Bug#926249: evolution-ews: authentication with OAuth2 to Office365 fails

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Bug#926249: evolution-ews: authentication with OAuth2 to Office365 fails

Luca Boccassi-3
Package: evolution-ews
Version: 3.30.5-1
Severity: important
Tags: patch

Dear Maintainer,

The OAuth2 module of evolution-ews sends an optional "scope" parameter
in its HTTP request that causes Office365 AD to reject the authentication request with an error like:

   error:invalid_request description:AADSTS65002:
   Consent between first party applications and resources must be
   configured via preauthorization.

The "scope" parameter is listed as ignored on the upstream
documentation, and it has been confirmed by multiple users that
removing it from the request does not cause any issue, and fixes this
problem.

A very simple fix has been merged in the upstream branch and has also
been backported to the 3.32 branch:

https://gitlab.gnome.org/GNOME/evolution-ews/commit/8dafe925c30e2a2bc53578076eb5710b18eedd42

I have opened a merge request on Salsa with a backport:

https://salsa.debian.org/gnome-team/evolution-ews/merge_requests/1

It would be really great if an exception for Buster could be asked, and
a 3.30.5-2 could be allowed, as it's impossible to use evolution with
O365 as things stand. I'm very happy to do the legwork and the
paperwork if necessary. The attached patch applies and builds cleanly
on 3.30.5-1.

Thank you!

--
Kind regards,
Luca Boccassi

0001-Backport-patch-to-fix-Office365-with-OAuth2.patch (3K) Download Attachment
signature.asc (499 bytes) Download Attachment