

 $Id: README.txt,v 1.15 2023/09/26 20:13:51 gilles Exp gilles $
 
How to generate an OAUTH2 access token to access an Office365 
account with imapsync?

======================================================================
A) Installation

Download the zip archive called "oauth2_office365.zip" at
https://imapsync.lamiral.info/oauth2/
and extract it anywhere.

The zip archive "oauth2_office365.zip" is an exact archive of 
https://imapsync.lamiral.info/oauth2/oauth2_office365/


In Azure, I created an Application called imapsync.
Its client_id is c46947ca-867f-48b7-9231-64213fdd765e
This client_id is used in the command oauth2_office365_with_imap.exe

======================================================================
A) For Windows users

0) There is two files with similar names:
   - oauth2_office365_with_imap.exe 
   - oauth2_office365_with_imap
   
The file oauth2_office365_with_imap is a Perl script, it's the 
source code of the second one, oauth2_office365_with_imap.exe,
which is a standalone binary. If you change the source code,
the binary won't change unless you rebuild it.

1) Edit the file example.bat and replace the email
foo@example.com 
by yours in the line:
 
    CALL .\oauth2_office365_with_imap.exe  foo@example.com
 
2) Run example.bat by double-clic or run it in a DOS window, a black
one is a good one usually.
 
You can also directly run the following command in a DOS window, if
you know how to go to the directory where the command belongs:
    
    .\oauth2_office365_with_imap.exe  foo@example.com
 
3) The tokens are generated in the sub-directory "tokens" which has to
exist before but the batch script example.bat creates it anyway.

4) With imapsync, use the token file path as a value for the parameters
--oauthaccesstoken1 or --oauthaccesstoken2

Go to read section C) below for more detailed explanations.
 
======================================================================
B) For Linux or MacOS users
 
1) Replace the email foo@example.com by yours in the
command line:

      ./oauth2_office365_with_imap foo@example.com

and run it.

2) The tokens are generated in the sub-directory "tokens" which has to
exist before.

======================================================================
C) For all users

Here are some explanations about oauth2_office365_with_imap.exe
behavior:
 
1) The first time you run it, the file containing the tokens does not exist. 
It is ok, we are here to create them. One token is the access token 
to access the office365 account with imapsync, usually usable
for one hour only. The other token is the refresh token, a token to get 
a new access token. The refresh token stays usable for a longer time.

2) Once generated, the tokens file is ready to be used by imapsync.

Example for a source account:
    
  imapsync ... --user1 foo@example.com --oauthaccesstoken1 path/tokens/oauth2_tokens_foo@example.com.txt


Example for a destination account:
   
  imapsync ... --user2 foo@example.com --oauthaccesstoken2 path/tokens/oauth2_tokens_foo@example.com.txt

3) The token file contains two important lines.
The first line is the access token.
The second line is the refresh token.
The next lines are sugar.
 
4) The usage is simple: run the command at anytime without
changing anything, it will check the authentication and regenerate
the access token and the refresh tokens if needed.
    
5) What the oauth2_office365_with_imap command does:
    
If the tokens file already exists, the access token is checked
with a real IMAP access to the mailbox.

If the IMAP access succeeds, the access token is proven good but it
is going to be regenerated anyway.
    
If the refresh token exists, then the refresh token is used to
generate a new access token.
  
If the refresh fails, then we are as if the tokens file does
not exit.

If the new access token succeed then both tokens are placed back
in the tokens file.
 
The previous behavior sounds complicated, because it is, but the
goal is to simplify the usage. You just need to run the same
command before running imapsync with the options
--oauthaccesstoken1 or --oauthaccesstoken2
   
With big mailboxes, you have to refresh the access token during the 
imapsync process. You can automatize this refresh by running 
the batch script called infinite_loop_example.bat
This script refreshes the access token every half an hour.
 
I will integrate this tool inside imapsync later.
 
6) Good luck!

7) Feedback is welcome

