Microsoft Azure account for Akonadi EWS

[Krzysztof Nowicki]

Dnia niedziela, 25 marca 2018 16:24:50 CEST Daniel Vrátil pisze:
> Hi Chris,
> 
> On Friday, 23 March 2018 18:44:58 CEST Krzysztof Nowicki wrote:
> > Hi,
> > 
> > My company has recently tighten-up security on our Office 365
> > configuration
> > and all external access now requires OAUTH2 authentication. In order to
> > make Akonadi EWS work I've started to implement this authentication for
> > the
> > resource.
> > 
> > With Qt 5.8 all the building blocks are there - there is QtNetworkAuth and
> > QtWebEngine, which together allow doing the OAUTH2 authentication with
> > just
> > several lines of code.
> 
> Good!
> 
> > I have however hit a problem - in order to authenticate against the Azure
> > AD the client needs to identify itself with a client ID. In order to
> > obtain one a global, multi-tenant application must be registered with the
> > Azure cloud, which in turn requires a business account - a personal one
> > is not enough.
> > 
> > For the moment I have borrowed a client ID from an existing Android app,
> > but obviously we wouldn't want to ship Akonadi EWS with it.
> 
> Indeed.
> 
> > Evolution has also recently implemented OAUTH2 authentication in their EWS
> > plugin, but they went for a different approach - instead of registering an
> > app themselves they are shifting that towards the user and letting him
> > provide all the necessary data in the account configuration. Personally I
> > think such approach is bad for usability.
> > 
> > I could try to open a trial account for now and register the app, but I'm
> > not sure if the registration will survive once the trial period is over.
> > 
> > I think a better approach would be for KDE as an organization to register
> > an app for Akonadi EWS, so that the ownership of it is clear. Does KDE
> > have such an account? Would there be a possibility to create one?
> 
> I don't think it should be a problem for e.V. to register the keys. It's the
> right thing to do anyway so in case you would not be longer available/
> reachable, we wouldn't completely lose access to the API keys. We already
> did this with API keys for the Google resources.
> 
> I suggest you send an email to kde-ev-board at k.o, explain the situation and
> ask the board to create the account or if it is possible, create the
> account yourself (since you know best how to do it and what's needed to set
> it up properly) and then transfer the ownership of it to the board (or just
> grant them admin rights).

So I've been digging around and I've gone through the process of a sample 
registration. The good news is that with a little quirk you can do this on a 
free Azure account and according to the free account details [1] the Azure 
Directory service, which is where the registration must be done is free for an 
unlimited time period. Alternatively you can use an Office 365 Business account, 
but that one costs $$$.

The slightly less favourable news is that I won't be able to create the 
account myself, provision it and transfer - Microsoft does not allow 
transferring accounts between entities in different countries. I live in 
Poland, while I'd expect KDE e.V. to be registered in Germany.

I'll send an e-mail to the board and provide the details. If needed I can 
login to the account after it will be created or I could provide detailed 
instructions - it's not that difficult once you've gone through the pain once 
and know how to manoeuvrer around the icebergs...

[1] https://azure.microsoft.com/en-us/free/free-account-faq/

Regards
Chris

> 
> 
> Dan
> 
> > Regards
> > Chris