Using Alpine with Office365/MFA

This document describes how to configure the alpine mail client so it can use the Microsoft MFA system to authorize email access. You will need a newer release of Alpine - this was documented against 2.25 on Ubuntu 18.04 and 20.04.

(Note: Alpine 2.25 in this case was built with --with-passfile=.pine-passfile)

Step-by-step guide

1. Open a terminal window. 
2. Do the following based on the platform you're using:
   • Linux users
     $ touch ~/.pine-passfile
     Doing this will permit Alpine to save the token so that you do not need to re-auth every time.
   • Mac and Windows users
     This step is not needed. Your token will automatically be saved on your MacOS keychain or your Windows Credentials. Alpine will consult the needed keychain entry when you open Alpine.
3. $ alpine
4. Setup
5. Config
6. SMTP Server: smtp.office365.com/user=Your ID@purdue.edu/submit/auth=xoauth2
7. Inbox Path: {outlook.office365.com/ssl/user=Your ID@purdue.edu/auth=xoauth2}INBOX
   • Your ID: input your user ID (do not use "Your ID") in steps 6 & 7.
   • Note that it may be necessary to update other folders (Trash, Sent, Drafts), folder collections, and your remote-pinerc to include "/auth=xoauth2" in the appropriate place.
     
8. Exit Setup
9. Quit
10. $ alpine
11. The "Authorizing Alpine Access to Outlook Email Services" message should come up.

1. Visit "https://microsoft.com/devicelogin" in a web browser. (On some Linux distros you might only need to click on the link in the terminal window.)

2. Paste the code into the browser to authorize Alpine access.

3. Wait a few seconds in the Alpine window.

4. You should be prompted to save the access token on disk. Press yes. (Or you will have to repeat this process on every login!)

   

5. Create a master password for your password file - This is the password you will use to authenticate Alpine from now on.

   

Troubleshooting authentication problems:

Alpine does not give meaningful errors to its users if the authentication token becomes corrupt or expired. If this occurs you may see an unhelpful error like “Code 400: invalid_grant: AADSTS9002313” or “Request malformed”. If you see errors like these you should remove the token and go through the process above and get a new token. To remove the token follow the instructions for your platform below.

Linux users

1. Empty the token file.
   $ echo "" > ~/.pine-passfile
2. Follow the instructions above to get a new Microsoft MFA token.

Mac users

On a Macintosh you need to clear out the token entry on your keychain.

1. Close Alpine.
2. Open “Applications/Utilities/Keychain Access” on your Mac desktop.
3. Search for "pine" in the upper right corner of the Keychain Access window
4. Delete the key that looks like "XOAUTH2....."
5. Open Alpine and re-authenticate.

Windows users

In Windows 7 or 10 you need to clear out the token entry in the Credential Manager.

1. Close Alpine.
2. Search for "Credential Manager" in your Windows search and open it.
3. Delete any entries you find for "pine" or "alpine".
4. Open Alpine and re-authenticate.

 

Related articles:

• Converting an existing Thunderbird setup for Microsoft MFA
• Setting up a new Thunderbird account with Microsoft MFA