Ubuntu
evolution-ews package

Authentication with OAuth2 to Office365 fails

Bug #1838463 reported by Luca Boccassi
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
evolution-ews (Debian)
Fix Released
Unknown
evolution-ews (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

The OAuth2 module of evolution-ews sends an optional "scope" parameter
in its HTTP request that causes Office365 AD to reject the authentication request with an error like:

   error:invalid_request description:AADSTS65002:
   Consent between first party applications and resources must be
   configured via preauthorization.

The "scope" parameter is listed as ignored on the upstream
documentation, and it has been confirmed by multiple users that
removing it from the request does not cause any issue, and fixes this
problem.

A very simple fix has been merged in the upstream branch and has also
been backported to the 3.32 branch:

https://gitlab.gnome.org/GNOME/evolution-ews/commit/8dafe925c30e2a2bc53578076eb5710b18eedd42

This is fixed in Disco and Eoan, but on 18.04 LTS it doesn't work as it's an older version. It would be great if the patch could be backported to 18.04 via bionic-updates - it's really trivial:

@@ -253,7 +238,6 @@ eos_office365_prepare_authentication_uri_query (EOAuth2Service *service,

        e_oauth2_service_util_set_to_form (uri_query, "response_mode", "query");
        e_oauth2_service_util_set_to_form (uri_query, "prompt", "login");
- e_oauth2_service_util_set_to_form (uri_query, "scope", OFFICE365_SCOPE);
        e_oauth2_service_util_set_to_form (uri_query, "resource", OFFICE365_RESOURCE);
 }

@@ -321,7 +305,6 @@ eos_office365_prepare_refresh_token_form (EOAuth2Service *service,
 {
        g_return_if_fail (form != NULL);

- e_oauth2_service_util_set_to_form (form, "scope", OFFICE365_SCOPE);
        e_oauth2_service_util_set_to_form (form, "resource", OFFICE365_RESOURCE);
        e_oauth2_service_util_set_to_form (form, "redirect_uri", e_oauth2_service_get_redirect_uri (service, source));
 }

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in evolution-ews (Ubuntu):
status: New → Confirmed
Revision history for this message
Anirudh (t-ansrin-deactivatedaccount) wrote :

+1

I too would really appreciate this being backported to bionic too.

Bug Watch Updater (bug-watch-updater)
Changed in evolution-ews (Debian):
status: Unknown → Fix Released
Revision history for this message
Vaibhav Mishra (mevaibhav) wrote :

Any updates on this ?

Luca Boccassi (bluca)
Changed in evolution-ews (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.