utoronto-outlook
4
总安装量
4
周安装量
#50045
全站排名
安装命令
npx skills add https://github.com/plurigrid/asi --skill utoronto-outlook
Agent 安装分布
codex
4
claude-code
4
mcpjam
3
kilo
3
windsurf
3
zencoder
3
Skill 文档
UofT Outlook Skill
Headless access to University of Toronto alumni/student Outlook via IMAP/SMTP with OAuth2.
Trit: -1 (MINUS – validator/consumer)
Principle: Thunderbird Client ID â Device Code Auth â Keychain Cache â IMAP/SMTP
Implementation: IMAP OAuth2 (XOAUTH2) + Thunderbird Pre-Authorized Client ID
The AADSTS65002 Problem
University tenants block third-party OAuth apps:
AADSTS65002: Consent between first party application and first party resource
must be configured via preauthorization
Solution: Use Thunderbird’s pre-authorized client ID 9e5f94bc-e8a4-4e73-b8be-63364c29d753 which Microsoft has pre-approved for IMAP/SMTP access on all tenants.
Authentication Architecture
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â THUNDERBIRD CLIENT ID BYPASS â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ¤
â â
â [Problem: Graph API blocked] â
â ââââââââââââ Graph API âââââââââââââââââ â
â â Agent â ââââââââââââââââⶠâ MS Entra ID â â
â ââââââââââââ âââââââââââââââââ â
â â â â
â â â¼ â
â â â AADSTS65002 Error â
â â "Admin consent required" â
â â
â [Solution: Thunderbird IMAP] â
â ââââââââââââ Thunderbird ID âââââââââââââââââ â
â â Agent â âââââââââââââââââⶠâ MS Entra ID â â
â ââââââââââââ 9e5f94bc-... âââââââââââââââââ â
â â â â
â â Device code flow â Pre-authorized â â
â â¼ â¼ â
â "Enter code XXXXXX at microsoft.com/devicelogin" â
â â â
â â User authenticates (one-time) â
â â¼ â
â ââââââââââââââââââââââââââââââââââââââââââââââââââââ â
â â macOS Keychain (secure storage) â â
â â outlook-university: access + refresh tokens â â
â ââââââââââââââââââââââââââââââââââââââââââââââââââââ â
â â â
â â XOAUTH2 authentication â
â â¼ â
â âââââââââââââââââââââââââââââââââââââââââââââââââ â
â â outlook.office365.com:993 (IMAP) â â
â â smtp.office365.com:587 (SMTP) â â
â âââââââââââââââââââââââââââââââââââââââââââââââââ â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
Key Constants
# Thunderbird's pre-authorized client ID (public, safe to commit)
THUNDERBIRD_CLIENT_ID = "9e5f94bc-e8a4-4e73-b8be-63364c29d753"
# IMAP OAuth2 scopes (NOT Graph API scopes!)
IMAP_SCOPES = [
"https://outlook.office.com/IMAP.AccessAsUser.All",
"https://outlook.office.com/SMTP.Send",
"offline_access",
"openid", "profile", "email"
]
# Servers
IMAP_SERVER = "outlook.office365.com" # Port 993 SSL
SMTP_SERVER = "smtp.office365.com" # Port 587 STARTTLS
Usage
Initial Authentication (One-Time)
cd ~/.claude/skills/utoronto-outlook
uv run python outlook_university.py auth
# Output:
# ============================================================
# OUTLOOK UNIVERSITY - DEVICE CODE AUTHENTICATION
# ============================================================
# Code: XXXXXXXXX
# Go to: https://microsoft.com/devicelogin
# (Uses Thunderbird's pre-authorized client ID)
# ============================================================
Headless Operations
# Check login
uv run python outlook_university.py whoami
# Logged in as: yulia.zubak@alumni.utoronto.ca
# List messages
uv run python outlook_university.py list 10
# Read message
uv run python outlook_university.py read 42
# Search
uv run python outlook_university.py search "professor"
# List folders
uv run python outlook_university.py folders
Python API
from outlook_university import OutlookClient
client = OutlookClient()
# List recent emails
messages = client.list_messages(limit=10)
# Get unread
unread = client.get_unread()
# Read full message (body truncated to 2000 chars for context safety)
msg = client.get_message("42")
# Search
results = client.search("grades")
# Send email
client.send(
to=["recipient@example.com"],
subject="Test",
body="Hello from headless Outlook!"
)
client.close()
XOAUTH2 Authentication
The critical implementation detail for IMAP OAuth2:
# Build XOAUTH2 string per RFC 7628
auth_string = f"user={email}\x01auth=Bearer {access_token}\x01\x01"
# IMAP authenticate callback returns raw bytes
conn.authenticate("XOAUTH2", lambda x: auth_string.encode())
GF(3) Verb Typing
| Operation | Trit | Description |
|---|---|---|
list_messages |
-1 | Consume/read inbox (MINUS) |
get_message |
-1 | Read specific message (MINUS) |
get_unread |
-1 | Query unread (MINUS) |
search |
-1 | Query messages (MINUS) |
list_folders |
0 | Metadata access (ERGODIC) |
send |
+1 | Generate output (PLUS) |
Security Notes
- Thunderbird Client ID: Public, safe to commit (used by Mozilla Thunderbird)
- Tokens: Stored in macOS Keychain (encrypted), never in files
- Body Truncation: Email bodies truncated to 2000 chars to prevent context overflow
- No Credentials: No passwords stored; OAuth2 refresh tokens only
- Terminal Sanitization: ANSI escape codes stripped from output