[CERN]
# https://man.sr.ht/~rjarry/aerc/providers/microsoft.md#office365-with-xoauth2
source            = imaps+xoauth2://timo.wilken%40cern.ch@outlook.office365.com?client_id=9e5f94bc-e8a4-4e73-b8be-63364c29d753&token_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/token&scope=https://outlook.office.com/SMTP.Send https://outlook.office.com/IMAP.AccessAsUser.All offline_access
outgoing          = smtp+xoauth2://timo.wilken%40cern.ch@smtp.office365.com:587?client_id=9e5f94bc-e8a4-4e73-b8be-63364c29d753&token_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/token&scope=https://outlook.office.com/SMTP.Send https://outlook.office.com/IMAP.AccessAsUser.All offline_access
# To authorize for the first time (to get refresh token):
# mutt_oauth2.py ~/.local/share/aerc/twilken.tokens --authorize --authflow authcode --provider microsoft \
#    --email timo.wilken@cern.ch --client-id 9e5f94bc-e8a4-4e73-b8be-63364c29d753 --client-secret '' \
#    --encryption-pipe 'gpg --encrypt --recipient C2249BBE5E8761C943A0CFA1B7B3914BF63ACD7C'
# Confirm empty client secret. When done, copy-paste ?code= value from final URL to the command-line.
# Then, to store the refresh token:
# gpg --decrypt ~/.local/share/aerc/twilken.tokens | jq -r .refresh_token | pass insert -e -f cern/exol/refresh-token
source-cred-cmd   = pass cern/exol/refresh-token
outgoing-cred-cmd = pass cern/exol/refresh-token
default           = INBOX
from              = Timo Wilken <timo.wilken@cern.ch>
aliases           = twilken@cern.ch
archive           = Archive
copy-to           = Sent Items
postpone          = Drafts
folders-sort      = INBOX,Archive,Sent Items,Drafts
folders-exclude   = Calendar,~Calendar/.*,Contacts,Conversation History,Journal,Notes,Tasks
cache-headers     = true
pgp-auto-sign     = true
pgp-key-id        = C2249BBE5E8761C943A0CFA1B7B3914BF63ACD7C
# Don't auto-encrypt mail, even if we have the keys of all recipients.
pgp-opportunistic-encrypt = false