Stuck at Interactive Authorisation when connecting to shared mailbox

[patrickmau]

Hi everyone,

I am struggling with configuring the emailproxy for the following use case:

• AWS-hosted CRM system needs to be able to send and receive emails hosted on M365 tenant via SMTP/IMAP
• M365 mailbox is a shared mailbox that AFAIK would require the login details of one of the assigned owners of the mailbox
• default config seems to work, but log stops at Authorisation request received for email@domain.com (interactive mode) which I cannot get past since the proxy runs on a LAMP setup without gui
• Enterprise app is authorised and technically should work

Following config file:

[IMAP-1993]
documentation = *** note: this server will work for both Office 365 and personal Outlook/Hotmail accounts ***
server_address = outlook.office365.com
server_port = 993
local_address = 127.0.0.1
local_certificate_path = /etc/letsencrypt/live/crm.mydomain.com/fullchain.pem
local_key_path = /etc/letsencrypt/live/crm.mydomain.com/privkey.pem

[SMTP-1587]
documentation = *** note: this server will work for both Office 365 and personal Outlook/Hotmail accounts ***
server_address = smtp-mail.outlook.com
server_port = 587
server_starttls = True
local_address = 127.0.0.1
local_certificate_path = /etc/letsencrypt/live/crm.mydomain.com/fullchain.pem
local_key_path = /etc/letsencrypt/live/crm.mydomain.com/privkey.pem


[email@mydomain.com]
permission_url = https://login.microsoftonline.com/common/oauth2/v2.0/authorize
token_url = https://login.microsoftonline.com/common/oauth2/v2.0/token
oauth2_scope = https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send offline_access
redirect_uri = https://localhost
client_id = supersecretidnumber
client_secret = evenmoresecretsecret

Log output:

2025-11-30 16:04:07: Accepting new connection from 127.0.0.1:43808 to IMAP server at 127.0.0.1:1993 (SSL/TLS) proxying outlook.office365.com:993 (SSL/TLS)
2025-11-30 16:04:07: Authorisation request received for email@mydomain.com (interactive mode)
2025-11-30 16:08:09: Authorisation result error for account email@mydomain.com - aborting login. Authorisation request timed out

I granted admin consent for the enterprise app to all users, but still no dice here. How do I get past the Authorisation request received for email@mydomain.com (interactive mode) error?

Thanks a lot!

Originally posted by @patrickmau in #394

[patrickmau]

Update:
Turns out the interactive authentication challenge can be completed by opening the below link with the app-id inserted in the URL.

https://login.microsoftonline.com/f8619749-52d5-4a1e-afc2-8b8cc913bbb5/adminconsent?client_id={{{APP_ID}}}

Interestingly, after the challenge is completed and authorised, I do not see any logs for this particular email address anymore, yet am not getting any IMAP/SMTP traffic either. Are the logs not supposed to show successful connections? How can I debug this further?