Recent changes to patches

Add device code authenticator

Dick Marinus — Sat, 28 Feb 2026 07:54:35 -0000

Device code authentication is a bit different from call back authentication as for device code authentication a (short) code has to be copied from davmail to the web browser.

The advantages of this are a slightly better user experience and some appid's don't allow/support call back authentication.

I think davmail could be refactored a bit to make these changes a bit more clean (make the call back url optional, make a resource a single definition, move json parsing)

Please let me know what you think of this.

#58 Support of O365 client_credentials authorization flow

Mickael Guessant — Sun, 26 Mar 2023 11:21:19 -0000

Turns out that I had to implement against what our corporate IT permitted and configured on the Exchange side for the specific case I had of a 24x7 application serving a single account. I have neither control nor visibility of the infrastructure end.
This is why this patch set specifically implements the client_credentials flow based on app-only. The code may be at least partially useful for support of delegated authentication, but I had no means to even consider that.
Yes, this only works if the application has been registered, and is specific to the app-only flow (which is really a bit like user name/pw with the clientId/clientSecret in the end, but for an app).

From: patches@davmail.p.re.sourceforge.net patches@davmail.p.re.sourceforge.net On Behalf Of Mickael Guessant
Sent: Saturday, March 25, 2023 17:23
To: [davmail:patches] 58@patches.davmail.p.re.sourceforge.net
Subject: [EXT] [davmail:patches] #58 Support of O365 client_credentials authorization flow

Caution: EXT Email

Very interesting contribution.

Can you please provide more details on the application registration process ?
This will only work with application registered in the target O365 tenant, correct ?
Did you have any issue with application registration for EWS access ?

[patches:#58]https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceforge.net%2Fp%2Fdavmail%2Fpatches%2F58%2F&data=05%7C01%7Cheinz.wrobel%40nxp.com%7C92f09c0f97a84bbe499b08db2d4d2d6e%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638153581739029263%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=E5uDCMiLY8jcXy%2FywWv%2FU1Ohy4xoFmsJx9UNa%2BRssPk%3D&reserved=0 Support of O365 client_credentials authorization flow

Status: open
Group: v6.0.1
Created: Fri Oct 28, 2022 09:36 AM UTC by Heinz Wrobel
Last Updated: Fri Dec 02, 2022 06:25 PM UTC
Owner: nobody
Attachments:

0001-Added-UI-support-for-missing-OAuth-related-parameter.patchhttps://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceforge.net%2Fp%2Fdavmail%2Fpatches%2F58%2Fattachment%2F0001-Added-UI-support-for-missing-OAuth-related-parameter.patch&data=05%7C01%7Cheinz.wrobel%40nxp.com%7C92f09c0f97a84bbe499b08db2d4d2d6e%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638153581739029263%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ArNIK4kx8s3FMm2v%2BqU0snJjCUk7yfxSU7iedwleVjw%3D&reserved=0 (7.1 kB; application/octet-stream)
0002-Ooops.-Forgot-the-static-messages-for-the-prior-comm.patchhttps://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceforge.net%2Fp%2Fdavmail%2Fpatches%2F58%2Fattachment%2F0002-Ooops.-Forgot-the-static-messages-for-the-prior-comm.patch&data=05%7C01%7Cheinz.wrobel%40nxp.com%7C92f09c0f97a84bbe499b08db2d4d2d6e%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638153581739029263%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Mbih7P%2FAOY3xWCTJ3jpLWf7ksPmjwXIVMs%2FdkUTDxJo%3D&reserved=0 (1.1 kB; application/octet-stream)
0003-Support-for-the-client_credentials-token-flow-added.patchhttps://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceforge.net%2Fp%2Fdavmail%2Fpatches%2F58%2Fattachment%2F0003-Support-for-the-client_credentials-token-flow-added.patch&data=05%7C01%7Cheinz.wrobel%40nxp.com%7C92f09c0f97a84bbe499b08db2d4d2d6e%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638153581739029263%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ptQ3qxJqXjHRPn1zUMtLX6Ses04kNDEbCfnJa7i30%2Bo%3D&reserved=0 (20.6 kB; application/octet-stream)
0004-Add-Exchange-Impersonation-support-for-client_creden.patchhttps://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceforge.net%2Fp%2Fdavmail%2Fpatches%2F58%2Fattachment%2F0004-Add-Exchange-Impersonation-support-for-client_creden.patch&data=05%7C01%7Cheinz.wrobel%40nxp.com%7C92f09c0f97a84bbe499b08db2d4d2d6e%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638153581739029263%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ICjRkd3dND8QfBpxdNO1yMVnAcG38JnTM8IySTJTRIo%3D&reserved=0 (3.8 kB; application/octet-stream)

The patch set enables EWS+OAuth2 with the client_credentials flow and also updates the [English] GUI to permit setting all required values.

Microsoft is switching off Basic Authentication which means that non-interactive use of DavMail for automated email based services needs to move to app-only authentication which is client_credentials based.

The Exchange server needs to be configured for app-only auth. See https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-authenticate-an-ews-application-by-using-oauth https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fexchange%2Fclient-developer%2Fexchange-web-services%2Fhow-to-authenticate-an-ews-application-by-using-oauth&data=05%7C01%7Cheinz.wrobel%40nxp.com%7C92f09c0f97a84bbe499b08db2d4d2d6e%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638153581739029263%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=xPVr92o6m6UXR%2BHEdaUW1UDwIEIVsw8H0FotNxI%2Bjyg%3D&reserved=0 If only specific email accounts should be accessible, suitable access control also needs to be enabled on the server.

Remember the usual: Not responsible for anything, no warranties expressed or implied, your mileage may vary, etc ... :-)

Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/davmail/patches/58/https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceforge.net%2Fp%2Fdavmail%2Fpatches%2F58%2F&data=05%7C01%7Cheinz.wrobel%40nxp.com%7C92f09c0f97a84bbe499b08db2d4d2d6e%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638153581739029263%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=E5uDCMiLY8jcXy%2FywWv%2FU1Ohy4xoFmsJx9UNa%2BRssPk%3D&reserved=0

To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceforge.net%2Fauth%2Fsubscriptions%2F&data=05%7C01%7Cheinz.wrobel%40nxp.com%7C92f09c0f97a84bbe499b08db2d4d2d6e%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638153581739185496%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2FDoPtlgRoIM3Dj%2BUmT4yX1%2FK2QgNy2Iawt90MEpwFWk%3D&reserved=0

#56 Embedded JRE is not used when launching davmail from outside it's installation directory

Mickael Guessant — Sat, 25 Mar 2023 16:26:27 -0000

Improved version of this patch merged

#58 Support of O365 client_credentials authorization flow

Mickael Guessant — Sat, 25 Mar 2023 16:22:42 -0000

Very interesting contribution.

#58 Support of O365 client_credentials authorization flow

Bayapa Dadem — Fri, 02 Dec 2022 18:25:54 -0000

I am able to manually add the script provided in the patches into source and build using build instructions then I have copied lib and other files from dist folder to exiting installation folder.

now we are able to pass the Client Secret value and Check the Enable OIDC/V2.0 option.

after these settings done, Siebel CRM is able to read emails using O365 via DavMail.

#58 Support of O365 client_credentials authorization flow

Bayapa Dadem — Wed, 23 Nov 2022 18:57:51 -0000

error at the O365: Sign-in error code900144Failure reasonThe request body must contain the following parameter: '{name}'.Additional DetailsDeveloper error - the app is attempting to sign in without the necessary or correct authentication parameters.

#58 Support of O365 client_credentials authorization flow

Bayapa Dadem — Wed, 23 Nov 2022 18:56:55 -0000

Hi,

We are using DavMail version: 6.0.1-339 and we are implementing O365 authentication, we are getting an error "-ERR Authentication failed: invalid user or password"

we suspect this error is coming due to Password is not passed to O365.

Can you please help us how to apply these patches into our current DavMail version?

Support of O365 client_credentials authorization flow

Heinz Wrobel — Fri, 28 Oct 2022 09:36:37 -0000

The patch set enables EWS+OAuth2 with the client_credentials flow and also updates the [English] GUI to permit setting all required values.

The Exchange server needs to be configured for app-only auth. See https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-authenticate-an-ews-application-by-using-oauth If only specific email accounts should be accessible, suitable access control also needs to be enabled on the server.

Remember the usual: Not responsible for anything, no warranties expressed or implied, your mileage may vary, etc ... :-)

#57 Login twice required, can davmail add the domain the first time, and remove it the second time?

Caroline ter Bruggen — Mon, 28 Mar 2022 08:34:48 -0000

This can be closed as I moved it to a feature request.

#57 Login twice required, can davmail add the domain the first time, and remove it the second time?

Caroline ter Bruggen — Thu, 24 Mar 2022 14:08:07 -0000

Would it perhaps be a solution to hand a cookie to davmail after logging in through the web browser? As has been proposed in 2018: https://sourceforge.net/p/davmail/patches/37/?