Thank you. I will study this and see if I can figure out how to fix it - it does not seem overly easy for a novice like me, but I will see what I can learn
Just checking in again. This is the error I keep getting, followed by the red one saying connection is not established. I want to be sure this is the same issue we are discussing and dealing with? Unfortunately I can’t understand how to implement the PKCE as I don’t have sufficient coding experience… is there another work around? I really love mainspring but will need to abandon it due to this issue, unfortunately…
I should also add that this error comes when scanning my multiple folders. Only some of the folders get fully scanned.
Thanks!
Ok, I don’t see any relationship when scanning multiple folders. But it is quite clear what has happened if I go to the account settings and I see a message that Mailspring no longer can authenticate with the account. Clicking on Error Details… brings up the log with a clear error message: The refresh token has expired due to maximum lifetime.
1 Like
After a month of trying every possible solution i discovered that connecting to VPN solves the issue permanently. Another person suggested disconnecting from the VPN and it solved his problem but in my case it was the opposite that solved my issue.
2 Likes
Do you know if there is some update on this issue? Vpn does not do anything to solve my problem. It’s really annoying.
Thank you so much for pointing this out. SMTP was unchecked by default for my account. I checked it and it worked!
Now the only things left for MS to implement are Calendar(do they have any implementation of Calendar in the pipeline?) and more Dark Themes. 
I’m not sure this update is helpful but thought I would share. The problem seems to have gotten worse and is now requiring me to re-authenticate multiple times a day. I’ve also noticed that even when I am authenticated, it doesn’t seem to be syncing properly (e.g. I archive mail but it doesn’t get sync’d so when I open it up again, those emails are still in my inbox). That could be because it times out so quickly… 
Thanks to everyone who is able to contribute to the investigation and solution. 
Hi! I’m probably in minority here, but I don’t mind re-authorizing every time refresh token expires. refresh tokens’ validity period will always be server side managed and IMHO there is not much a client app can do about that. Don’t get me wrong, any effort from client app to try to make better user experience is greatly appreciated!
Thus said, I still have a problem: re-authorization doesn’t always work in Mailspring 1.9.1
I have two Office365 institutional accounts for two different institutions. Both have 2FA enabled (although, 2FA is non issue here, I’d say). At the beginning of day both accounts fail to connect. I get to Settings->Accounts->Reconnect. Both accounts open Office365 signup page as shown in other screenshots above. First one reconnects successfully.
Second one shows OAuth success screeen in new browser tab, but fails to reconnect in Mailspring.
C/P second account URL:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
query params parsed for readability:
{
"client_id": ["xxxxxxxx-yyyy-zzzz-aaaa-bbbbbbbbbbbb"],
"redirect_uri": ["http://localhost:12141"],
"response_type": ["code"],
"scope": [
"user.read offline_access Contacts.ReadWrite Contacts.ReadWrite.Shared Calendars.ReadWrite Calendars.ReadWrite.Shared https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/SMTP.Send"
],
"response_mode": ["query"],
"code_challenge": ["xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"],
"code_challenge_method": ["S256"]
}
Error details:
Mailspring Version: 1.9.2-6e14dad1
Platform: linux
Account State: invalid
Account Provider: office365
IMAP Server: outlook.office365.com
SMTP Server: smtp.office365.com
--------------------------------------------
***
444079 [2021-09-16 10:21:50.765] [background] [critical] *** Stack trace (line numbers are approximate):
*** ??:? ValidateRequestResp(CURLcode, void*, string)
*** ??:? PerformRequest(void*)
*** ??:? PerformJSONRequest(void*)
*** ??:? MakeOAuthRefreshRequest(string, string, string)
*** ??:? XOAuth2TokenManager::partsForAccount(shared_ptr)
*** ??:? MailUtils::configureSessionForAccount(mailcore::IMAPSession&, shared_ptr)
*** ??:? SyncWorker::configure()
*** ??:? runBackgroundSyncWorker()
*** main.cpp:? main::{lambda()#3}::operator()() const
*** main.cpp:? _Bind_simple::operator()()
*** main.cpp:? thread::_Impl::_M_run()
*** thread.o:? execute_native_thread_routine()
***
444091 [2021-09-16 10:21:50.902] [main] [info] Identity created at 1631688190 - using ID Schema 1
444091 [2021-09-16 10:21:50.902] [main] [info] ------------- Starting Sync (xxxxxxxx@yyyyyyyyyy.com) ---------------
444091 [2021-09-16 10:21:50.906] [background] [info] Fetching XOAuth2 access token (office365) for f9a16a1c
444091 [2021-09-16 10:21:50.906] [metadata] [info] Metadata delta stream starting...
444091 [2021-09-16 10:21:51.339] [background] [critical]
***
*** Mailspring Sync
*** An exception occurred during program execution:
*** {"debuginfo":"https://login.microsoftonline.com/common/oauth2/v2.0/token RETURNED {\"error\":\"invalid_grant\",\"error_description\":\"AADSTS700084: The refresh token was issued to a single page app (SPA), and therefore has a fixed, limited lifetime of 1.00:00:00, which cannot be extended. It is now expired and a new sign in request must be sent by the SPA to the sign in page. The token was issued on 2021-09-15T07:53:08.6207667+00:00.\\r\\nTrace ID: 2675aa75-1fd9-42ad-b0c7-ad3ca49d0a00\\r\\nCorrelation ID: b0b5f84d-bda0-43c6-ade9-22e9fa7fad5b\\r\\nTimestamp: 2021-09-16 08:21:51Z\",\"error_codes\":[700084],\"timestamp\":\"2021-09-16 08:21:51Z\",\"trace_id\":\"2675aa75-1fd9-42ad-b0c7-ad3ca49d0a00\",\"correlation_id\":\"b0b5f84d-bda0-43c6-ade9-22e9fa7fad5b\",\"error_uri\":\"https://login.microsoftonline.com/error?code=700084\"}","key":"Invalid Response Code: 400","retryable":false,"what":"std::exception"}
***
444091 [2021-09-16 10:21:51.339] [background] [critical] *** Stack trace (line numbers are approximate):
*** ??:? ValidateRequestResp(CURLcode, void*, string)
*** ??:? PerformRequest(void*)
*** ??:? PerformJSONRequest(void*)
*** ??:? MakeOAuthRefreshRequest(string, string, string)
*** ??:? XOAuth2TokenManager::partsForAccount(shared_ptr)
*** ??:? MailUtils::configureSessionForAccount(mailcore::IMAPSession&, shared_ptr)
*** ??:? SyncWorker::configure()
*** ??:? runBackgroundSyncWorker()
*** main.cpp:? main::{lambda()#3}::operator()() const
*** main.cpp:? _Bind_simple::operator()()
*** main.cpp:? thread::_Impl::_M_run()
*** thread.o:? execute_native_thread_routine()
***Ok, scratch the post above. The issue was following.
First account requested re-authorization. This required me to login to outlook.com using password and 2FA. Also, checkbox “Stay signed in” was selected. First account re-auth in Mailspring passes fine.
Then second account re-auth is requested. No outlook.com login page is shown but instead what happens is (because of “Stay signed in” checkbox) second re-auth request from Mailspring gets processed using first account that is still logged in browser. This results by token approved by acccount1 being given to Mailspring to try to use it for account2.
In the end, Mailspring fails to use received token for account2 - because it is wrong token (it was issued using account1 credentials).
2 Likes
This worked for me. Thanks.
Current Error i’m having with my Institution Office365. It seems that the refresh token is not being extended so it fails and forces me to re-authenticate.
"stack": "Error: null13751 [2021-10-01 09:44:01.325] [background] [critical] \n***\n*** Mailspring Sync \n*** An exception occurred during program execution: \n*** {\"debuginfo\":\"https://login.microsoftonline.com/common/oauth2/v2.0/token RETURNED {\\\"error\\\":\\\"invalid_grant\\\",\\\"error_description\\\":\\\"AADSTS700084: The refresh token was issued to a single page app (SPA), and therefore has a fixed, limited lifetime of 1.00:00:00, which cannot be extended. It is now expired and a new sign in request must be sent by the SPA to the sign in page. The token was issued on 2021-09-30T13:53:41.8505874+00:00.\\\\r\\\\nTrace ID: 1e3b46a9-409a-4fc1-9cce-49a201c91e00\\\\r\\\\nCorrelation ID: 1aa53ff4-d31e-4eb0-924c-0e886ef8e64b\\\\r\\\\nTimestamp: 2021-10-01 14:44:01Z\\\",\\\"error_codes\\\":[700084],\\\"timestamp\\\":\\\"2021-10-01 14:44:01Z\\\",\\\"trace_id\\\":\\\"1e3b46a9-409a-4fc1-9cce-49a201c91e00\\\",\\\"correlation_id\\\":\\\"1aa53ff4-d31e-4eb0-924c-0e886ef8e64b\\\",\\\"error_uri\\\":\\\"https://login.microsoftonline.com/error?code=700084\\\"}\",\"key\":\"Invalid Response Code: 400\",\"retryable\":false,\"what\":\"std::exception\"}\n***\n\n13751 [2021-10-01 09:44:01.325] [background] [critical] *** Stack trace (line numbers are approximate):\n*** ??:? ValidateRequestResp(CURLcode, void*, string)\n*** ??:? PerformRequest(void*)\n*** ??:? PerformJSONRequest(void*)\n*** ??:? MakeOAuthRefreshRequest(string, string, string)\n*** ??:? XOAuth2TokenManager::partsForAccount(shared_ptr)\n*** ??:? MailUtils::configureSessionForAccount(mailcore::IMAPSession&, shared_ptr)\n*** ??:? SyncWorker::configure()\n*** ??:? runBackgroundSyncWorker()\n*** main.cpp:? main::{lambda()#3}::operator()() const\n*** main.cpp:? _Bind_simple::operator()()\n*** main.cpp:? thread::_Impl::_M_run()\n*** thread.o:? execute_native_thread_routine()\n***\n\n/usr/share/mailspring/resources/app.asar.unpacked/mailsync: line 5: 13751 Aborted SASL_PATH=\"$SCRIPTPATH\" LD_LIBRARY_PATH=\"$SCRIPTPATH;$LD_LIBRARY_PATH\" \"$SCRIPTPATH/mailsync.bin\" \"$@\"\n\n at ChildProcess.onStreamCloseOrExit (file:///tmp/nylas-build/electron-packager/linux-x64/mailspring-linux-x64/resources/app/src/mailsync-process.ts:301:17)\n at ChildProcess.emit (events.js:210:5)\n at ChildProcess.EventEmitter.emit (domain.js:476:20)\n at Process.ChildProcess._handle.onexit (internal/child_process.js:272:12)",
Just contributing that I am having same issue with a university exchange account (no IMAP, only “modern authentication”), and getting the error “Connection Error - Unable to connect to the server / port you provided. (IMAP)”
Wondering if there are any updates on this, even if its just “we’re stuck on XYZ”.
I’ve hit this problem too. My employer has just locked down our exchange server, removing insecure authentication.
They have added a method for authentication with IMAP using oauth2, (Authenticate an IMAP, POP or SMTP connection using OAuth | Microsoft Docs) But I can’t see that this is supported yet. Is it likely or too hard?
1 Like
If your Office/Microsoft 365 admins disable IMAP for your tenant, there’s not much you can do. You need to use a mail client that supports EWS/EAS…
I’ve had the same problem with @sterlingralph .
When selecting Office365 as a preset for adding account. After logging into the accopunt in the browser, Mailspring’s windows just return “Connection Error - Unable to connect to the server (IMAP)”.
I have near zero about what happened in the background and about the log, but someone here say something about IMAP and SMTP option in admin’s dashboard has been turned off and other workaround is using Exchange service or somthing.
I’ve realized that I have configured my Office365 email in an Android application called FairMail and I copy the settings from there. Using adding IMAP Email service and copy & fill in the blank. The final window is look like this (I have my 2FA turned on on my account but I’m using just my password not the “app password”). For me, the sync function is still working after a day of continuous usage.
I’m not sure why this setup is working for my case, but I’m sharing my experience. Hoping that it can fix someone’s problems here.
1 Like
Dateline: October 21, 2022. Institutional Office365 STILL not working.
Action: Voted.
User Feelings: 
Unwanted comments by User: Love Mailspring but can’t keep switching to a different mail program for Office365 mail account that is needed for work. The whole point of mailspring was to aggregate multiple emails into 1 interface/gui.
Screenshots (for what it’s worth)
Currently having issues logging in with 2 separate accounts.
----------IMAP----------
connect <mailcore::IMAPSession:0x7ffd24516690>
* OK The Microsoft Exchange IMAP4 service is ready. [QwBIADAAUAAyADIAMwBDAEEAMAAwADEANgAuAE4AQQBNAFAAMgAyADMALgBQAFIATwBEAC4ATwBVAFQATABPAE8ASwAuAEMATwBNAA==]
ssl connect outlook.com 993 2
OpenSSL version: OpenSSL 1.1.0f 25 May 2017
1 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
1 OK CAPABILITY completed.
connect ok
login
2 LOGIN "..." *********
2 NO LOGIN failed.
Thanks for the pointer @jorgefsoriano.
Indeed, my uni also turned on 2FA, and somehow also disabled IMAP/SMTP access recently. Until then I was using an app password which worked fine, but now that SMTP is discontinued I was left without a solution.
I am now able to connect to my institutional office365 with mailspring through davmail. The later supports 2FA since version 5.0 (now at 6.0). The relevant article quoted above is not really relevant to the 2FA problem, but there is doc on the davmail website that explain how to do it. It’s quite simple really. Just connect to local ports from mailspring (as in the quote article) and use “O365Interactive” in the davmail settings. davmail should authenticate with 2FA and let mailspring work through it fine ! Thanks to the davmail devs.