Consider using the OAuth 2.0 device flow
Closed this issue · 2 comments
I'm having problems authorizing access to my Microsoft account, it seems to be that the web server isn't being initialized to handle the exchange of the temporary code for the access / refresh token.
I wonder if it would be better to use the OAuth device flow instead, which will negate the need to run a web server.
There are some details on this here: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code#authenticating-the-user
I did some tests myself using a separate AAD application, and I was able to complete the device flow and use the resulting access and refresh token in the workflow.
Happy to take a PR if you want to dive in and refactor that component - I wasn't planning on adapting the api side until MSFT decides what they are doing with Outlook Tasks/To Do/Microsoft Graph et al as it is still a moving beast there. Interestingly, the native ToDo app uses different endpoints (substrate.office.com) for auth and task retrieval, including the ability to add things to My Day, set folder hierarchy etc which isn't supported in the other endpoints. I played around with some network sniffing but I haven't figured out a way to get auth there working :(
Refactored to use MSAL in release 0.2.0