: 5
2024-11-01T18:55:54.988061Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: MethodReturn, serial: 2084, sender: UniqueName(":1.41"), reply-serial: 5, body: Signature("ao"), fds: [] }
2024-11-01T18:55:54.988082Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..)
2024-11-01T18:55:54.988096Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: MethodReturn, serial: 2084, sender: UniqueName(":1.41"), reply-serial: 5, body: Signature("ao"), fds: [] })
2024-11-01T18:55:54.988106Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket..
2024-11-01T18:55:54.988574Z DEBUG keyring: find keyring secret key="accountXXXX-imap-oauth2-client-secret"
2024-11-01T18:55:54.988650Z DEBUG keyring: get password from entry SsCredential { attributes: {"username": "accountXXXX-imap-oauth2-client-secret", "target": "default", "service": "himalaya-cli", "application": "rust-keyring"}, label: "accountXXXX-imap-oauth2-client-secret@himalaya-cli:default (keyring v3.6.1)", target: Some("default") }    
2024-11-01T18:55:54.988755Z TRACE perform: zbus::connection::handshake::client: Initializing
2024-11-01T18:55:54.988768Z TRACE perform:authenticate: zbus::connection::handshake::client: Trying EXTERNAL mechanism
2024-11-01T18:55:54.988807Z TRACE perform:authenticate:write_command{command=Auth(Some(External), Some([49, 48, 48, 48]))}:write_commands{commands=[Auth(Some(External), Some([49, 48, 48, 48]))] extra_bytes=None}: zbus::connection::handshake::common: Wrote all commands
2024-11-01T18:55:54.988970Z TRACE perform:authenticate:read_command:read_commands{n_commands=1}: zbus::connection::handshake::common: Reading OK 1ed58543edcf355b31594b21aa039eab

2024-11-01T18:55:54.988994Z TRACE perform:authenticate: zbus::connection::handshake::client: Received OK from server
2024-11-01T18:55:54.989091Z TRACE perform:send_secondary_commands{challenge_response=None}:write_commands{commands=[NegotiateUnixFD, Begin] extra_bytes=Some([108, 1, 0, 1, 0, 0, 0, 0, 6, 0, 0, 0, 109, 0, 0, 0, 1, 1, 111, 0, 21, 0, 0, 0, 47, 111, 114, 103, 47, 102, 114, 101, 101, 100, 101, 115, 107, 116, 111, 112, 47, 68, 66, 117, 115, 0, 0, 0, 3, 1, 115, 0, 5, 0, 0, 0, 72, 101, 108, 108, 111, 0, 0, 0, 6, 1, 115, 0, 20, 0, 0, 0, 111, 114, 103, 46, 102, 114, 101, 101, 100, 101, 115, 107, 116, 111, 112, 46, 68, 66, 117, 115, 0, 0, 0, 0, 2, 1, 115, 0, 20, 0, 0, 0, 111, 114, 103, 46, 102, 114, 101, 101, 100, 101, 115, 107, 116, 111, 112, 46, 68, 66, 117, 115, 0, 0, 0, 0])}: zbus::connection::handshake::common: Wrote all commands
2024-11-01T18:55:54.989154Z TRACE perform:receive_secondary_responses{expected_n_responses=1}:read_commands{n_commands=1}: zbus::connection::handshake::common: Reading AGREE_UNIX_FD

2024-11-01T18:55:54.989172Z TRACE perform: zbus::connection::handshake::client: Handshake done
2024-11-01T18:55:54.993651Z TRACE zbus::connection::socket: Sending message: Msg { type: MethodCall, serial: 7, sender: UniqueName(":1.266"), path: ObjectPath("/org/freedesktop/secrets"), iface: InterfaceName("org.freedesktop.Secret.Service"), member: MemberName("OpenSession"), body: Signature("sv"), fds: [] }
2024-11-01T18:55:54.993683Z TRACE zbus::connection::socket: Sent message with serial: 7
2024-11-01T18:55:54.993699Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket..
2024-11-01T18:55:54.993777Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: Signal, serial: 4294967295, sender: UniqueName("org.freedesktop.DBus"), path: ObjectPath("/org/freedesktop/DBus"), iface: InterfaceName("org.freedesktop.DBus"), member: MemberName("NameAcquired"), body: Signature("s"), fds: [] }
2024-11-01T18:55:54.993798Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..)
2024-11-01T18:55:54.993808Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: Signal, serial: 4294967295, sender: UniqueName("org.freedesktop.DBus"), path: ObjectPath("/org/freedesktop/DBus"), iface: InterfaceName("org.freedesktop.DBus"), member: MemberName("NameAcquired"), body: Signature("s"), fds: [] })
2024-11-01T18:55:54.993822Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket..
2024-11-01T18:55:54.997104Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: MethodReturn, serial: 2087, sender: UniqueName(":1.41"), reply-serial: 7, body: Signature("vo"), fds: [] }
2024-11-01T18:55:54.997128Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..)
2024-11-01T18:55:54.997136Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: MethodReturn, serial: 2087, sender: UniqueName(":1.41"), reply-serial: 7, body: Signature("vo"), fds: [] })
2024-11-01T18:55:54.997147Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket..
2024-11-01T18:55:55.001346Z TRACE zbus::connection::socket: Sending message: Msg { type: MethodCall, serial: 8, sender: UniqueName(":1.266"), path: ObjectPath("/org/freedesktop/secrets"), iface: InterfaceName("org.freedesktop.Secret.Service"), member: MemberName("SearchItems"), body: Signature("a{ss}"), fds: [] }
2024-11-01T18:55:55.001373Z TRACE zbus::connection::socket: Sent message with serial: 8
2024-11-01T18:55:55.001698Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: MethodReturn, serial: 2088, sender: UniqueName(":1.41"), reply-serial: 8, body: Signature("aoao"), fds: [] }
2024-11-01T18:55:55.001719Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..)
2024-11-01T18:55:55.001725Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: MethodReturn, serial: 2088, sender: UniqueName(":1.41"), reply-serial: 8, body: Signature("aoao"), fds: [] })
2024-11-01T18:55:55.001733Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket..
2024-11-01T18:55:55.001847Z TRACE zbus::connection::socket: Sending message: Msg { type: MethodCall, serial: 9, sender: UniqueName(":1.266"), path: ObjectPath("/org/freedesktop/secrets/collection/kdewallet/2"), iface: InterfaceName("org.freedesktop.Secret.Item"), member: MemberName("GetSecret"), body: Signature("o"), fds: [] }
2024-11-01T18:55:55.001866Z TRACE zbus::connection::socket: Sent message with serial: 9
2024-11-01T18:55:55.002179Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: MethodReturn, serial: 2089, sender: UniqueName(":1.41"), reply-serial: 9, body: Signature("(oayays)"), fds: [] }
2024-11-01T18:55:55.002202Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..)
2024-11-01T18:55:55.002209Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: MethodReturn, serial: 2089, sender: UniqueName(":1.41"), reply-serial: 9, body: Signature("(oayays)"), fds: [] })
2024-11-01T18:55:55.002218Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket..
To complete your OAuth 2.0 setup, click on the following link:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=XXXXXXXXXX&state=o2cFdGrpKm_qDCcEfM-hMw&code_challenge=WK7Q_eEk1UngQ9Cj4d-y35pC3B-Xwxs-p7HgEydWFtE&code_challenge_method=S256&redirect_uri=https%3A%2F%2Flocalhost%3A49152&scope=https%3A%2F%2Foutlook.office.com%2FIMAP.AccessAsUser.All
Error: 
   0: cannot wait for oauth2 redirection error
   1: stream did not contain valid UTF-8

Location:
   /home/djus/.cargo/git/checkouts/himalaya-1e70121402046f0a/92814d6/src/account/command/configure.rs:79

  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ BACKTRACE ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
                                ⋮ 3 frames hidden ⋮                               
   4: himalaya::account::command::configure::AccountConfigureCommand::execute::{{closure}}::h89b30b4e2fb702d7
      at <unknown source file>:<unknown line>
   5: himalaya::cli::HimalayaCommand::execute::{{closure}}::hbe84badc29564940
      at <unknown source file>:<unknown line>
   6: tokio::runtime::park::CachedParkThread::block_on::hd6b654ade072cf0d
      at <unknown source file>:<unknown line>
   7: tokio::runtime::context::runtime::enter_runtime::hde46c34d4f1a400f
      at <unknown source file>:<unknown line>
   8: tokio::runtime::runtime::Runtime::block_on::habc584feb0f754d1
      at <unknown source file>:<unknown line>
   9: himalaya::main::hb8f6325a19ce1083
      at <unknown source file>:<unknown line>
  10: std::sys::backtrace::__rust_begin_short_backtrace::hc3ace97b884b8485
      at <unknown source file>:<unknown line>
  11: std::rt::lang_start::{{closure}}::h778edc4c447b525b
      at <unknown source file>:<unknown line>
  12: std::rt::lang_start_internal::h5e7c81cecd7f0954
      at <unknown source file>:<unknown line>
  13: main<unknown>
      at <unknown source file>:<unknown line>
  14: __libc_start_call_main<unknown>
      at <unknown source file>:<unknown line>
  15: __libc_start_main@GLIBC_2.2.5<unknown>
      at <unknown source file>:<unknown line>
  16: _start<unknown>
      at <unknown source file>:<unknown line>

[soywod]

Sorry for the delay. Does the error displays straight, or after a delay? Do you have time to click on the link? I tried recently and the Outlook flow worked as expected for me. I will give another shot in the nearest day and let you know.

[soywod]

Oh wait I just noticed the redirect scheme with https, it may be the issue. The spawn server is really basic and may not support https in fact.

[soywod]

I also tried to bypass this by reusing the OAuth tokens from pizauth, with these config lines (but I think I may have misunderstood some of the config keys):

backend.auth.access-token.cmd = "pizauth show accountXXXX"
backend.auth.refresh-token.cmd = "pizauth refresh accountXXXX" 

Those are shell commands to retrieve the access token or the refresh token. So pizauth show accountXXXX should definitely work (and should not require any himalaya account configure).

[sevalsixarci]

Oh wait I just noticed the redirect scheme with https, it may be the issue. The spawn server is really basic and may not support https in fact.

Yes. I've dug into this explanation by reading the code that manages the oauth flow.

In oauth/src/v2_0/authorization_code_grant.rs it's also actually hardcoded the http scheme.

[sevalsixarci]

I also tried to bypass this by reusing the OAuth tokens from pizauth, with these config lines (but I think I may have misunderstood some of the config keys):

backend.auth.access-token.cmd = "pizauth show accountXXXX"
backend.auth.refresh-token.cmd = "pizauth refresh accountXXXX" 

Those are shell commands to retrieve the access token or the refresh token. So pizauth show accountXXXX should definitely work (and should not require any himalaya account configure).

Good to know.

I retryed this approach without success.

Trace of this try:

djus@satellite:~$ himalaya envelope list -a accountXXXXX --trace
2024-11-06T08:22:34.133346Z DEBUG keyring::service: define global service name name="himalaya-cli"
2024-11-06T08:22:34.134451Z  INFO himalaya::email::envelope::command::list: executing list envelopes command
2024-11-06T08:22:34.134521Z DEBUG keyring: creating entry with service himalaya-cli, user accountXXXXX-imap-oauth2-client-secret, and no target    
2024-11-06T08:22:34.134544Z DEBUG keyring: created entry SsCredential { attributes: {"username": "accountXXXXX-imap-oauth2-client-secret", "application": "rust-keyring", "target": "default", "service": "himalaya-cli"}, label: "accountXXXXX-imap-oauth2-client-secret@himalaya-cli:default (keyring v3.6.1)", target: Some("default") }    
2024-11-06T08:22:34.134561Z DEBUG keyring: creating entry with service himalaya-cli, user accountXXXXX-smtp-oauth2-client-secret, and no target    
2024-11-06T08:22:34.134571Z DEBUG keyring: created entry SsCredential { attributes: {"username": "accountXXXXX-smtp-oauth2-client-secret", "service": "himalaya-cli", "target": "default", "application": "rust-keyring"}, label: "accountXXXXX-smtp-oauth2-client-secret@himalaya-cli:default (keyring v3.6.1)", target: Some("default") }    
2024-11-06T08:22:34.134643Z DEBUG email::imap: building 1 IMAP clients
Error: 
   0: cannot build IMAP client
   1: cannot connect to IMAP server outlook.office365.com:993 using TCP
   2: cannot receive greeting from server
   3: Stream was closed

Location:
   /home/djus/.cargo/registry/src/index.crates.io-6f17d22bba15001f/pimalaya-tui-0.1.0/src/himalaya/backend.rs:712

  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ BACKTRACE ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
                                ⋮ 3 frames hidden ⋮                               
   4: pimalaya_tui::himalaya::backend::BackendBuilder::build::{{closure}}::hdca2506f1d3d6d69
      at <unknown source file>:<unknown line>
   5: himalaya::email::envelope::command::list::ListEnvelopesCommand::execute::{{closure}}::hb863fa8425f1097d
      at <unknown source file>:<unknown line>
   6: himalaya::cli::HimalayaCommand::execute::{{closure}}::hbe84badc29564940
      at <unknown source file>:<unknown line>
   7: tokio::runtime::park::CachedParkThread::block_on::hd6b654ade072cf0d
      at <unknown source file>:<unknown line>
   8: tokio::runtime::context::runtime::enter_runtime::hde46c34d4f1a400f
      at <unknown source file>:<unknown line>
   9: tokio::runtime::runtime::Runtime::block_on::habc584feb0f754d1
      at <unknown source file>:<unknown line>
  10: himalaya::main::hb8f6325a19ce1083
      at <unknown source file>:<unknown line>
  11: std::sys::backtrace::__rust_begin_short_backtrace::hc3ace97b884b8485
      at <unknown source file>:<unknown line>
  12: std::rt::lang_start::{{closure}}::h778edc4c447b525b
      at <unknown source file>:<unknown line>
  13: std::rt::lang_start_internal::h5e7c81cecd7f0954
      at <unknown source file>:<unknown line>
  14: main<unknown>
      at <unknown source file>:<unknown line>
  15: __libc_start_call_main<unknown>
      at <unknown source file>:<unknown line>
  16: __libc_start_main@GLIBC_2.2.5<unknown>
      at <unknown source file>:<unknown line>
  17: _start<unknown>
      at <unknown source file>:<unknown line>

[soywod]

Great, we are going forward now.

I see in the logs that it uses keyring for the client secret. I don't know how you put your client secret with pizauth, but Himalaya needs to know how to retrieve it. The default behaviour uses keyring, you need a account configure to set it up. If your client secret is accessible from a command, you can use the same syntax as for access-token and refresh-token:

backend.auth.client-secret.cmd = "shell-command-that-retrieves-secret"

# or using raw, not safe and not recommended (yet useful for testing purpose)
backend.auth.client-secret.raw = "S€cяэT"

[sevalsixarci]

With pizauth I simply ignored the client secret. In the source code of Thunderbird (of which I am pretending to be) there are any of it and, in my setup, authenticating just works without (I am able to receive and send, via smtp).

About Himalaya: I first tried to configure the account without reusing pizauth; the interactive UI asked for client secret and I think that I just sent a blank line or I pasted a old client secret of Thunderbird (which was paired with a different client id).

--
Now after adding backend.auth.client-secret.raw = "" (blank) in my config I just tried theese attempts:

1. reset account (I think it cleans keyring, right?) with himalaya account configure --reset accountXXXXX;
2. renamed account (in config);
3. tried with the last know client secret of Thunderbird.

Every attempts failed with the same trace of my last message.

Also I add that the connection attempt blocks for a minute (time says "real 1m9").

[soywod]

With pizauth I simply ignored the client secret. In the source code of Thunderbird (of which I am pretending to be) there are any of it and, in my setup, authenticating just works without (I am able to receive and send, via smtp).

Looks like I miss some piece of information there. I thought the client secret was mandatory. The code expects a client secret as well. So either Thunderbird has a special authority that I'm not aware of, or the flow should accept not to have a client secret.

I will investigate and let you.

[soywod]

Is your client id 9e5f94bc-e8a4-4e73-b8be-63364c29d753 by any chance? So far, it looks like Thunderbird has a special authorization: https://support.mozilla.org/fr/kb/microsoft-oauth-authentification-thunderbird

Can you tell me a bit more how you configured your Thunderbird and pizauth? Is it for a personal account (like personal outlook account) or for a company?

[sevalsixarci]

Is your client id 9e5f94bc-e8a4-4e73-b8be-63364c29d753 by any chance? […]

Yes, that is the client id of Thunderbird (the desktop version) that I'm using.

So far, it looks like Thunderbird has a special authorization: https://support.mozilla.org/fr/kb/microsoft-oauth-authentification-thunderbird

Yes, with Outlook the client id must be "authorized" by the organization. My organization has authorized Thunderbird.

Can you tell me a bit more how you configured your Thunderbird and pizauth?

Thunderbird is not running on my machine.
I'm using their id with pizauth according to their (pizauth) documentation.
pizauth is a daemon utility which has the only task of fetch (and refresh as necessary) OAuth tokens.

Is it for a personal account (like personal outlook account) or for a company?

For work accounts (two, one is issued by my gov), so company.

[sevalsixarci]

Looks like I miss some piece of information there. I thought the client secret was mandatory. The code expects a client secret as well. So either Thunderbird has a special authority that I'm not aware of, or the flow should accept not to have a client secret.

Apparently that is the case.

I quote from pizauth readme:

At a minimum you need to find out from your provider:

• The authorisation URI.
• The token URI.
• Your "Client ID" (and in many cases also your "Client secret"), which identify your software.

Emphasis mine.

[soywod]

Interesting. I can try to make the client secret optional and see if it works for you. I let you know.