starred/cypht
1
0
Fork 0
mirror of https://github.com/cypht-org/cypht.git synced 2026-04-25 04:56:03 +03:00
Code Issues 137 Projects Releases Packages Wiki Activity

[GH-ISSUE #1463] 🐛 [Bug] Outlook oauth account invalid redirect url query #663

New issue
Open
opened 2026-02-25 21:35:37 +03:00 by kerem · 11 comments
kerem commented 2026-02-25 21:35:37 +03:00
Owner
Copy link

Originally created by @WEGIII on GitHub (Mar 5, 2025).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/1463

Originally assigned to: @christer77, @Baraka24 on GitHub.

🐛 Bug

The redirect variable "http://localhost/?page=home" is not accepted in certain Azure app configs.
The Azure app redirect URL is not allowed to have a query in it unless the app is only for work or school accounts. See here: https://learn.microsoft.com/en-us/entra/identity-platform/reply-url.

I was able to complete the oauth GMAIL app setup as they took the queried redirect URL. I did modify the redirect URL to match my domain.

If I am misunderstanding this or there is a known fix, please advise. Thanks!

Version & Environment

Rev: cypht/cypht:2.4.0

OS: Docker Install

Originally created by @WEGIII on GitHub (Mar 5, 2025). Original GitHub issue: https://github.com/cypht-org/cypht/issues/1463 Originally assigned to: @christer77, @Baraka24 on GitHub. <!-- You can find the latest issue templates here https://github.com/ulfgebhardt/issue-templates --> ## 🐛 Bug <!-- Describe your issue in detail. Include screenshots if needed. Give us as much information as possible. Use a clear and concise description of what the bug is.--> The redirect variable "http://localhost/?page=home" is not accepted in certain Azure app configs. The Azure app redirect URL is not allowed to have a query in it unless the app is only for work or school accounts. See here: https://learn.microsoft.com/en-us/entra/identity-platform/reply-url. I was able to complete the oauth GMAIL app setup as they took the queried redirect URL. I did modify the redirect URL to match my domain. If I am misunderstanding this or there is a known fix, please advise. Thanks! ### Version & Environment <!-- Paste Git-Commit ID or Tag-Name here --> Rev: cypht/cypht:2.4.0 <!-- Specify your OS and OS Version here if the issue is (most likely) platform dependent. --> OS: Docker Install
kerem commented 2026-02-25 21:35:37 +03:00
Author
Owner
Copy link

@christer77 commented on GitHub (Mar 13, 2025):

Hello @WEGIII ,

Thank you for this issue.

which messaging service are you trying with?
Gmail or Outlook or Office365 or..?

<!-- gh-comment-id:2721093836 --> @christer77 commented on GitHub (Mar 13, 2025): Hello @WEGIII , Thank you for this issue. which messaging service are you trying with? Gmail or Outlook or Office365 or..?
kerem commented 2026-02-25 21:35:37 +03:00
Author
Owner
Copy link

@christer77 commented on GitHub (Mar 13, 2025):

If is outlook oauth
set your client_id, client_secret and redirect_url(client_uri)
#aoutlook
OUTLOOK_CLIENT_ID=your client_id
OUTLOOK_CLIENT_SECRET=your client_secret
OUTLOOK_CLIENT_URI=http://localhost:8800/
OUTLOOK_AUTH_URI=https://login.live.com/oauth20_authorize.srf
OUTLOOK_TOKEN_URI=https://login.live.com/oauth20_token.srf
OUTLOOK_REFRESH_URI=https://login.live.com/oauth20_token.srf

<!-- gh-comment-id:2721115924 --> @christer77 commented on GitHub (Mar 13, 2025): If is outlook oauth set your client_id, client_secret and redirect_url(client_uri) #aoutlook OUTLOOK_CLIENT_ID=your client_id OUTLOOK_CLIENT_SECRET=your client_secret OUTLOOK_CLIENT_URI=http://localhost:8800/ OUTLOOK_AUTH_URI=https://login.live.com/oauth20_authorize.srf OUTLOOK_TOKEN_URI=https://login.live.com/oauth20_token.srf OUTLOOK_REFRESH_URI=https://login.live.com/oauth20_token.srf
kerem commented 2026-02-25 21:35:37 +03:00
Author
Owner
Copy link

@WEGIII commented on GitHub (Mar 13, 2025):

Outlook.com

It seems using the port made some type of progress, but is still not working. MS Azure accepted the port as part of the redirect URI.

When trying to add the email account via outlook using OUTLOOK_CLIENT_URI=http://localhost:8800/ connection is refused.
When trying to add the email account via outlook using OUTLOOK_CLIENT_URI=https://DOMAIN:8800/ connection times out.

Unfortunately, no errors in the container log, any ideas?

<!-- gh-comment-id:2721495652 --> @WEGIII commented on GitHub (Mar 13, 2025): Outlook.com It seems using the port made some type of progress, but is still not working. MS Azure accepted the port as part of the redirect URI. When trying to add the email account via outlook using OUTLOOK_CLIENT_URI=http://localhost:8800/ connection is refused. When trying to add the email account via outlook using OUTLOOK_CLIENT_URI=https://DOMAIN:8800/ connection times out. Unfortunately, no errors in the container log, any ideas?
kerem commented 2026-02-25 21:35:37 +03:00
Author
Owner
Copy link

@christer77 commented on GitHub (Mar 13, 2025):

Outlook.com

It seems using the port made some type of progress, but is still not working. MS Azure accepted the port as part of the redirect URI.

When trying to add the email account via outlook using OUTLOOK_CLIENT_URI=http://localhost:8800/ connection is refused. When trying to add the email account via outlook using OUTLOOK_CLIENT_URI=https://DOMAIN:8800/ connection times out.

Unfortunately, no errors in the container log, any ideas?

Use of the port? No, that's my way of accessing the CYPTH application in localhost. If your URL doesn't require the port to access it, you won't need to populate the port.

<!-- gh-comment-id:2721553046 --> @christer77 commented on GitHub (Mar 13, 2025): > Outlook.com > > It seems using the port made some type of progress, but is still not working. MS Azure accepted the port as part of the redirect URI. > > When trying to add the email account via outlook using OUTLOOK_CLIENT_URI=http://localhost:8800/ connection is refused. When trying to add the email account via outlook using OUTLOOK_CLIENT_URI=https://DOMAIN:8800/ connection times out. > > Unfortunately, no errors in the container log, any ideas? Use of the port? No, that's my way of accessing the CYPTH application in localhost. If your URL doesn't require the port to access it, you won't need to populate the port.
kerem commented 2026-02-25 21:35:37 +03:00
Author
Owner
Copy link

@WEGIII commented on GitHub (Mar 13, 2025):

I am able to access the application via domain or localhost. The concern is while trying to add the oauth redirect URI to the Azure app. In the screenshot below, Azure, this is where the redirect variable "http://localhost/?page=home" is not accepted due to it being a query string.

Image

<!-- gh-comment-id:2721604234 --> @WEGIII commented on GitHub (Mar 13, 2025): I am able to access the application via domain or localhost. The concern is while trying to add the oauth redirect URI to the Azure app. In the screenshot below, Azure, this is where the redirect variable "http://localhost/?page=home" is not accepted due to it being a query string. ![Image](https://github.com/user-attachments/assets/a80b6352-0495-4889-819b-5eba762c48b2)
kerem commented 2026-02-25 21:35:37 +03:00
Author
Owner
Copy link

@christer77 commented on GitHub (Jun 24, 2025):

Hello @WEGIII

Can you test this

<!-- gh-comment-id:2999732056 --> @christer77 commented on GitHub (Jun 24, 2025): Hello @WEGIII Can you test [this](https://www.cypht.org/cypht-enable-outlook-and-office365-oauth/)
kerem commented 2026-02-25 21:35:37 +03:00
Author
Owner
Copy link

@Huiaei commented on GitHub (Aug 19, 2025):

1. App Password Login Issue

  • Authentication failed when attempting to log in via IMAP/SMTP protocol using an app password.

2. OAuth 2.0 Authentication Issues

Refer to the Cypht documentation (OAuth) and environment variable configuration methods for setup.

2.1. Initial Attempt and Error

  • During the first attempt at OAuth authorization redirection, the redirect_uri parameter in the link used was https://localhost/?page=home.
  • The following error message was received: invalid_request: The provided value for the input parameter 'redirect_uri' is not valid. The expected value is a URI which matches a redirect URI registered for this client application. (The redirect URI does not match what is registered for this client application.)

2.2. Azure AD Redirect URI Configuration Restriction

  • When configuring the redirect URI in the Azure portal, it was found that the URL does not allow query strings (e.g., ?page=home).

2.3. Successful Redirection in Local Environment

  • After removing the query string and changing the redirect_uri to https://localhost, the OAuth authorization process successfully redirected back.
  • The successfully returned URL was: https://localhost/?code=xxxxxxxxxxxxx&state=nux_authorization, indicating that the authorization code was received.

2.4. Error After Switching to Production Domain

  • Replacing localhost with the actual domain aaa.com in the successful link, i.e., https://aaa.com/?code=xxxxxxxxxxxxx&state=nux_authorization, resulted in an "An Error Occurred" message on the page.
  • Even attempting to revert the redirect_uri to https://aaa.com/?page=home (despite Azure AD not supporting query strings) also displayed "An Error Occurred".

Additional Note: Outlook SMTP Server Configuration

  • When configuring an Outlook mailbox, Cypht automatically populates the SMTP server address as smtp.office365.com.
  • According to official Microsoft documentation, the actual SMTP server for Outlook.com mailboxes should be smtp-mail.outlook.com.
  • Reference link: POP, IMAP, and SMTP settings for Outlook.com
  • It might be possible to manually enter the code and state values obtained from the localhost redirection (as described in 2.3) directly into Cypht to complete the authorization.
  • The Azure AD method appears overly cumbersome, especially since each Outlook account would require the creation of a separate application ID and secret, which is impractical for users with multiple accounts.

Thanks to Gemini for the translation and text reformatting, making it easier to understand.

<!-- gh-comment-id:3199262302 --> @Huiaei commented on GitHub (Aug 19, 2025): **1. App Password Login Issue** * Authentication failed when attempting to log in via IMAP/SMTP protocol using an app password. **2. OAuth 2.0 Authentication Issues** Refer to the [Cypht documentation (OAuth)](https://www.cypht.org/cypht-enable-outlook-and-office365-oauth/) and environment variable configuration methods for setup. **2.1. Initial Attempt and Error** * During the first attempt at OAuth authorization redirection, the `redirect_uri` parameter in the link used was `https://localhost/?page=home`. * The following error message was received: `invalid_request: The provided value for the input parameter 'redirect_uri' is not valid. The expected value is a URI which matches a redirect URI registered for this client application.` (The redirect URI does not match what is registered for this client application.) **2.2. Azure AD Redirect URI Configuration Restriction** * When configuring the redirect URI in the Azure portal, it was found that the URL does not allow query strings (e.g., `?page=home`). **2.3. Successful Redirection in Local Environment** * After removing the query string and changing the `redirect_uri` to `https://localhost`, the OAuth authorization process successfully redirected back. * The successfully returned URL was: `https://localhost/?code=xxxxxxxxxxxxx&state=nux_authorization`, indicating that the authorization code was received. **2.4. Error After Switching to Production Domain** * Replacing `localhost` with the actual domain `aaa.com` in the successful link, i.e., `https://aaa.com/?code=xxxxxxxxxxxxx&state=nux_authorization`, resulted in an "An Error Occurred" message on the page. * Even attempting to revert the `redirect_uri` to `https://aaa.com/?page=home` (despite Azure AD not supporting query strings) also displayed "An Error Occurred". **Additional Note: Outlook SMTP Server Configuration** * When configuring an Outlook mailbox, Cypht automatically populates the SMTP server address as `smtp.office365.com`. * According to official Microsoft documentation, the actual SMTP server for Outlook.com mailboxes should be `smtp-mail.outlook.com`. * Reference link: [POP, IMAP, and SMTP settings for Outlook.com](https://support.microsoft.com/en-us/office/pop-imap-and-smtp-settings-for-outlook-com-d088b986-291d-42b8-9564-9c414e2aa040) * It might be possible to manually enter the code and state values obtained from the localhost redirection (as described in 2.3) directly into Cypht to complete the authorization. * The Azure AD method appears overly cumbersome, especially since each Outlook account would require the creation of a separate application ID and secret, which is impractical for users with multiple accounts. --- Thanks to Gemini for the translation and text reformatting, making it easier to understand.
kerem commented 2026-02-25 21:35:37 +03:00
Author
Owner
Copy link

@Huiaei commented on GitHub (Aug 19, 2025):

After reconfiguring from scratch, everything is now working correctly.

The deployment still follows the documentation to obtain the client_id and client_secret. The key steps involve modifying the redirect_url (i.e., client_uri) and the corresponding environment variables, and then adding the Outlook accounts.

Environment variable configuration is crucial:

OUTLOOK_CLIENT_ID=your_client_id
OUTLOOK_CLIENT_SECRET=your_client_secret
OUTLOOK_CLIENT_URI=your_web_link

Please note that OUTLOOK_CLIENT_URI and redirect_url must be set to the domain you use to access the Cypht service. For example, if you access your service via https://aaa.com, then both should be set to https://aaa.com.

Furthermore, different Outlook accounts can share the same client_id and client_secret, meaning there's no need to repeatedly configure and generate them for each account.

<!-- gh-comment-id:3199648064 --> @Huiaei commented on GitHub (Aug 19, 2025): After reconfiguring from scratch, everything is now working correctly. The deployment still follows the [documentation](https://www.cypht.org/cypht-enable-outlook-and-office365-oauth/) to obtain the `client_id` and `client_secret`. The key steps involve modifying the `redirect_url` (i.e., `client_uri`) and the corresponding environment variables, and then adding the Outlook accounts. **Environment variable configuration is crucial:** ``` OUTLOOK_CLIENT_ID=your_client_id OUTLOOK_CLIENT_SECRET=your_client_secret OUTLOOK_CLIENT_URI=your_web_link ``` Please note that `OUTLOOK_CLIENT_URI` and `redirect_url` must be set to the domain you use to access the Cypht service. For example, if you access your service via `https://aaa.com`, then both should be set to `https://aaa.com`. Furthermore, different Outlook accounts can share the same `client_id` and `client_secret`, meaning there's no need to repeatedly configure and generate them for each account.
kerem commented 2026-02-25 21:35:37 +03:00
Author
Owner
Copy link

@Huiaei commented on GitHub (Aug 19, 2025):

The Outlook SMTP authentication issue persists. Test results show either "Failed to authenticate to the SMTP server" or "Connected, but failed to authenticate to the SMTP server." Additionally, attempts to edit the relevant settings result in a save failure with the error "Authentication failed."

<!-- gh-comment-id:3199693192 --> @Huiaei commented on GitHub (Aug 19, 2025): The Outlook SMTP authentication issue persists. Test results show either "Failed to authenticate to the SMTP server" or "Connected, but failed to authenticate to the SMTP server." Additionally, attempts to edit the relevant settings result in a save failure with the error "Authentication failed."
kerem commented 2026-02-25 21:35:37 +03:00
Author
Owner
Copy link

@christer77 commented on GitHub (Aug 20, 2025):

The Outlook SMTP authentication issue persists. Test results show either "Failed to authenticate to the SMTP server" or "Connected, but failed to authenticate to the SMTP server." Additionally, attempts to edit the relevant settings result in a save failure with the error "Authentication failed."

Thank you @Huiaei for your feedback.

I am trying to reproduce your issue by reinstalling my entire environment.

I will get back to you shortly.

<!-- gh-comment-id:3205131934 --> @christer77 commented on GitHub (Aug 20, 2025): > The Outlook SMTP authentication issue persists. Test results show either "Failed to authenticate to the SMTP server" or "Connected, but failed to authenticate to the SMTP server." Additionally, attempts to edit the relevant settings result in a save failure with the error "Authentication failed." Thank you @Huiaei for your feedback. I am trying to reproduce your issue by reinstalling my entire environment. I will get back to you shortly.
kerem commented 2026-02-25 21:35:37 +03:00
Author
Owner
Copy link

@marclaporte commented on GitHub (Jan 28, 2026):

Related: https://github.com/cypht-org/cypht/issues/1846

<!-- gh-comment-id:3814373957 --> @marclaporte commented on GitHub (Jan 28, 2026): Related: https://github.com/cypht-org/cypht/issues/1846
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
2.x
mta-sts-implementation
feat-compose-backspace-delete-recipients
release-2.5.1
add-tls3-support
1.4.x
enforce-coverage
release-2.4.2
strip_dns_prefetch_tags
fix_nightly_build
pr-title-validation-update
review-sent-email
revert-1339-fixed-tags-display
revert-1061-rem-cram-md5
sys-messages-revamp
revert-685-fixed-str-pos-warning-when-no-to
revert-590-empty-settings
release-1.3.0
revert-471-draft-add-warning
revert-454-feature/server-list-by-uniqid
php7.4-support
release-1.2.0
remove-mobile-media-queries
release-1.1.0
release-1.0.0
v2.7.0
v2.6.0
v2.5.1
v2.5.0
v1.4.7
v2.4.2
v2.4.1
v1.4.6
v1.4.5
v2.4.0
v2.3.0
v2.2.0
v1.4.4
v2.1.0
v2.0.1
v1.4.3
v2.0.0
v1.4.2
v1.4.1
v1.4.0
v1.3.0
v1.3.0-rc3
v1.3.0-rc2
v1.3.0-rc1
v1.1.0
v1.1.0-rc4
v1.1.0-rc3
v1.1.0-rc2
v1.1.0-rc1
v1.0.0
v1.0.0-rc8
v1.0.0-rc7
v1.0.0-rc6
v1.0.0-rc5
v1.0.0-rc4
v1.0.0-rc3
v1.0.0-rc2
v1.0.0-rc1
Labels
Clear labels   
2fa

   
I18N

   
PGP

   
Security

   
Security

   
account

   
advanced_search

   
advanced_search

   
announcement

   
api_login

   
authentication

   
awaiting feedback

   
blocker

   
bug

   
bug

   
bug

   
calendar

   
config

   
contacts

   
core

   
core

   
devops

   
docker

   
docs

   
duplicate

   
dynamic_login

   
enhancement

   
epic

   
feature

   
feeds

   
framework

   
github

   
github

   
gmail_contacts

   
good first issue

   
help wanted

   
history

   
history

   
imap

   
imap_folders

   
inline_message

   
installation

   
keyboard_shortcuts

   
keyboard_shortcuts

   
ldap_contacts

   
mobile

   
need-ssh-access

   
new module set

   
nux

   
pop3

   
profiles

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
refactor

   
release

   
research

   
saved_searches

   
smtp

   
strategic

   
tags

   
tests

   
themes

   
website

   
wordpress
No labels
2fa
I18N
PGP
Security
Security
account
advanced_search
advanced_search
announcement
api_login
authentication
awaiting feedback
blocker
bug
bug
bug
calendar
config
contacts
core
core
devops
docker
docs
duplicate
dynamic_login
enhancement
epic
feature
feeds
framework
github
github
gmail_contacts
good first issue
help wanted
history
history
imap
imap_folders
inline_message
installation
keyboard_shortcuts
keyboard_shortcuts
ldap_contacts
mobile
need-ssh-access
new module set
nux
pop3
profiles
pull-request
question
refactor
release
research
saved_searches
smtp
strategic
tags
tests
themes
website
wordpress
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/cypht#663
No description provided.