Skip to main content

Using Alpine with Office365/MFA

This document describes how to configure the alpine mail client so it can use the Microsoft MFA system to authorize email access. You will need a newer release of Alpine - this was documented against 2.25 on Ubuntu 18.04 and 20.04.

(Note: Alpine 2.25 in this case was built with --with-passfile=.pine-passfile)

Step-by-step guide

  1. Open a terminal window. 
  2. Do the following based on the platform you're using:
    • Linux users
      $ touch ~/.pine-passfile
      Doing this will permit Alpine to save the token so that you do not need to re-auth every time.
    • Mac and Windows users
      This step is not needed. Your token will automatically be saved on your MacOS keychain or your Windows Credentials. Alpine will consult the needed keychain entry when you open Alpine.
  3. $ alpine
  4. Setup
  5. Config
  6. SMTP Server:[Your ID]
  7. Inbox Path: {[Your ID]}INBOX
    • Note that it may be necessary to update other folders (Trash, Sent, Drafts), folder collections, and your remote-pinerc to include "/auth=xoauth2" in the appropriate place.
  8. Exit Setup
  9. Quit
  10. $ alpine
  11. The "Authorizing Alpine Access to Outlook Email Services" message should come up.

Authorizing Alpine acces to Outlook email services message.

  1. Visit "" in a web browser. (On some Linux distros you might only need to click on the link in the terminal window.)

  2. Paste the code into the browser to authorize Alpine access.

  3. Wait a few seconds in the Alpine window.

  4. You should be prompted to save the access token on disk. Press yes. (Or you will have to repeat this process on every login!)

    Preserve refresh and access tokens on disk for next login?
  5. Create a master password for your password file - This is the password you will use to authenticate Alpine from now on.

    Enter password of key to unlock password file.

Troubleshooting authentication problems:

Alpine does not give meaningful errors to its users if the authentication token becomes corrupt or expired. If this occurs you may see an unhelpful error like “Code 400: invalid_grant: AADSTS9002313” or “Request malformed”. If you see errors like these you should remove the token and go through the process above and get a new token. To remove the token follow the instructions for your platform below.

Linux users

  1. Empty the token file.
    $ echo "" > ~/.pine-passfile
  2. Follow the instructions above to get a new Microsoft MFA token.

Mac users

On a Macintosh you need to clear out the token entry on your keychain.

  1. Close Alpine.
  2. Open “Applications/Utilities/Keychain Access” on your Mac desktop.
  3. Search for "pine" in the upper right corner of the Keychain Access window
  4. Delete the key that looks like "XOAUTH2....."
  5. Open Alpine and re-authenticate.

Windows users

In Windows 7 or 10 you need to clear out the token entry in the Credential Manager.

  1. Close Alpine.
  2. Search for "Credential Manager" in your Windows search and open it.
  3. Delete any entries you find for "pine" or "alpine".
  4. Open Alpine and re-authenticate.


Related articles:

Purdue University College of Science, 150 N. University St, West Lafayette, IN 47907 • Phone: (765) 494-1729, Fax: (765) 494-1736

Student Advising Office: (765) 494-1771, Fax: (765) 496-3015 • Science IT, (765) 494-4488

© 2023 Purdue University | An equal access/equal opportunity university | Copyright Complaints

Trouble with this page? Disability-related accessibility issue? Please contact the College of Science Webmaster.