starred/cypht

Fork 0

mirror of https://github.com/cypht-org/cypht.git synced 2026-04-25 04:56:03 +03:00

[GH-ISSUE #1846] 🚀 [Feature] Feature Request: Add Pre-Configured OAuth2 Support for Outlook.com/Hotmail (Like Thunderbird Does) #723

New issue

Open

opened 2026-02-25 21:35:45 +03:00 by kerem · 3 comments

kerem commented

2026-02-25 21:35:45 +03:00

Owner

Originally created by @photoevents on GitHub (Jan 27, 2026).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/1846

Originally assigned to: @christer77 on GitHub.

Problem Statement

Currently, Cypht requires users to create their own Azure App Registration to use OAuth2 with Outlook.com/Hotmail accounts. However, personal Microsoft accounts (hotmail.com, outlook.com) cannot create Azure App Registrations - this functionality is only available to organizational/work accounts.

This creates an impossible situation:

Microsoft deprecated basic authentication and app passwords for personal accounts (as of September 2024)
Users with personal Hotmail/Outlook accounts cannot add them to Cypht
The only workaround is creating an Azure subscription (requires credit card) just to get a tenant

This affects millions of potential Cypht users with personal Microsoft accounts.

How Thunderbird Solved This

Mozilla Thunderbird successfully implements OAuth2 for Microsoft accounts by pre-registering an Azure application on behalf of all users:

Thunderbird's Implementation:

Client ID: 9e5f94bc-e8a4-4e73-b8be-63364c29d753
Client Secret: Hardcoded in Thunderbird source code
Redirect URI: http://localhost
Registration: Multi-tenant Azure AD application registered by Mozilla (organizational account)
Status: Publisher-verified by Microsoft

How it works:

User selects OAuth2 authentication in Thunderbird
Thunderbird uses its pre-configured credentials automatically
User authenticates via Microsoft's standard OAuth2 flow
No user-side Azure configuration required
Works for both personal and organizational Microsoft accounts

Source references:

Thunderbird Blog: https://blog.thunderbird.net/2023/01/important-message-for-microsoft-office-365-enterprise-users/
Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1528136
OAuth2Providers.jsm: https://searchfox.org/comm-central/source/mailnews/base/util/OAuth2Providers.jsm

Proposed Solution for Cypht

Register a multi-tenant Azure AD application for Cypht:

Create Azure App Registration (requires Cypht organization account):
- Application type: Web / Mobile and desktop
- Multi-tenant: "Accounts in any organizational directory and personal Microsoft accounts"
- Redirect URI: https://{user-domain}/?page=home (configurable)
- Required API permissions:
  - Mail.Read
  - Mail.ReadWrite
  - Mail.Send
  - User.Read
  - offline_access
  - IMAP.AccessAsUser.All
  - SMTP.Send
Hardcode credentials in Cypht:
- Store Client ID and Secret in Cypht's OAuth2 configuration
- Similar to existing Gmail OAuth2 implementation
- Add to config/oauth2.php
Update UI:
- Add "Outlook.com" as pre-configured provider option (like Gmail)
- When selected, use Cypht's registered credentials automatically
- Only require user's email address and password

Implementation Reference

Cypht already has the infrastructure for this in config/oauth2.php:

'outlook_com' => [
    'client_id'      => env('OUTLOOK_CLIENT_ID', ''),
    'client_secret'  => env('OUTLOOK_CLIENT_SECRET', ''),
    'client_uri'     => env('OUTLOOK_CLIENT_URI', 'http://localhost/?page=home'),
    // ...
]

Changes needed:

Register Cypht's own Azure app
Add default credentials (not empty strings)
Update UI to offer "Outlook.com" as automatic option

Benefits

✅ Removes major barrier for millions of Hotmail/Outlook.com users
✅ Matches competitor functionality (Thunderbird, EM Client, etc.)
✅ No breaking changes - existing manual OAuth2 setup still works
✅ Better user experience - one-click setup like Gmail
✅ Future-proof - Microsoft won't bring back basic auth

Alternative Considered

Why "just use app passwords" doesn't work:

Microsoft is phasing out app passwords for personal accounts
OAuth2 is more secure and Microsoft's recommended approach
Many users report app passwords no longer working as of 2024

Similar Implementations

Other email clients that use pre-registered credentials:

Thunderbird - Client ID: 9e5f94bc-e8a4-4e73-b8be-63364c29d753
EM Client - Has own registered application
Mailspring - Pre-configured OAuth2
Evolution - Pre-configured OAuth2

User Impact

Current workaround requires users to:

Create Azure free subscription (credit card required)
Navigate complex Azure Portal
Configure app registration
Set up permissions
Copy credentials to Cypht

With this feature:

Click "Add Outlook.com account"
Enter email address
Authenticate via Microsoft
Done ✅

Questions for Maintainers

Would Cypht project be willing to register and maintain an Azure application?
Are there concerns about rate limits or costs with shared credentials?
Should this be Docker-specific or available for all installations?

Related:

Personal Microsoft accounts cannot create Azure App Registrations
Microsoft deprecated basic authentication (September 2024)
Competitive disadvantage vs Thunderbird and other modern email clients

Originally created by @photoevents on GitHub (Jan 27, 2026). Original GitHub issue: https://github.com/cypht-org/cypht/issues/1846 Originally assigned to: @christer77 on GitHub. ### Problem Statement Currently, Cypht requires users to create their own Azure App Registration to use OAuth2 with Outlook.com/Hotmail accounts. However, **personal Microsoft accounts (hotmail.com, outlook.com) cannot create Azure App Registrations** - this functionality is only available to organizational/work accounts. This creates an impossible situation: - Microsoft deprecated basic authentication and app passwords for personal accounts (as of September 2024) - Users with personal Hotmail/Outlook accounts cannot add them to Cypht - The only workaround is creating an Azure subscription (requires credit card) just to get a tenant **This affects millions of potential Cypht users with personal Microsoft accounts.** ### How Thunderbird Solved This Mozilla Thunderbird successfully implements OAuth2 for Microsoft accounts by **pre-registering an Azure application on behalf of all users**: **Thunderbird's Implementation:** - **Client ID:** `9e5f94bc-e8a4-4e73-b8be-63364c29d753` - **Client Secret:** Hardcoded in Thunderbird source code - **Redirect URI:** `http://localhost` - **Registration:** Multi-tenant Azure AD application registered by Mozilla (organizational account) - **Status:** Publisher-verified by Microsoft **How it works:** 1. User selects OAuth2 authentication in Thunderbird 2. Thunderbird uses its pre-configured credentials automatically 3. User authenticates via Microsoft's standard OAuth2 flow 4. No user-side Azure configuration required 5. Works for both personal and organizational Microsoft accounts **Source references:** - Thunderbird Blog: https://blog.thunderbird.net/2023/01/important-message-for-microsoft-office-365-enterprise-users/ - Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1528136 - OAuth2Providers.jsm: https://searchfox.org/comm-central/source/mailnews/base/util/OAuth2Providers.jsm ### Proposed Solution for Cypht **Register a multi-tenant Azure AD application for Cypht:** 1. **Create Azure App Registration** (requires Cypht organization account): - Application type: Web / Mobile and desktop - Multi-tenant: "Accounts in any organizational directory and personal Microsoft accounts" - Redirect URI: `https://{user-domain}/?page=home` (configurable) - Required API permissions: - `Mail.Read` - `Mail.ReadWrite` - `Mail.Send` - `User.Read` - `offline_access` - `IMAP.AccessAsUser.All` - `SMTP.Send` 2. **Hardcode credentials in Cypht**: - Store Client ID and Secret in Cypht's OAuth2 configuration - Similar to existing Gmail OAuth2 implementation - Add to `config/oauth2.php` 3. **Update UI**: - Add "Outlook.com" as pre-configured provider option (like Gmail) - When selected, use Cypht's registered credentials automatically - Only require user's email address and password ### Implementation Reference Cypht already has the infrastructure for this in `config/oauth2.php`: ```php 'outlook_com' => [ 'client_id' => env('OUTLOOK_CLIENT_ID', ''), 'client_secret' => env('OUTLOOK_CLIENT_SECRET', ''), 'client_uri' => env('OUTLOOK_CLIENT_URI', 'http://localhost/?page=home'), // ... ] ``` **Changes needed:** 1. Register Cypht's own Azure app 2. Add default credentials (not empty strings) 3. Update UI to offer "Outlook.com" as automatic option ### Benefits ✅ Removes major barrier for millions of Hotmail/Outlook.com users ✅ Matches competitor functionality (Thunderbird, EM Client, etc.) ✅ No breaking changes - existing manual OAuth2 setup still works ✅ Better user experience - one-click setup like Gmail ✅ Future-proof - Microsoft won't bring back basic auth ### Alternative Considered **Why "just use app passwords" doesn't work:** - Microsoft is phasing out app passwords for personal accounts - OAuth2 is more secure and Microsoft's recommended approach - Many users report app passwords no longer working as of 2024 ### Similar Implementations Other email clients that use pre-registered credentials: - **Thunderbird** - Client ID: `9e5f94bc-e8a4-4e73-b8be-63364c29d753` - **EM Client** - Has own registered application - **Mailspring** - Pre-configured OAuth2 - **Evolution** - Pre-configured OAuth2 ### User Impact **Current workaround requires users to:** 1. Create Azure free subscription (credit card required) 2. Navigate complex Azure Portal 3. Configure app registration 4. Set up permissions 5. Copy credentials to Cypht **With this feature:** 1. Click "Add Outlook.com account" 2. Enter email address 3. Authenticate via Microsoft 4. Done ✅ ### Questions for Maintainers 1. Would Cypht project be willing to register and maintain an Azure application? 2. Are there concerns about rate limits or costs with shared credentials? 3. Should this be Docker-specific or available for all installations? --- **Related:** - Personal Microsoft accounts cannot create Azure App Registrations - Microsoft deprecated basic authentication (September 2024) - Competitive disadvantage vs Thunderbird and other modern email clients

kerem added the

feature

label

2026-02-25 21:35:45 +03:00

kerem commented

2026-02-25 21:35:46 +03:00

Author

Owner

@IrAlfred commented on GitHub (Jan 29, 2026):

Thank you @photoevents for this feature request. We will take that into account.

@IrAlfred commented on GitHub (Jan 29, 2026): Thank you @photoevents for this feature request. We will take that into account.

kerem commented

2026-02-25 21:35:46 +03:00

Author

Owner

@marclaporte commented on GitHub (Feb 1, 2026):

Thank you @photoevents for this very elaborate research.

@marclaporte commented on GitHub (Feb 1, 2026): Thank you @photoevents for this very elaborate research.

kerem commented

2026-02-25 21:35:46 +03:00

Author

Owner

@marclaporte commented on GitHub (Feb 1, 2026):

@photoevents This topic would be a great discussion for an upcoming https://github.com/cypht-org/cypht/wiki/Monthly-Community-Meetings

Can you join us?

@marclaporte commented on GitHub (Feb 1, 2026): @photoevents This topic would be a great discussion for an upcoming https://github.com/cypht-org/cypht/wiki/Monthly-Community-Meetings Can you join us?