The only thing holding me back from canceling my subscription and install Newton is it require snapd on Linux.

Cancelled my subscription. I can’t upgrade because the OAuth doesn’t work in latest version. Can’t keep using the old version because it is a security risk.

Mailspring was a good idea. Just not enough demand to make it profitable. Thanks to the developers for your hard work.

The proposed fix by F1nny above will not work because Origin is a reserved header name - the new value for the header supplied in fetch() will be ignored.

The electron way to fix this is to use .webRequest.onBeforeSendHeaders (https://stackoverflow.com/a/56376799). The fix is fairly simple and can be self-contained to the microsoft domain.

diff --git a/app/src/browser/main.js b/app/src/browser/main.js
index 57ce15fc0..0bf1000ef 100644
--- a/app/src/browser/main.js
+++ b/app/src/browser/main.js
@@ -324,6 +324,19 @@ const start = () => {
     app.removeListener('open-file', onOpenFileBeforeReady);
     app.removeListener('open-url', onOpenUrlBeforeReady);

+  const filter = {
+    urls: ["*://login.microsoftonline.com/*"]
+  };
+
+  session.defaultSession.webRequest.onBeforeSendHeaders(
+    filter,
+    (details, callback) => {
+      console.log(details);
+      details.requestHeaders['Origin'] = 'localhost';
+      callback({ requestHeaders: details.requestHeaders });
+    }
+  );
+
     // Block remote JS execution in a second way in case our <meta> tag approach
     // is compromised somehow https://www.electronjs.org/docs/tutorial/security
     // This CSP string should match the one in app/static/index.html

Whoops sorry double post there (replied to wrong comment)
Thanks @greg2010 - Yea I did get my build env fixed thismorning and was a no go when tried, that would be why! I tested the above and can confirm it works

@greg2010 We will be happy, of you open a pull request on GitHub to submit the fix. That would be really appreciated.

I just had the time to try this out. After the change mentioned by @greg2010, I needed to replace the email field with userPrincipalName when parsing the response.

Unfortunately, this leads to some problems in the mailsync engine with the following error message:

{
    "debuginfo": "https://login.microsoftonline.com/common/oauth2/v2.0/token RETURNED {\\"error\\":\\"invalid_scope\\",\\"error_description\\":\\"AADSTS70011: The provided resource value for the input parameter 'scope' is not valid.\\\\r\\\\nTrace ID: 85180096-6ab4-4e6c-9f8d-a10c4fdd6002\\\\r\\\\nCorrelation ID: fe13e5a2-5aa8-4937-923f-45bfdb4caaf8\\\\r\\\\nTimestamp: 2022-04-08 13: 37: 12Z\\",\\"error_codes\\":[70011],\\"timestamp\\":\\"2022-04-08 13: 37: 12Z\\",\\"trace_id\\":\\"85180096-6ab4-4e6c-9f8d-a10c4fdd6002\\",\\"correlation_id\\":\\"fe13e5a2-5aa8-4937-923f-45bfdb4caaf8\\"}",
    "key": "Invalid Response Code: 400",
    "retryable": true,
    "what": "std::exception"
}

Weird - what made you have to replace the email field with UPN?
I’m running that change as-is (though it’s also on top of the prior change I tried but that’s N/A as gets dropped as we found out, ha) and everything has seemed to be working great

When are we users getting the fix? Same problem for me.

When I look at the OAuth response, the e-mail field is empty for me. I have created a free O365 e-mail account for testing. Maybe this is the issue? The response looks like:

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
    "displayName": "Firstname Lastname",
    "surname": "Lastname",
    "givenName": "Firstname",
    "id": "cd6008dfbb81d326",
    "userPrincipalName": "myemail@outlook.de",
    "businessPhones": [],
    "jobTitle": null,
    "mail": null,
    "mobilePhone": null,
    "officeLocation": null,
    "preferredLanguage": null
}

As you can see, the e-mail field is null in my case for whatever reason.

However, I am able to add the e-mail account as an “Outlook.com / Hotmail” account. I am not sure, what / how exactly they differenciate and how I can create a “real” O365 e-mail account for testing.

Ahhhh yea that’s likely why, Outlook is considered separate from O365 (stupid microsoft - O365 structure is SUPER convoluted).

O365 is traditionally the hosted Exchange plans far as I’ve seen. Though I THINK the Home/Personal O365 plans also work as O365? Not as sure on that part since those ones get branded Outlook instead of O365.

You can sign up for a free trial of the basic O365 plan via https://www.microsoft.com/en-us/microsoft-365/business/compare-all-microsoft-365-business-products otherwise if that’s too much trouble I may be able to help getcha a temporary O365 account for testing purposes

I agree, that everything Microsoft Login related is crazy. I did not understand that the private O365 is actually not O356…
Thanks for the link to the real one. I will see if I get the time to set up a test account and check if works with the “business” O365 account.

I can confirm that it works with a “real” O365 account and created a Pull Request to resolve the issue: https://github.com/Foundry376/Mailspring/pull/2390

Thanks for all the help debugging and resolving this issue, especially to @F1nny and @greg2010

After installing the latest update, i receive the following error:

image891×599 25.3 KB

Error: ErrorNamespace (IMAP)
at ChildProcess. (file:///home/eifram/app/Mailspring/app/src/mailsync-process.ts:228:27)
at ChildProcess.emit (node:events:390:28)
at ChildProcess.emit (node:domain:475:12)
at maybeClose (node:internal/child_process:1064:16)
at Socket. (node:internal/child_process:450:11)
at Socket.emit (node:events:390:28)
at Socket.emit (node:domain:475:12)
at Pipe. (node:net:687:12)

This is the error and the error stack returned in dev mode.
Error: ErrorNamespace (IMAP)

‘connect mailcore::IMAPSession:0x7ffdb0791810\r\n’ +
‘* OK The Microsoft Exchange IMAP4 service is ready. [token]\r\n’ +
‘ssl connect outlook.office365.com 993 2\r\n’ +
‘OpenSSL version: OpenSSL 1.1.0f 25 May 2017\r\n’ +
‘1 CAPABILITY\r\n’ +
‘* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+\r\n’ +
‘1 OK CAPABILITY completed.\r\n’ +
‘connect ok\r\n’ +
‘login\r\n’ +
’ ‘2 AUTHENTICATE XOAUTH2 mytoken’ +
‘2 OK AUTHENTICATE completed.\r\n’ +
‘3 CAPABILITY\r\n’ +
‘* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS MOVE ID UNSELECT CLIENTACCESSRULES CLIENTNETWORKPRESENCELOCATION BACKENDAUTHENTICATE CHILDREN IDLE NAMESPACE LITERAL+\r\n’ +
‘3 OK CAPABILITY completed.\r\n’ +
‘4 NAMESPACE\r\n’ +
‘4 BAD User is authenticated but not connected.\r\n’ +
‘fetch namespace failed\r\n’
} { pluginIds: }

@faan11 Did this happen with previous versions as well? When does this happen? On registration of a new O365 account or when pulling e-mails? Can you try it with a different O365 e-mail address if it has the same problem?

as far as i remember, previously i had the OAuth code error issue.
Now the error changes but the error still occurs at the end of the 0Auth process (which occurs after pressing the “Office 365” button )
Today i also created a new outlook account ( you can do that as well ) and i got another issue. The error still occurs at the end of the 0Auth process.

immagine901×600 28.9 KB

Updated today to latest mailspring and was able to sign in to office365 again

@faan11 In this case, you may not have a real “Office 365” account, but rather an Outlook.com account. Please try to add this account using the Outlook.com / Hotmail option.

For more information on why this happens, see: Login to Office no longer working - #39 by F1nny

Ok makes sense. I’m too lazy to try.
Applications such as Thunderbird or Kmail use Exchange Web Services (EWS) to connect with Microsoft accounts.
The integration of EWS can solve these issues and also remove the difference between outlook.com and office 365.
This library can be used as a backend https://github.com/gautamsi/ews-javascript-api . It seems well maintained.
Let us know if this is feasible without complicated changes in the source code.

Hi,
Thanks for the Springmail community. In my case with the latest version I could simply login-to-office 365-and it-is working properly.
If any one has problem he could check entering his office 365 in another PC to be sure the problem is related to his OS or not.
Good luck.