Alternative to obtain tenant ID and client ID and secret

[averter]

Must say that what this project is set to achieve is amazing!
Unfortunately on step 3 of Azure app set up an "Access denied You don't have permission to register applications in the " message shows up. There is no point in trying to ask for permission at my workplace, they are too inflexible/unhelpful. So my question, which is probably a shot in the dark, is if there is any alternative way to obtain a tenant ID, client ID and secret?

Other information I was able to gather: In Azure's Active directory Overview section there is a "My feed" subsection which under my name displays a code 189cdec2-7acf-4b53-bb9a-9080ff602f56 (possibly this is my tenant or client ID?). Under the same section I can also see an Azure AD Connect icon and the type of license used in my company is Azure AD Premium P2. Thank you in advance for any help.

[phdenzel]

Chances are your workplace's admin already registered a few common applications such as Thunderbird. You could try using the publicly available client ID & secret (under kIssuers):

{
	"tenant_id": "common",
	"client_id": "08162f7c-0fd2-4200-a84a-f25a4db0b584",
	"client_secret": "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82",
	"redirect_host": "localhost",
	"redirect_port": "5000",
	"redirect_path": "/",
	"scopes": ["https://outlook.office.com/IMAP.AccessAsUser.All", "https://outlook.office.com/SMTP.Send"]
}

This worked for me.

(The ID you see under "My feed" is probably your user ID and of no use in this case. Sometimes, you can read the tenant ID under "Basic information" in Azure's Active directory Overview section).

[podiki]

Same trick I use: I can also confirm using Thunderbird's details (and just needing the tenet id) works for me on a server that I can't create Azure apps for.

[averter]

Thanks @podiki and @phdenzel.
I reached the "Authorization complete" page on my browser/can get the token in XOAUTH2 format. The only thing that is not yet working is the actual email download via mbsync. Following the steps here the xoauth2 sasl plugin is installed and I've changed the lines in my mbsyncrc file, as follows

PassCmd oauth2ms
AuthMechs XOAUTH2

However, when running mbsync it seems to not recognise xoauth2 (for some reason)

Reading configuration file /home/myusername/.mbsyncrc
C: 0/1  B: 0/0  M: +0/0 *0/0 #0/0  S: +0/0 *0/0 #0/0
Channel myworkemail
Opening master store we-remote...
Resolving outlook.office365.com... ok
Connecting to outlook.office365.com (22.97.155.119:993)... 
Opening slave store we-local...
Connection is now encrypted
Logging in...
IMAP error: selected SASL mechanism(s) not available;
   selected: XOAUTH2
   available: DIGEST-MD5EXTERNALCRAM-MD5NTLMPLAINLOGINANONYMOUS
C: 1/1  B: 0/0  M: +0/0 *0/0 #0/0  S: +0/0 *0/0 #0/0

[averter]

New update: After installing mbsync 1.5.0 and the sasl xoauth2 plugin (via ppa) I fell on issue #9 (although I am using linux and not macOS)

Logging in...
Authenticating with SASL mechanism XOAUTH2...
Error performing SASL authentication step: SASL(-1): generic failure: Unable to find a callback: 32775

I think that at this stage it is safe to assume that it is not a tenant and client ID related-problem anymore and am happy to close this issue. Thanks again.

[averter]

Hello @podiki and @phdenzel . I have managed to get it working after installing the xoauth2 sasl plugin. Thanks a lot!
However, I am only able to receive, not send, emails :-(. I have discovered that smtp authentication is disabled on my account, as per the following image

does this mean that it is impossible to send emails unless using outlook? Is there a way to obtain a clientID and token for sending emails just as we just did for receiving them? Thank you in advance.

[podiki]

Sorry, I don't know. Have you tried without oauth, just plain smtp? Maybe that's what it means.