Brett Presnell (2022-10-10T22:41:47.321531471+00:00) Permalink
Works for me! Thanks so much for this. I lost access to my work email last week when MS turned off basic authentication. After I had struggled to arrive at an acceptable (no tokens stored in unencrypted files) and complete (IMAP and SMTP both working smoothly) solution with any of the other options I came across, pizauth saved the day. I had been using offlineimap + mu + mu4e and emacs's built-in sendmail stuff. I ended up with pizauth + mbsync + msmtp + mu + mu4e, but it's working, so I'm happy.

A few comments:

  1. I have rust installed via rustup (so in my home directory) and on my linux box (Ubuntu 22.04) I couldn't get sudo to use it for "sudo make install", so I commented the "cargo build --release" step out of the install recipe in the Makefile. With that change "make; sudo make install" worked without a hitch.

  2. My institution does not allow me to register a new application with Azure, so I'm just using the client id and secret for thunderbird, which I assume is what most people are doing.

  3. Offlineimap will work with OAuth2 (I verified this by generating access and renew tokens and manually entering them into my .offlineimaprc file). I think that it should work with pizauth (by calling pizauth in a manner similar to this (https://wiki.archlinux.org/title/OfflineIMAP#Configuring_OAuth2_and_getting_access_tokens_via_mailctl) or this (https://www.macs.hw.ac.uk/~rs46/posts/2022-01-11-mu4e-oauth.html) but somehow I failed to get it to work. FWIW, I thought that offlineimap needed both an access token and a renewal token, and assuming that both would eventually expire if not used, I don't see how to get the refresh token from pizauth.

Today I noticed that offlineimap also has built-in functionality for renewing OAuth2 tokens (https://gist.github.com/piyueh/a2d65e095ea675a2c715ad42b7b61d10). I didn't realize this, so I may have misunderstood some of the configuration advice that I encountered elsewhere. I certainly would have continued with offlineimap if I had managed to get everything working properly, but mbsync does seem to be a bit faster, so there's that I guess.


Laurence Tratt (2022-10-11T08:52:20.315185651+00:00) Permalink
@Brett I'm glad pizauth has been useful to you! I don't exactly know how offlineimap works in this regard, but pizauth's model is that pizauth only shows access tokens (refresh tokens are kept internal to pizauth, partly because they're more security sensitive). At first glance, I suspect that you might only need to set oauth2_access_token_eval in offlineimap to something like subprocess.run('pizauth show account-name') but I might be wrong!