From: nunojsilva@invalid.invalid   
      
   On 2025-11-24, Jota.Ce wrote:   
      
   > El 23/11/2025 a las 16:25, Richmond escribió:   
   >> "Jota.Ce"  writes:   
   >>   
   >>> El 21/11/2025 a las 17:52, Richmond escribió:   
   >>>> "Jota.Ce"  writes:   
   >>>>   
   >>>>> Hi there.   
   >>>>>   
   >>>>> I think i have reached the limit of days i can stay without providing   
   >>>>> a new authentication in my organization (new OAuth2 token?), as a   
   >>>>> popup window appears requiring username and password when i try to   
   >>>>> retrieve new mails.   
   >>>>>   
   >>>>> The problem is when i fill the password and in the next window i have   
   >>>>> to click on "Continue" in "Trust in ?"   
   >>>>> question.   
   >>>>>   
   >>>>> That button does nothing and both buttons (Cancel and Continue) stand   
   >>>>> in grey forever. There's no change to fill the new OTP code provided   
   >>>>> by our authenticator app.   
   >>>>>   
   >>>>> I have made this process several times, and SeaMonkey was able to   
   >>>>> handle this without problems.   
   >>>>>   
   >>>>> Any suggestion?   
   >>>> I had problems with Yahoo which I got around by disabling and   
   >>>> re-enabling javascript during the authentication process. It was not   
   >>>> easy but I did document it in this group.   
   >>>>   
   >>> Hi again.   
   >>>   
   >>> If i disable Scripts in Preferences->Advanced, i just get a blank   
   >>> screen on Oath2 authentication in my organization. I mean... i can't   
   >>> pass to get that "Do you trust in xxx.com?".   
   >>>   
   >>> If i keep it enabled to get the organization user sign-in screen, and   
   >>> disable it before clicking "Sign-in" button, it just shows a simple   
   >>> screen where login (.) microsoftonline (.) com says that javascript is   
   >>> disabled and is mandatory.   
   >>>   
   >>> Could you please copy here what were your steps to pass through these   
   limitations?   
   >>>   
   >>> Thanks in advance.   
   >>   
   >> So I turn off javascript, set authentication to Oauth2, go to the yahoo   
   >> email account and click on the inbox, the restricted window comes up, I   
   >> enter the user name and password, I get the 2fa dialog, I click text   
   >> message to phone, I click stay authenticated, then I go back to the   
   >> browser window and enable javascript. I click resend the code and wait   
   >> for the timeout, then resend again, and I get a code, which I enter,   
   >> then it askes me to agree to Oauth2 terms, and I am in, and I can see   
   >> emails in my Yahoo account via Imap.   
   >>   
   >> This didn't all work first time, and at some point during the   
   >> proceedings, after javascript was re-enabled, I clicked help and   
   >> accepted cookies.   
   >>   
   > Thanks, but i can't reproduce that behaviour in my case.   
   >   
   > But the curious thing is that "Do you trust..." window has this titlebar:   
   > login (.) microsoftonline (.) com (/) login (.) srf and...   
   >  - In a regular tab, if i manually go there, it redirects to m365 (.)   
   > cloud (.) microsoft and i get a pure blank screen.   
   >  - In a private tab, it takes me to MS login, and 2FA screen, without   
   > asking me to trust my domain.   
   >  - In SM Mail Oauth2 popup, it takes me to my organization Sing-in   
   > form, and then to the "Do you trust..." screen. It doesn't get to 2FA   
   > screen even if i confirm i trust my domain.   
   >  - And a weird thing more: in "Do you trust..." form "Cancel" button   
   > works OK, telling that "AADSTS90135: The user decided not to continue   
   > the authentication. No remediation is required"   
   >   
   > It seems that SM can't pass that latter screen, no matter if JS is   
   > enabled (Continue button turns from blue to grey, and nothing else   
   > happens there) or disabled (simple HTML screen tells you JS is   
   > disabled, and it's mandatory).   
   >   
   > I'm feeling really down with this.   
   >   
   > SM Mail is probably going to die here if i can't access my work mails.   
   >   
   > Regards.   
      
   I don't think I've ever seen such a screen. What domain is the one   
   you're being prompted about trusting? No need to put it here if it's   
   personally identifiable or the like, I'm just trying to understand if   
   it's ISP domain, work/organisation domain, email address domain, or   
   something else.   
      
   Last I tried OAuth2 with Microsoft was this month, but it was for a   
   Hotmail account, it logged me in, but went through no such screen (just   
   two-factor with e-mailed code). I'll see if I can give a try to the   
   non-Hotmail Microsoft account in a new profile.   
      
   --   
   Nuno Silva   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)