AquaMail Forum

English - Android => General Discussion => Topic started by: tbessie on March 13, 2018, 04:42:30 am

Title: "The login (OAUTH2) server returned something strange..." ???
Post by: tbessie on March 13, 2018, 04:42:30 am
I'm trying to set up a connection with my work email account; we use Outlook 365.

When I give my email address and password, I get the above message ("The login (OAUTH2) server returned something strange...").

What does this mean? How can I find out what this "strange" something is, and how I can fix it?

- Tim
Title: Re: "The login (OAUTH2) server returned something strange..." ???
Post by: Kostya Vasilyev on March 13, 2018, 08:31:59 pm
The account is at Office 365?

Most likely a bug on our side.

We could investigate if you captured the issue in the app's debug log.

Please see the link below in my signature, then look under "Creating a log if something doesn’t work right". You will need to enable "raw session data".

With the log enabled like this please try to add the account again repeating all the steps up to and including the error message.

Then send the log to support / at / aqua-mail / dot com.

Thanks.
Title: Re: "The login (OAUTH2) server returned something strange..." ???
Post by: ArekG on March 13, 2018, 10:52:12 pm
Hello,

I decided to join this topis, as I have the same problem with my company's Office365 account and MFA.
Kostya, in a minute I will send you log from AquaMail made this evening when I was trying to setup this account. Hope, this willhelp, and soon I will be able to use Aqua Mail again ;)

Thank you for your great job and best regards,
ArekG
Title: Re: "The login (OAUTH2) server returned something strange..." ???
Post by: tbessie on March 14, 2018, 01:41:44 am
The account is at Office 365?

Most likely a bug on our side.

I just sent in the debug log.

It appears this is due to my company requiring I be using a managed device:

Code: [Select]
{"error":"interaction_required","error_description":"AADSTS53000: Your device is required to be managed to access this resource.\r\nTrace ID: a163a5d4-4049-47a9-87dc-c7ff017d4e00\r\nCorrelation ID: e63e108b-3335-4ef0-9e5d-9fce531ece91\r\nTimestamp: 2018-03-13 22:36:25Z","error_codes":[53000],"timestamp":"2018-03-13 22:36:25Z","trace_id":"a163a5d4-4049-47a9-87dc-c7ff017d4e00","correlation_id":"e63e108b-3335-4ef0-9e5d-9fce531ece91","suberror":"additional_action"}
- Tim

Title: Re: "The login (OAUTH2) server returned something strange..." ???
Post by: ArekG on March 14, 2018, 10:33:48 am
I saw that entry in log as well. My device seems to be managed by the company (now I use Outlook for emails), but afaik my company didn't implemented 'app password' policy, so maybe this is the reason, why AquaMail is unable to connect to my account.

Best regards,
Arek
Title: Re: "The login (OAUTH2) server returned something strange..." ???
Post by: Kostya Vasilyev on March 16, 2018, 07:33:05 pm
We'll make sure that this error (or any other "OAUTH2 approval" error) is shown in the error window.

As for what this actually means - sorry no idea. As far as I know, EWS doesn't have the concept of server managed "device security" ("app password" etc.) policies.
Title: Re: "The login (OAUTH2) server returned something strange..." ???
Post by: toma01 on April 13, 2018, 11:20:42 am
Hi! Any updates in this issue?
I have the same problem and my device is fully managed by my company and enrolled in Intune using Company Portal. I can use the built-in mail app in my device and I have full access to all other company resources.

I really would prefer to use AquaMail. Is it possible to investigate further? The MFA works fine during the account set up but then you get an additional dialog box informing me that "Aqua Mail will need to access my mailbox and login as me and read my profile" and when you click "Accept", that is when you get the error message in AguaMail

I'll be happy to send you my Aqua Mail log and screenshots.

-Torbjorn
Title: Re: "The login (OAUTH2) server returned something strange..." ???
Post by: Kostya Vasilyev on April 13, 2018, 10:05:09 pm
Yes please send a log with "raw session data" enabled (and the "something strange" error) to support / at / aqua-mail / dot com - then I'll be able to investigate.
Title: Re: "The login (OAUTH2) server returned something strange..." ???
Post by: grindelsack on April 15, 2018, 08:48:14 pm
I have the same issue and send you the log-file. Hope it helps. If you need additional information just let me know.


/GS
Title: Re: "The login (OAUTH2) server returned something strange..." ???
Post by: toma01 on April 16, 2018, 02:36:39 pm
Hi!
The log file is in your mailbox.  :)
Thanks!
Title: Re: "The login (OAUTH2) server returned something strange..." ???
Post by: lijunle on April 20, 2018, 07:26:06 am
Hi! Any updates in this issue?
I have the same problem and my device is fully managed by my company and enrolled in Intune using Company Portal. I can use the built-in mail app in my device and I have full access to all other company resources.

I really would prefer to use AquaMail. Is it possible to investigate further? The MFA works fine during the account set up but then you get an additional dialog box informing me that "Aqua Mail will need to access my mailbox and login as me and read my profile" and when you click "Accept", that is when you get the error message in AguaMail

I'll be happy to send you my Aqua Mail log and screenshots.

-Torbjorn

I am getting the exactly same issue. Any progress to resolve it?
Title: Re: "The login (OAUTH2) server returned something strange..." ???
Post by: Kostya Vasilyev on April 20, 2018, 07:56:39 pm
lijunle - is your server also InTune managed?

No we don't have a solution or fix yet.

Still investigating and considering our options.

InTune requires additional cooperation from our side.

Microsoft has a library that is supposed to make this easy for us - but I wrote a test app using that library, and it's not able to log in either.

Title: Re: "The login (OAUTH2) server returned something strange..." ???
Post by: Kostya Vasilyev on April 21, 2018, 12:06:28 am
@lijunle

I made a couple of small changes which might help (I hope).

Could you please try this build?

https://www.aqua-mail.com/download/AquaMail-market-1.15.0-912-fix_o365_login-028fd510c496.apk

You can update the app in-place (uninstall / reinstall is not needed).
Title: Re: "The login (OAUTH2) server returned something strange..." ???
Post by: lijunle on April 21, 2018, 05:15:33 am
@Kostya Thank you for the help! Yes, my company needs inline policy. I am sorry to tell you that, the fix dpk does not work.

In the fix, after pass the MFA step, it prompts in a web view that the current app is not registered and there is a REGISTER button below it. After click the REGISTER button, it jumps to the "open in intune app" page. However, the process stops here. Open the online app manually and don't see the register request.

Here is the step when I add my account to Gmail (which is working with intune). After pass the MFA, it jumps to a screen to add Gmail as this Android's administrator (not web view), then it finish the settings and go to email list. However, the first sync will fail and only one email will be downloaded - the email to prompt to register the app into intune. There is a link in that email, click on it will also jump to "open in intune app" page. Click on the link WILL jumps to intune app. Intune will show a warning that Gmail is not finishing register. Click fix and wait a while, intune shows done. Now, sync again in Gmail will sync the full list.

Title: Re: "The login (OAUTH2) server returned something strange..." ???
Post by: screwfox67 on April 21, 2018, 09:25:49 am
I'm getting the same issue. Has there been any headway in resolution ?  Currently I'm having to switch to Edison mail as that works without issue.  But I prefer Aquamail..

Sent from my MI 5 using Tapatalk

Title: Re: "The login (OAUTH2) server returned something strange..." ???
Post by: Kostya Vasilyev on April 21, 2018, 12:34:44 pm
Quote
In the fix, after pass the MFA step, it prompts in a web view that the current app is not registered and there is a REGISTER button below it.

OK, thanks - so there is a change in the "fix" version, it now has the "complete the process in InTune" button which it did't have before. Right?

We've just become aware of InTune a few days ago - basically we'll have to handle this button and redirect you into InTune app and then it will complete the process and redirect back to our setup window.

This isn't something I can just do from the docs - and have asked for a test environment (an Office 365 domain with InTune enabled). Will take some time, sorry.

@screwfox67

Also InTune?

Can you try the custom build above and let us know if you got same exact behavior - a button to "continue in InTune" which does nothing?

Title: Re: "The login (OAUTH2) server returned something strange..." ???
Post by: grindelsack on April 21, 2018, 04:41:42 pm
Hi,

My phone is not managed by intune. Tried your custom build and switcht to MFA. Works like a charm. Thanks.

/GS
Title: Re: "The login (OAUTH2) server returned something strange..." ???
Post by: screwfox67 on April 21, 2018, 06:40:46 pm
Quote
In the fix, after pass the MFA step, it prompts in a web view that the current app is not registered and there is a REGISTER button below it.

OK, thanks - so there is a change in the "fix" version, it now has the "complete the process in InTune" button which it did't have before. Right?

We've just become aware of InTune a few days ago - basically we'll have to handle this button and redirect you into InTune app and then it will complete the process and redirect back to our setup window.

This isn't something I can just do from the docs - and have asked for a test environment (an Office 365 domain with InTune enabled). Will take some time, sorry.

@screwfox67

Also InTune?

Can you try the custom build above and let us know if you got same exact behavior - a button to "continue in InTune" which does nothing?
I get this message now:  looks looks like you're trying to open this resource with an app that hasn't been approved by your IT department. Ask them for a list of approved applications.

The following information might be useful to your administrator:

Access rules set by DXC Production restrict which applications can be used to open this resource

App name: Aqua Mail

App ID: 906be9aa-2843-47e6-a01d-ab9361ca7009

IP address: 86.13.20.234

Device identifier: not available

Device platform: Android

Device state: Unregistered

Signed in as jfox25@csc.com

Correlation ID: 80028645-7d97-48ba-987e-15bca85bcb38

Timestamp: 2018-04-21 15:39:52Z



Sent from my MI 5 using Tapatalk

Title: Re: "The login (OAUTH2) server returned something strange..." ???
Post by: screwfox67 on April 21, 2018, 06:42:44 pm
Quote
In the fix, after pass the MFA step, it prompts in a web view that the current app is not registered and there is a REGISTER button below it.

OK, thanks - so there is a change in the "fix" version, it now has the "complete the process in InTune" button which it did't have before. Right?

We've just become aware of InTune a few days ago - basically we'll have to handle this button and redirect you into InTune app and then it will complete the process and redirect back to our setup window.

This isn't something I can just do from the docs - and have asked for a test environment (an Office 365 domain with InTune enabled). Will take some time, sorry.

@screwfox67

Also InTune?

Can you try the custom build above and let us know if you got same exact behavior - a button to "continue in InTune" which does nothing?
I get this message now:  looks looks like you're trying to open this resource with an app that hasn't been approved by your IT department. Ask them for a list of approved applications.

The following information might be useful to your administrator:

Access rules set by DXC Production restrict which applications can be used to open this resource

App name: Aqua Mail

App ID: 906be9aa-2843-47e6-a01d-ab9361ca7009

IP address: 86.13.20.234

Device identifier: not available

Device platform: Android

Device state: Unregistered

Signed in as jfox25@csc.com

Correlation ID: 80028645-7d97-48ba-987e-15bca85bcb38

Timestamp: 2018-04-21 15:39:52Z



Sent from my MI 5 using Tapatalk
I get to MFA and then receive the above. So I'm wondering if my employer (DXC) have changed something And are restricting web access. (But it works for Edison mail!). 

Sent from my MI 5 using Tapatalk

Title: Re: "The login (OAUTH2) server returned something strange..." ???
Post by: Kostya Vasilyev on April 21, 2018, 11:21:44 pm
@screwfox67

Re: wondering if my employer (DXC) have changed something And are restricting web access

Well it's not "web access", but this from the error message looks ominous:

Quote
Access rules set by DXC Production restrict which applications can be used to open this resource

App name: Aqua Mail

Would it be possible to ask your company's IT Department if they've in fact deliberately blocked Aqua Mail?

Maybe they have a black list (which includes Aqua Mail) or a white list (which does not)?

Title: Re: "The login (OAUTH2) server returned something strange..." ???
Post by: lijunle on April 24, 2018, 04:22:26 am
Hi, @Kostya Vasilyev

May I ask any update on this issue? I really want to have AquaMail instead of other mail app.
Title: Re: "The login (OAUTH2) server returned something strange..." ???
Post by: Kostya Vasilyev on April 24, 2018, 07:20:57 pm
Re: May I ask any update on this issue? I really want to have AquaMail instead of other mail app.

I'm thinking that your case may be different (i.e. not related to InTune) - and that your IT department may have deliberately blocked Aqua Mail specifically. Guess you never asked them about it?
Title: Re: "The login (OAUTH2) server returned something strange..." ???
Post by: lijunle on May 04, 2018, 06:05:21 am
@Kostya Vasilyev, Aqua Mail

I think you are replying to a wrong person. I don't think my company is blocking any specific app.

Today, I check the WPS email app. It does not prompt for the app encryption/registration. Instead, it directly goes to login success page and starts receiving the email. The first email is about intune registration. Click on it to redirect to intune app to complete registration. After registered, go back to the email app, refresh and it starts to download the real mails.

Till now, the email is not the administrator of the phone. It seems like the administrator part that I mentioned before is not really enforced.
Title: Re: "The login (OAUTH2) server returned something strange..." ???
Post by: Kostya Vasilyev on May 04, 2018, 09:13:25 pm
I know that the login procedure when using InTune is different.

I know that InTune takes care of "remote erase" etc. so it's not necessary for each email app to provide that.

We do not support "login through InTune" at this time, no changes yet.

I have asked our Project Manager to provide me with a test environment (purchase an Office 365 subscription, register a couple of accounts, enable InTune requirement) --

-- and *then* I'll be able to work on this. So far it hasn't happened.