K-9: Hotmail IMAP XOAUTH2

Created on 25 Oct 2016 · 3Comments · Source: k9mail/k-9

Expected behavior

Use the secure method of authenticating, rather than requiring app-specific passwords

See #1698 and #655 for similar

Actual behavior

App specific password required.

Implementation notes

IMAP advertisments:

CAPABILITY, IMAP4rev1, CHILDREN, ID, NAMESPACE, UIDPLUS, UNSELECT, AUTH=PLAIN, AUTH=XOAUTH2, SASL-IR

Documentation

https://msdn.microsoft.com/en-gb/library/dn440163.aspx

Environment

K-9 Mail version: 5.114

Android version: 7.0

Account type (IMAP, POP3, WebDAV/Exchange): IMAP

enhancement security

Source

philipwhiuk

👍2

Most helpful comment

Has OAuth 2.0 been implemented? I just received an email from Microsoft (I am a global admin of our company's Office 365. It states the following:

Beginning October 13, 2020, we will retire Basic Authentication for EWS, EAS, IMAP, POP and RPS to access Exchange Online. Note: this change does not impact SMTP AUTH.

There are several actions that you and/or your users can take to avoid service disruptions on client applications, and we describe them below. If no action is taken, client applications using Basic Authentication for EWS will be retired on October 13, 2020.

Any application using OAuth 2.0 to connect to these protocols, will continue to work without change or interruption.

[What do I need to do to prepare for this change?]

You have several options on how to prepare for the retirement of Basic Authentication.


    You can start updating the client applications your users are using to versions that support OAuth 2.0 today. For mobile device access, there are several email apps available that support Modern Authentication, but we recommend switching to the Outlook app for iOS and Android as we believe it provides the best overall experience for your M365 connected users. For desktop/laptop access, we encourage the use of the latest versions of Outlook for Windows and Outlook for Mac. All Outlook versions including, or newer than, Outlook 2013 fully support OAuth 2.0.

    If you have written your own code using these protocols, you will need to update your code to use OAuth 2.0 instead of Basic Authentication, you can reach out to us on stack overflow with the tag exchange-basicauth if you need some help.


    If you or your users are using a 3rd party application, which uses these protocols, you will either need to


        reach out to the 3rd party app developer who supplied this application to update it to support OAuth 2.0 authentication


        -or-

        assist your users to switch to an application that’s built using OAuth 2.0.

Is this implemented in k9mail? I prefer using k9 as my mobile email client.

Morthawt on 21 Sep 2019

👍3

All 3 comments

Opened from #1752

philipwhiuk on 25 Oct 2016

Per comments on #1295 it will depend on us:

Implementing the work in #1747
Implementing a generic way of requesting OAuth tokens outside the Android Accounts system (which works for Google).
Implementing any specific requirements for Microsoft.

philipwhiuk on 25 Oct 2016

Has OAuth 2.0 been implemented? I just received an email from Microsoft (I am a global admin of our company's Office 365. It states the following:

Beginning October 13, 2020, we will retire Basic Authentication for EWS, EAS, IMAP, POP and RPS to access Exchange Online. Note: this change does not impact SMTP AUTH.

There are several actions that you and/or your users can take to avoid service disruptions on client applications, and we describe them below. If no action is taken, client applications using Basic Authentication for EWS will be retired on October 13, 2020.

Any application using OAuth 2.0 to connect to these protocols, will continue to work without change or interruption.

[What do I need to do to prepare for this change?]

You have several options on how to prepare for the retirement of Basic Authentication.


    You can start updating the client applications your users are using to versions that support OAuth 2.0 today. For mobile device access, there are several email apps available that support Modern Authentication, but we recommend switching to the Outlook app for iOS and Android as we believe it provides the best overall experience for your M365 connected users. For desktop/laptop access, we encourage the use of the latest versions of Outlook for Windows and Outlook for Mac. All Outlook versions including, or newer than, Outlook 2013 fully support OAuth 2.0.

    If you have written your own code using these protocols, you will need to update your code to use OAuth 2.0 instead of Basic Authentication, you can reach out to us on stack overflow with the tag exchange-basicauth if you need some help.


    If you or your users are using a 3rd party application, which uses these protocols, you will either need to


        reach out to the 3rd party app developer who supplied this application to update it to support OAuth 2.0 authentication


        -or-

        assist your users to switch to an application that’s built using OAuth 2.0.

Is this implemented in k9mail? I prefer using k9 as my mobile email client.

Morthawt on 21 Sep 2019

👍3

Was this page helpful?

0 / 5 - 0 ratings