Configuring mutt to access UvA's Outlook365 server via 2FA

Introduction

This page will describe how to login to outlook.office365.com with the mutt email client using OAuth2. The new UvA Office365 requires users to login using additional security measures in order to mitigate the security weakness of a simple username/password combination. This is done by so called "bearer tokens" (see this link for more details and for more detailed instructions about the workings of the python script).

This manual will show how to use this python script and use mutt's native OAuth support.

This manual (and the python script) will assume a working GPG setup on your machine. If you do not have this available first install this on your system before continuing. Cf., e.g., this manual for Archlinux.

The mutt_oauth2.py script requires at least Python 3.7. Earlier versions will fail with the notification that capture_output is not a valid argument for subprocess.run.

In addition, you will need at least mutt 2.0.0. Earlier versions do not have the imap_oauth_refresh_command function.

Install and configure mutt_oauth2.py

Download the python script, put in sensible spot and make executable:

wget -O /some/local/path/mutt_oauth2.py https://gitlab.com/muttmua/mutt/-/raw/master/contrib/mutt_oauth2.py
cd /some/local/path
chmod +x mutt_oauth2.py
  • Edit the python script and insert your GPG identity in the "ENCRYPTION_PIPE" construct.
  • Add client id ('08162f7c-0fd2-4200-a84a-f25a4db0b584') and client_secret ('TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82'), as per these instructions, to the "microsoft" registrations.

Execute the script to start authorization and to obtain a token.

./mutt_oauth2.py TOKEN_FILENAME --verbose --authorize

Choose localhostauthcode when asked, answer the other questions and paste the url in a browser. This will take you to the UvA login page where you login with your UvAnetID.

If all is well the script will let you know that it sucessfully obtained a token.

Configure mutt

With the following configuration mutt can login to the IMAP server and send email via SMTP both using OAuth2.

set from        = "Your UvA mail address"
set realname    = "Your name"
set hostname    = "uva.nl"
set imap_user   = "Your UvA mail address"
set smtp_pass   = $my_uvapass
set imap_pass   = $my_uvapass
set folder      = "imaps://[Your UvA mail address]@outlook.office365.com"
set spoolfile   = "+INBOX"
set smtp_url    = "smtp://[Your UvA mail address]@smtp.office365.com:587"
set imap_authenticators = "xoauth2"
set imap_oauth_refresh_command = "/some/local/path/mutt_oauth2.py /some/local/path/TOKEN_FILENAME"
set smtp_authenticators = ${imap_authenticators}
set smtp_oauth_refresh_command = ${imap_oauth_refresh_command}
set ssl_force_tls = "yes"
set ssl_starttls  = "yes"

Modified: 2022-04-07 21:07:30 CEST

Emacs 28.1 (Org mode 9.5.2)