Microsoft Azure account for Akonadi EWS

Daniel Vrátil dvratil at kde.org
Sun Mar 25 15:24:50 BST 2018 

Hi Chris,

On Friday, 23 March 2018 18:44:58 CEST Krzysztof Nowicki wrote:
> Hi,
> 
> My company has recently tighten-up security on our Office 365 configuration
> and all external access now requires OAUTH2 authentication. In order to
> make Akonadi EWS work I've started to implement this authentication for the
> resource.
> 
> With Qt 5.8 all the building blocks are there - there is QtNetworkAuth and
> QtWebEngine, which together allow doing the OAUTH2 authentication with just
> several lines of code.

Good!

> 
> I have however hit a problem - in order to authenticate against the Azure AD
> the client needs to identify itself with a client ID. In order to obtain
> one a global, multi-tenant application must be registered with the Azure
> cloud, which in turn requires a business account - a personal one is not
> enough.
> 
> For the moment I have borrowed a client ID from an existing Android app, but
> obviously we wouldn't want to ship Akonadi EWS with it.

Indeed.

> 
> Evolution has also recently implemented OAUTH2 authentication in their EWS
> plugin, but they went for a different approach - instead of registering an
> app themselves they are shifting that towards the user and letting him
> provide all the necessary data in the account configuration. Personally I
> think such approach is bad for usability.
> 
> I could try to open a trial account for now and register the app, but I'm
> not sure if the registration will survive once the trial period is over.
> 
> I think a better approach would be for KDE as an organization to register an
> app for Akonadi EWS, so that the ownership of it is clear. Does KDE have
> such an account? Would there be a possibility to create one?

I don't think it should be a problem for e.V. to register the keys. It's the 
right thing to do anyway so in case you would not be longer available/
reachable, we wouldn't completely lose access to the API keys. We already did 
this with API keys for the Google resources.

I suggest you send an email to kde-ev-board at k.o, explain the situation and ask 
the board to create the account or if it is possible, create the account 
yourself (since you know best how to do it and what's needed to set it up 
properly) and then transfer the ownership of it to the board (or just grant 
them admin rights).


Dan


> 
> Regards
> Chris


-- 
Daniel Vrátil
www.dvratil.cz | dvratil at kde.org
IRC: dvratil on Freenode (#kde, #kontact, #akonadi, #fedora-kde)

GPG Key: 0x4D69557AECB13683
Fingerprint: 0ABD FA55 A4E6 BEA9 9A83 EA97 4D69 557A ECB1 3683
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-pim/attachments/20180325/2df615dc/attachment.sig>

More information about the kde-pim mailing list