O365: Microsoft changed https://login.microsoftonline.com/common/oauth2/nativeclient to redirect to /common/wrongplace, use https://localhost/common/oauth2/nativeclient instead

mguessan · mguessan · commit b4615299c486 · 2026-01-24T09:48:26.000Z
git-svn-id: https://svn.code.sf.net/p/davmail/code/trunk@3946 3d1905a2-6b24-0410-a738-b14d5a86fcbd
diff --git a/src/etc/davmail.properties b/src/etc/davmail.properties
@@ -39,7 +39,7 @@ davmail.smtpPort=1025
 
 # Enable to override default DavMail Oauth configuration
 #davmail.oauth.clientId=facd6cff-a294-4415-b59f-c5b01937d7bd
-#davmail.oauth.redirectUri=https://login.microsoftonline.com/common/oauth2/nativeclient
+#davmail.oauth.redirectUri=https://localhost/common/oauth2/nativeclient
 #davmail.oauth.tenantId=common
 
 # On windows with SWT Webview2 embedded browser, allow using primary account single sign on
diff --git a/src/java/davmail/exchange/auth/O365Authenticator.java b/src/java/davmail/exchange/auth/O365Authenticator.java
@@ -150,7 +150,7 @@ public void authenticate() throws IOException {
         // common DavMail client id
         String clientId = Settings.getProperty("davmail.oauth.clientId", "facd6cff-a294-4415-b59f-c5b01937d7bd");
         // standard native app redirectUri
-        String redirectUri = Settings.getProperty("davmail.oauth.redirectUri", Settings.getO365LoginUrl() + "/common/oauth2/nativeclient");
+        String redirectUri = Settings.getProperty("davmail.oauth.redirectUri", "https://localhost/common/oauth2/nativeclient");
         // company tenantId or common
         tenantId = Settings.getProperty("davmail.oauth.tenantId", "common");
 
diff --git a/src/java/davmail/exchange/auth/O365InteractiveAuthenticator.java b/src/java/davmail/exchange/auth/O365InteractiveAuthenticator.java
@@ -102,7 +102,7 @@ public void authenticate() throws IOException {
         // common DavMail client id
         final String clientId = Settings.getProperty("davmail.oauth.clientId", "facd6cff-a294-4415-b59f-c5b01937d7bd");
         // standard native app redirectUri
-        final String redirectUri = Settings.getProperty("davmail.oauth.redirectUri", Settings.getO365LoginUrl() + "/common/oauth2/nativeclient");
+        final String redirectUri = Settings.getProperty("davmail.oauth.redirectUri", "https://localhost/common/oauth2/nativeclient");
         // company tenantId or common
         String tenantId = Settings.getProperty("davmail.oauth.tenantId", "common");
 
diff --git a/src/java/davmail/exchange/auth/O365ManualAuthenticator.java b/src/java/davmail/exchange/auth/O365ManualAuthenticator.java
@@ -88,7 +88,7 @@ public void authenticate() throws IOException {
         // common DavMail client id
         final String clientId = Settings.getProperty("davmail.oauth.clientId", "facd6cff-a294-4415-b59f-c5b01937d7bd");
         // standard native app redirectUri
-        final String redirectUri = Settings.getProperty("davmail.oauth.redirectUri", Settings.getO365LoginUrl()+"/common/oauth2/nativeclient");
+        final String redirectUri = Settings.getProperty("davmail.oauth.redirectUri", "https://localhost/common/oauth2/nativeclient");
         // company tenantId or common
         String tenantId = Settings.getProperty("davmail.oauth.tenantId", "common");
 
diff --git a/src/java/davmail/exchange/auth/O365StoredTokenAuthenticator.java b/src/java/davmail/exchange/auth/O365StoredTokenAuthenticator.java
@@ -63,7 +63,7 @@ public void authenticate() throws IOException {
         // common DavMail client id
         final String clientId = Settings.getProperty("davmail.oauth.clientId", "facd6cff-a294-4415-b59f-c5b01937d7bd");
         // standard native app redirectUri
-        final String redirectUri = Settings.getProperty("davmail.oauth.redirectUri", Settings.getO365LoginUrl()+"/common/oauth2/nativeclient");
+        final String redirectUri = Settings.getProperty("davmail.oauth.redirectUri", Settings.getO365LoginUrl()+"https://localhost/common/oauth2/nativeclient");
         // company tenantId or common
         String tenantId = Settings.getProperty("davmail.oauth.tenantId", "common");
 
diff --git a/src/site/xdoc/faq.xml b/src/site/xdoc/faq.xml
@@ -58,7 +58,7 @@
                         alternative is to get actual url from davmail log file with O365Modern<br/>
                         Example url, adjust client_id and redirect_uri to your configuration:
                         <source>
-https://login.microsoftonline.com/common/oauth2/authorize?client_id=facd6cff-a294-4415-b59f-c5b01937d7bd&amp;response_type=code&amp;redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient&amp;response_mode=query&amp;resource=https%3A%2F%2Foutlook.office365.com&amp;prompt=consent
+https://login.microsoftonline.com/common/oauth2/authorize?client_id=facd6cff-a294-4415-b59f-c5b01937d7bd&amp;response_type=code&amp;redirect_uri=https://localhost/common/oauth2/nativeclient&amp;response_mode=query&amp;resource=https%3A%2F%2Foutlook.office365.com&amp;prompt=consent
                         </source>
                     </li>
                     <li>You can use your own application client id instead of DavMail provided value,
@@ -67,7 +67,7 @@ https://login.microsoftonline.com/common/oauth2/authorize?client_id=facd6cff-a29
                         or directly on Azure AD if you have the rights, and add in davmail.properties:<br/>
                         <source>
 davmail.oauth.clientId=<i>yourappid</i>
-davmail.oauth.redirectUri=https://login.microsoftonline.com/common/oauth2/nativeclient
+davmail.oauth.redirectUri=https://localhost/common/oauth2/nativeclient
                         </source>
                     </li>
                     <li>Default tenant id is common, set tenantId to force company tenant:<br/>
@@ -77,7 +77,10 @@ davmail.oauth.redirectUri=https://login.microsoftonline.com/common/oauth2/native
                     </li>
                 </ul>
                 <p>In Azure you have to open Entra ID section then app registration, use <code>https://login.microsoftonline.com/common/oauth2/nativeclient</code>
-                as redirect uri value. It is no longer possible to add EWS scope under API permissions but a simple workaround is to do it through manifest
+                as redirect uri value. Update as of january 2026: Microsoft changed nativeclient endpoint to redirect users to <code>https://login.microsoftonline.com/common/wrongplace</code>,
+                please use <code>https://localhost/common/oauth2/nativeclient</code> instead
+                </p>
+                <p>It is no longer possible to add EWS scope under API permissions but a simple workaround is to do it through manifest
                 editor:</p>
                 <p>The required scopes are:</p>
                 <source>
