Thank you, yes this worked
More on this bug... I believe the issue is ADFS with Windows Integrated Authentication enabled.
ADFS WIA is enabled by matching User Agent strings. It allows Single Sign On for domain joined workstations but is only supported by Chrome, Firefox, IE and Edge ... basically all browsers, as long as they are up to date (and domain joined). Obviously my phone isn't domain joined.
Our corporate ADFS system matches the following User Agent strings:
Chrome
Firefox
MSIE 6.0
MSIE 7.0
MSIE 8.0
..etc
The problem is that AquaMail's useragent includes "Chrome". Even when you tap manual and type another User Agent, it only extends the current UserAgent, instead of replacing it, therefore still gets matched as a WIA capable device.
Normally, a non-WIA capable or non-domain joined device falls back to Basic authentication, but in this case AquaMail b0rks and shows a blank white page.
Fortunately we use ADFS 3.0 which supports regular expressions for user agent matching for WIA, therefore I am going to adjust the Firefox and Chrome entries to include "Windows", therefore should fix this for me.
Edit: It seems regex is only supported with ADFS 2016, which we don't use, so for now I'll continue to use the "Exchange" type mailbox.
Edit2: I have worked around this by removing matches for "Chrome" and "Firefox" and instead matching "Mozilla/5.0 (Windows". This means Mozilla/5.0 (Android.... doesn't match, and now AquaMail works with OAUTH2 and our ADFS.