blog/content/posts/how-to-2famutt.md

+++
date = '2024-12-19'
title = 'Neomutt and Outlook'
tags = ['howto', 'tutorial', 'mutt', '2fa', 'oauth2']
categories = ['technical']
+++

## GPG
You will need a `gpg` key for encryption purposes.
If you don't already have a `gpg` key, you can generate one with the `--full-gen-key` flag.

```sh
gpg --full-gen-key
```

## OAuth2
First, sign in to your mail through the browser. This is needed for the OAuth2 authorization flow.
As part of installing neomutt, you should have the oauth2 python script located in `/usr/share/neomutt/oauth2/`.
We need to register neomutt as an already trusted app.
We will simply abuse the thunderbird client-id for this, which is: `9e5f94bc-e8a4-4e73-b8be-63364c29d753` - with this you don't need to specify a client secret:

```sh
/usr/share/neomutt/oauth2/mutt_oauth2.py \
    -v \
    -t \
    --authorize \
    --client-id "9e5f94bc-e8a4-4e73-b8be-63364c29d753" \
    --client-secret "" \
    --email "your-email-here" \
    --provider microsoft \
    $HOME/email-token
```

This will ask you a couple of questions. Select `authcode` for the preferred OAuth2 flow.
If prompted for a client secret, simply press enter.
You should get a link - enter that link into your browser and allow the app.
By the end of the flow you should end up at an empty website.
Copy the last part of the URL and paste it into your terminal.
After this you should have a token file located at `$HOME/email-token`.
It's a good idea to take a backup of this file just in case you overwrite it.
But if you do loose it, you can just run the flow again.

## Mutt-Wizard
Phew! That was a lot. We are almost there!
Based on [mutt-wizard](https://github.com/lukesmithxyz/mutt-wizard).

<!-- Run mutt-wizard -->

After this, you should edit your `~/.mbsyncrc` file, as the default `PassCmd` is not quite configured yet.
It should look something like this (make sure to change `your-email-here` and `username` to the appropriate values):
```
...
PassCmd "/usr/share/neomutt/oauth2/mutt_oauth2.py --encryption-pipe 'gpg -e -r your-email-here' /home/username/email-token"
...
```

You should now be able to run `mailsync`:

```sh
mailsync
```

It might ask you to select which profile to sync.
Just provide the name you set when setting up your gpg profile and everything should sync now!
After a successful sync, you should be able to just open `neomutt` and start reading, replying and whatever you do with email!

```sh
neomutt
```

## TODOs
 - [ ] introduction
 - [ ] instructions on installing mutt-wizard (oauth2 version) (ubuntu / arch) - including dependencies
  - Mention that the oauth2 version might be merged in the future and refer to luke's version if merged
 - [ ] instructions on registering app passwords (gmail / outlook)
 - [x] figure out how to consistently use `mbsync -a` (perhaps a cronjob?)
 - [ ] Start the article with a demo of what we'll be making
wip: neomutt post 2024-12-18 07:33:43 +01:00			`+++`
			`date = '2024-12-19'`
wip 2024-12-19 21:55:08 +01:00			`title = 'Neomutt and Outlook'`
wip: neomutt post 2024-12-18 07:33:43 +01:00			`tags = ['howto', 'tutorial', 'mutt', '2fa', 'oauth2']`
			`categories = ['technical']`
			`+++`

			`## GPG`
wip 2024-12-19 21:55:08 +01:00			You will need a `gpg` key for encryption purposes.
			If you don't already have a `gpg` key, you can generate one with the `--full-gen-key` flag.
wip: neomutt post 2024-12-18 07:33:43 +01:00
			```sh
			`gpg --full-gen-key`
			```

			`## OAuth2`
			`First, sign in to your mail through the browser. This is needed for the OAuth2 authorization flow.`
			As part of installing neomutt, you should have the oauth2 python script located in `/usr/share/neomutt/oauth2/`.
			`We need to register neomutt as an already trusted app.`
			We will simply abuse the thunderbird client-id for this, which is: `9e5f94bc-e8a4-4e73-b8be-63364c29d753` - with this you don't need to specify a client secret:

			```sh
			`/usr/share/neomutt/oauth2/mutt_oauth2.py \`
			`-v \`
			`-t \`
			`--authorize \`
			`--client-id "9e5f94bc-e8a4-4e73-b8be-63364c29d753" \`
			`--client-secret "" \`
			`--email "your-email-here" \`
			`--provider microsoft \`
			`$HOME/email-token`
			```

			This will ask you a couple of questions. Select `authcode` for the preferred OAuth2 flow.
			`If prompted for a client secret, simply press enter.`
			`You should get a link - enter that link into your browser and allow the app.`
			`By the end of the flow you should end up at an empty website.`
			`Copy the last part of the URL and paste it into your terminal.`
			After this you should have a token file located at `$HOME/email-token`.
			`It's a good idea to take a backup of this file just in case you overwrite it.`
			`But if you do loose it, you can just run the flow again.`

			`## Mutt-Wizard`
			`Phew! That was a lot. We are almost there!`
			`Based on [mutt-wizard](https://github.com/lukesmithxyz/mutt-wizard).`

			`<!-- Run mutt-wizard -->`

			After this, you should edit your `~/.mbsyncrc` file, as the default `PassCmd` is not quite configured yet.
			It should look something like this (make sure to change `your-email-here` and `username` to the appropriate values):
			```
			`...`
			`PassCmd "/usr/share/neomutt/oauth2/mutt_oauth2.py --encryption-pipe 'gpg -e -r your-email-here' /home/username/email-token"`
			`...`
			```

			You should now be able to run `mailsync`:

			```sh
			`mailsync`
			```

			`It might ask you to select which profile to sync.`
			`Just provide the name you set when setting up your gpg profile and everything should sync now!`
			After a successful sync, you should be able to just open `neomutt` and start reading, replying and whatever you do with email!

			```sh
			`neomutt`
			```

			`## TODOs`
			`- [ ] introduction`
			`- [ ] instructions on installing mutt-wizard (oauth2 version) (ubuntu / arch) - including dependencies`
			`- Mention that the oauth2 version might be merged in the future and refer to luke's version if merged`
			`- [ ] instructions on registering app passwords (gmail / outlook)`
			- [x] figure out how to consistently use `mbsync -a` (perhaps a cronjob?)
			`- [ ] Start the article with a demo of what we'll be making`