Modern corporate OAuth2 email authentication on NixOS

liam · November 23, 2021, 3:22am

I like to use mbsync and msmtp with mu and Emacs to manage my email. These tools are mostly designed around basic IMAP and SMTP password authentication, but they are growing support for OAuth2.

My university, which uses Microsoft 365, recently disabled “basic authentication” in favor of “modern authentication”, which means I can’t use an app password and legacy email authentication anymore.

There are various guides on setting up Oauth2 with these email tools, but they all seem to depend on different scripts and packages for dealing with the tokens, and most of these tools don’t seem to be available yet on Nix.

I was wondering if anyone else has been forced to migrate already and can point me in the right direction on NixOS. Thanks for any info you can provide!

Swarsel · March 25, 2025, 2:03pm

Anyone got this working? I am currently trying to do the exactly same thing.

ParetoOptimalDev · March 26, 2025, 4:56am

oauth2ms might help you

liam · April 3, 2025, 2:25am

I ended up using oama (and mutt_oauth2.py for Outlook personal, unfortunately), but the overall situation is still in poor shape, see the below upstream issues. oauth2ms is no better as I’m sure it’s doing fundamentally the same things as the other options, except it only supports Microsoft and seems abandoned.

As far as I can tell, both Google and Microsoft have implemented restrictions around registering an app ID for personal use that force you to impersonate Thunderbird. AFAIK that’s liable to break at some point, but I don’t know of any way around it (short of registering for the Microsoft Developer Program or submitting your app for review to Google). If anyone has had better luck I’m interested to hear about it.

None of these problems are NixOS-specific, to be fair.