We are currently redoing our mail module using ICS because Clever Internet Suite seems to be gone for good and The Office 365 sync components we used got bought out and rolled into a completely different solution.
But because our software is a commercial business software that gets used by various end users I registered a "public client" (for "Multiple Organizations") for usage with the "Real O365 Mail for companies and schools", not personal accounts.
But the ICS components need a Client_Secret (there are hardcoded checks) but if you send one, you won't get a token:
{"error":"invalid_client","error_description":"AADSTS700025: Client is public so neither 'client_assertion' nor 'client_secret' should be presented. Trace ID: 4b38379d-3e12-485c-aff2-e0f450495800 Correlation ID: ad9abfcf-dac7-461f-a58d-b73136e07ae2 Timestamp: 2025-03-27 20:24:31Z","error_codes":[700025],"timestamp":"2025-03-27 20:24:31Z","trace_id":"4b38379d-3e12-485c-aff2-e0f450495800","correlation_id":"ad9abfcf-dac7-461f-a58d-b73136e07ae2"}
I patched out the check of
if (FClientId = '') or (FClientSecret = '') then begin
it seems I got a valid token, but I'm not sure what else broke, because there definitely seems to be code that still attempts to send an empty client_secret with requests.