How Install Office 2019 on old Mac OS when you're stuck on a blank authentication page

install-office-2019-old-mac.md

Pre-requisites

• Have an old Mac Laptop with an old MacOS version that you need Microsoft Office installed on (works with Intel-based Mac running High Sierra)
• Have an Office 365 License
• You attempted to install Office and, when prompted to input your account details to authenticate in each Office App, the authentication window turns blank (in my case, it occurs right after inputting the account email)

• Although it presents similiar issues when authenticating, I can't tell for sure if it works with Office 2016 (which I also installed, but moved on from before trying out this approach). This method was tested with Office 2019 alone.

Limitations

• This method works for most of the apps bundled in Office 2019 (tested with Excel, Word, PowerPoint and OneNote - I think Outlook doesn't require it, although I haven't set it up). However, I couldn't get it to work for Microsoft Teams, as it seems to follow an alternate authentication approach that I haven't investigated too deeply as I wasn't invested in getting that App specifically to work.
• In its current state, this method will require you to move quickly to manually select, alter and submit the intercepted request. It may take a few attempts to do it quickly enough (from what I tested, it seems like you need to do it in under 30s). Maybe this method could be replaced by a small mitmproxy add-on to overcome this

Method details

The method involves intercepting the App request made from the authentication window (i.e. the embedded browser window that pops up when the Microsoft Office App attempts to authenticate to your Microsoft Account) that leads to the blank page, using that request URL in a browser to complete the login, capturing the result code and then forcing the authentication page window to redirect to that same code URL. In other words, we will run part of the authentication process from a separate browser in order to see it completed and then simply return the auth code to the authentication window via a specially-crafted redirect response.

Intercepting and modifying the authentication window requests may take some time to learn and to execute quickly enough. Take some time to understand how it works in order to do that, as the authentication page times out after a certain period of time without a response. I highly recommend learning the tool shortcuts to avoid wasting any time in that process.

Steps

1. Have a working browser available in the machine (in my case I had to install the latest available Firefox for MacOS High Sierra)
2. Download and install Office 2019 for Mac
   1. Here you should be able to find a version that works in your case: https://learn.microsoft.com/en-us/officeupdates/update-history-office-for-mac
3. Install this proxy tool for intercepting and modifying the authentication requests: https://mitmproxy.org/
   1. You need to install an older version that is compatible with your macOS version: https://mitmproxy.org/downloads/
4. Start up the proxy tool (in my case, it opened a Terminal window with a text-based UI)
5. Enable proxy in the computer network settings (I've set it to proxy both http and https traffic via 127.0.0.1:8080)
   1. The tool should be showing flows in the Terminal UI

6. Install the tool certificates and have the machine trust them in order to intercept and manipulate https traffic: https://docs.mitmproxy.org/stable/concepts-certificates/
   1. This should lead you to the following local URL, which the proxy will intercept: mitm.it
   2. Remember to set this certificate to "Always Trust"

8. Select one Office App that you wish to authenticate under and start the App

   1. After providing your email, the authentication page should go blank when requesting the password
   2. Look for the last request made by the authentication window in the mitmproxy tool before it went blank. Focus on that URL with the arrow keys and hit enter to highlight the request details. Copy that URL
      1. In my case, the URL looked like this: https://login.live.com/oauth20_authorize.srf?client_id=...
      2. After copying it from the Terminal, I also had to remove some spaces that got copied from the terminal window
   3. Disable the computer proxy setting (otherwise the next step won't work)
   4. Open the captured URL in a browser (I've done it with Firefox) and finish the authentication process:

   

   5. Now you should have been redirected to a blank page with an URL containing a code query parameter. Copy that URL
      1. In my case, the URL looked like this: https://login.live.com/oauth20_authorize.srf?lc=1046#access_token=...
   6. Re-enable the computer proxy setting

9. Let's now authenticate the Office App

   1. Go back to the authentication window, click back

   2. In the mitm proxy UI, configure an intercept command. We'll use it to intercept and modify the response to the request that leads to the blank page this time: https://docs.mitmproxy.org/stable/mitmproxytutorial-modifyrequests/. This is the setting I used:

      1. Intercept, to hold back from responding to authentication requests (shortcut i): /oauth20_authorize.srf
      2. (RECOMMENDED) Filter, to ensure that only relevant flows will show up (shortcut f): login.live.com

   3. Run through the authentication steps for the Office App once more. Right after that, go to the mitm proxy tool UI and look for the intercepted request flow and hit enter. Intercepted request flows will appear in red

   4. Within the intercepted request, modify the following response properties:

      1. Response headers (shortcut e 9, then a to add row):
         1. Key: Location
         2. Value: <Full URL with the access token you copied earlier>
      2. Response code (shortcut e c): 302

   5. Once both response code and headers are altered, go back to the flow list and hit a to allow response through

   6. Take a look at the Office App authentication window - it should have been able to move forward with the authentication process. You should now have your App authenticated with your Microsoft Account.

   7. You can re-use the same code URL for all Office apps you wish to authenticate to (earlier in the document I listed the Apps it worked with)

10. Once you're done, remove the proxy setting from your network settings and feel free to uninstall mitmproxy

11. I also recommend removing the mitmproxy certificates from your local keychain as you'll no longer need them (or, at least, set them as not trusted).

Alternate method - mitmproxy addon (WIP)

This alternate method is a slight variation of the method above that involves the aid of a mitmproxy addon to automate some of the steps. Executing this method requires some level of familiarity with the Mac Terminal application.

1. Copy the office-auth-redirect.py addon file to the same folder where the mitmproxy application is present
2. To launch the proxy, open the Terminal application and head over to the folder where the mitmproxy app and proxy addon are located. Here is an example where the mitmproxy application is located in the Downloads folder:

$ cd ~/Downloads

# Assuming that mitmproxy and the pyhton addon script are here:
$ ./mitmproxy.app/Contents/MacOS/mitmproxy -s office-auth-redirect.py

3. This should start the proxy with the addon script. Now, attempt to log into the Office App.
   1. If you have Firefox installed, this should open a Window in it where it says that you are attempting to access a page via unsafe means. Disable the proxy from the network settings and reload the page. It should get you through the steps required to authenticate to your Office 365 account (beware: it won't need to happen if you are logged into Office 365 already). You should end up in the URL with the Auth code at the end of the flow (it's a blank page, like the one shown in the steps from the regular method above). Copy that Auth code URL
   2. If you don't have Firefox installed, while in the mitmproxy UI, hit E and look for a line that starts with Head over to this URL in your browser if you haven't yet: . Copy the URL from that line and head over to a browser with it, after disabling the proxy in the networking settings. Copy the Auth URL at the end of the authentication process.
4. Re-enable the proxy in the Network settings
5. Close the mitmproxy tool in the Terminal (hit q to quit and y to confirm)
6. Open the office-auth-redirect.py file with a text editor (e.g. you could use vim from the Terminal)
7. Add the Auth URL you acquired to the AUTH_URL variable (don't forget to retain the quotes) and save the file.
   1. With this done, the script will behave differently: instead of opening a browser window, it will immediately redirect authentication attempts to the appropriate Auth code URL instead.
8. Restart mitmproxy with the same command line once again
9. Try to authenticate into Office from the Office App once again. This time, you should see the App successfully authenticating into Office 365

office-auth-redirect.py

"""mitmproxy addon to aid in logging into office from old Mac"""

from mitmproxy import http

import logging, os

# Once you have the auth code URL, place it in the variable below (remember to keep it between double quotes!)
AUTH_URL=""

def request(flow: http.HTTPFlow) -> None:
    if flow.request.url.startswith("https://login.live.com/oauth20_authorize.srf") and AUTH_URL == "" and "AppleWebKit" in flow.request.headers["User-Agent"]:
        logging.info("Head over to this URL in your browser if you haven't yet: %s"%(flow.request.url))
        os.system("open /Applications/Firefox.app -g '%s'"%(flow.request.url))

def response(flow: http.HTTPFlow) -> None:
    if flow.request.url.startswith("https://login.live.com/oauth20_authorize.srf") and AUTH_URL != "":
        logging.info("Redirecting to AUTH_URL...")
        flow.response.headers["Location"] = AUTH_URL
        flow.response.status_code = 302

Rafael, I am so grateful for your work around and very kind assistance with the process.

As you very correctly stated, this method requires very quick input from the user, to manually select, alter and submit the intercepted request. It requires a fair bit of repetitive practice to do it in under 30s.

I found that learning and practising the mitmproxy tutorial is a must as well as learning some of the keyboard short cuts.

Going through the process I had saved in a text document the Full URL with the access token.

Beware I found that after a few attempts or a restart, the values changed, to avoid frustration to novice like me, I recommend once you get lost in the process to quit all application, run Microsoft_Office_License_Removal_2.7, to clear the system.

Then start again from scratch following the full method as supplied by Rafael

One more thing, below is a summary detail of typing keys to make it clearer for all for the end sequence.

Make sure - Certificate is trusted
Proxy is enabled
Shortcut i : /oauth20_authorize.srf then Hit ENTER
shortcut f : login.live.com then Hit ENTER
Launch MS App (Excel) to validate enter user and next
Within the intercepted request, modify the following response properties:
a. Response headers (shortcut e 9 , then a to add row):
Type the word: Location then Hit TAB to move cursor under Value column
Then Paste the full URL you copied before (the one that looks like "https://login.live.com/oauth20_authorize.srf? lc=1046#access_token=..." ( easier to save it in a text document with the above command to access it quickly)
After a few seconds one the pasted text is shown
Hit ESC to stop editing it highlight the whole text in darker colour
Hit q once,
b. Response code (shortcut e c ): 302 Hit ENTER
Hit a Hit a Hit a Hit a
If done within 30 Second it activates my Excel Application, as I did do it with Excel when I checked the other MS Aps Word and PowerPoint were also activated.

@Jean-LucWa I updated the gist with a (for now) Work In Progress alternative that involves using a mitmproxy addon to automate some of the steps. It requires some familiarity with the Terminal to work.

Very helpful of you. (familiarity with the Terminal to work) is something I might not have? I am away for a month from the location where my High Sierra iMac is located so I don't think I will be able to try remotely but I will definitely try it when I return, in the meantime I have my Macbook (M1 - Sonoma 14.7.2) with me not sure if I could try on it or a friend has an older Macbook (Monterey 12.7.6). I will give it a go in the next 3-4 days. Best wishes for the festive season and for a happy and prosperous New Year. Jean-Luc

@rafaelfonte many thanks for posting this! It almost works for me, but I run into an issue:

I tried both the manual mitmproxy method as well as the python script. Any ideas? At least I can use it for 15 days but then I have to run mitmproxy again.

@stanmoore1 sorry, never ran into that message before so it's hard to tell what might've happened.
What Office version are you installing? Is it 2019?
Is your license still valid?
Did you manage to get an auth code in the format detailed in the steps?

@rafaelfonte yes Office 2019--I have a valid license and I got an auth code but also got some 403 forbidden errors in mitmproxy after redirecting the response with the auth code. I tried everything and couldn't get it to work on High Sierra, so I finally installed macOS Monterey using OpenCore Legacy Patcher and updated MS Office 2019 to the last version in Monterey (16.78), and then Office was finally able to activate successfully. Then I copied the plist license files back to the High Sierra partition and now it all works. Note that the Office license is tied to the boot drive serial number so it all has to be done on the same drive. Even with Office 16.43 in Monterey I still got the same error as above, so it wasn't a problem with your workflow. Updating to Office 16.78 was the key. Thanks for creating this Gist!

I'm too old and slow to click all those things and get everything right - but I can write a script !!

---

It's a Cookbook !!

1. required: your certs are installed and trusted, and you have run the mitproxy tool from the terminal 👍
2. if it’s still open, close the mitproxy tool: hit ctrl-c, and answer the question with `y`
3. note the command that you used to run the mitproxy tool - you will need it to update the script
4. start a new text file by typing this command `cat > office-auth.sh` and hitting return
5. use copy and paste to fill the file with the whole office-auth.sh script, then hit return, and hit ctrl-d to close the file
6. check your work by typing `ls -l office-auth.sh` and hit return
7. confirm the output something like this: steve$ -rw-r--r--  1 steve  staff  1157 20 Jan 14:07 office-auth.sh
8. make the script executable like this: `chmod 755 office-auth.sh` (there will be no output)
9. confirm the output added x’s like this: steve$ -rwxr-xr-x  1 steve  staff  1157 20 Jan 14:07 office-auth.sh
10. type `pwd` and hit return - this should help in creating an absolute path to the the mitproxy tool
11. update that path in the top of the script and save your changes
12. to confirm: paste the absolute path into the terminal and hit return - the mitproxy tool should open

👍 ok, if you feel good at this point then we are going to run the script with ./office-auth.sh

This is what we will do with the script:

1. confirm you are logged into your MS365 account
2. authenticate the script, so we can turn the proxy on and off
3. configure a filter in the mitproxy tool to reduce confusion
4. copy the authentication URL to your clipboard so we can clean it
5. with the cleaned url complete the authentication to get an url with a token
6. configure an intercept into the mitproxy tool to add the token url to the request
7. complete activation in the product

NOTE: the script will take care of turning the proxy on and off as needed, cleaning and presenting the urls for you to copy and paste, and will prompt you when you need to take the next step

👍 congrats!! we are now ready to run everything and do the task of authentication. Together we will use the proxy and attempt to activate the software, the script will prompt you so you know when to do what 👍

---

---

script: office-auth.sh

#!/bin/bash

# update this cmd to the full path to the mitproxy at it's actual location --> YMMV !!
mitproxy_cmd="/Users/steve/Downloads/mitmproxy.app/Contents/MacOS/mitmproxy"

## shouldn't need any changes below here ##

# source the bash profile
source ~/.bash_profile

# Function to turn on the proxy
turn_on_proxy() {
sudo networksetup -setsecurewebproxy "Wi-Fi" 127.0.0.1 8080
sudo networksetup -setwebproxy "Wi-Fi" 127.0.0.1 8080
    echo "" && echo ""
    echo "The proxy has been turned ON"
}

# Function to turn off the proxy
turn_off_proxy() {
    sudo networksetup -setwebproxystate "Wi-Fi" off
    sudo networksetup -setsecurewebproxystate "Wi-Fi" off
    echo "" && echo ""
    echo "The proxy has been turned OFF"
}

# Trap script to turn OFF the proxy if the script is cancelled
trap turn_off_proxy EXIT

## setup is done, we get started below here ##

# 
# USER INSTRUCTIONS - LOGIN TO YOUR OFFICE 365 ACCOUNT
echo "" && echo "" && echo "1. LOGIN TO YOUR OFFICE 365 ACCOUNT"
echo "" && echo "--------------------------------------------"

# wait for the user to finish the process in the mitproxy app
echo "" && echo "Ok, you have logged into your 365 account (likely at account.microsoft.com)"
echo "" && read -p "Press Enter key to acknowledge and continue... (ctrl-c to cancel and quit)"

# 
# USER INSTRUCTIONS - AUTHENTICATE THIS SCRIPT
echo "" && echo "" && echo "2. AUTHENTICATE THIS SCRIPT"
echo "" && echo "--------------------------------------------"

# authenticate the script
echo "" && echo ""
echo "Ok, now we authenticate this script"
echo "  (so we can turn the proxy off and on as needed)"
echo "  NOTE: You May Be Asked For Your Password Here :NOTE"
echo "" && read -p "Press Enter key to acknowledge and continue... (ctrl-c to cancel and quit)"
sudo -s date || exit 1

# 
# USER INSTRUCTIONS - CONFIGURE A FILTER IN THE MITMPROXY TOOL
echo "" && echo "" && echo "3. CONFIGURE A FILTER IN THE MITMPROXY TOOL"
echo "" && echo "--------------------------------------------"

# wait for the user to return from the mitproxy window
echo "Ok, so the mitproxy WILL OPEN in another window"
echo "  where you WILL BE setting up a filter to limit the display "
echo "" && read -p "Press Enter key to acknowledge and continue... (ctrl-c to cancel and quit)"

# open the mit proxy into a new terminal window
osascript -e "tell application \"Terminal\" to do script \" ${mitproxy_cmd} \""

# wait for the user to return from the mitproxy window
echo "" && echo "Ok, so the mitproxy HAS OPENED in another window"
echo "  and you DID HIT the Shortcut: f and HAVE ENTERED: login.live.com "
echo "" && read -p "Press Enter key to acknowledge and continue... (ctrl-c to cancel and quit)"

# 
# USER INSTRUCTIONS - START ACTIVATION AND COPY THE AUTHORIZATION URL
echo "" && echo "" && echo "4. START ACTIVATION AND COPY THE AUTHORIZATION URL"
echo "" && echo "--------------------------------------------"

    # toggle the proxy ON
    turn_on_proxy

        unset AllegedURL
        # try to copy from the clipboard - sometimes it takes a few tries...
        while [ -z "${AllegedURL}" ]; do

            # wait for the user to return with an authorization URL
            echo "" && echo "Now, go and attempt to activate your product"
            echo "  and when the dialog goes blank, switch to the mitproxy tool"
            echo "  and click the authorization URL and copy it to your clipboard"
            echo "" && echo "Don't continue until you have copied the authorization URL to your clipboard"
            echo "  NOTE: on a Mac I had to hold down the fn key to select anything in the mitproxy tool :Note"
            echo "" && read -p "Press Enter key to acknowledge and continue... (ctrl-c to cancel and quit)"

            # attempt copy from clipboard
            AllegedURL=$(pbpaste)
            # echo "from clipboard: ${AllegedURL}"

        done

    # toggle the proxy OFF
    turn_off_proxy

# clean the alleged url and return the authorization URL
AuthenticationURL=$(echo "${AllegedURL}" | tr -d ' \n')

# 
# USER INSTRUCTIONS - WITH THE CLEAN URL, COMPLETE THE AUTHENTICATION IN BROWSER
echo "" && echo "" && echo "5. WITH THE CLEAN URL, COMPLETE THE AUTHENTICATION IN BROWSER"
echo "" && echo "--------------------------------------------"

echo "" && echo "Cleaned URL: "
echo "" && echo "${AuthenticationURL}"
echo "" && echo ""
echo "Copy and paste this cleaned url into a browser and complete the Activation"
echo "(the window CAN REMAIN BLANK and the url STILL HAVE CHANGED to show a token)"

echo "" && echo ""
echo "Copy the final url from the browser (should be a token in the url) to your clipboard so we can clean it"

unset AllegedURL
# try to copy from the clipboard - sometimes it takes a few tries...
while [ -z "${AllegedURL}" ]; do

    # wait for the user to return with an authorization URL
    echo "" && echo "Now that Activation is done, copy the final URL from the browser"
    echo "  and when you have copied the final URL from browser come back here"
    echo "" && echo "Don't continue until you have copied the final URL with token to your clipboard"
    echo "" && read -p "Press Enter key to acknowledge and continue... (ctrl-c to cancel and quit)"

    # attempt copy from clipboard
    AllegedURL=$(pbpaste)
    # echo "from clipboard: ${AllegedURL}"

done

# clean the alleged url and return the an URL with a Token
URLWithToken=$(echo "${AllegedURL}" | tr -d ' \n')

# 
# USER INSTRUCTIONS - SETUP THE INTERCEPT IN THE MITMPROXY TOOL
echo "" && echo "" && echo "6. SETUP THE INTERCEPT IN THE MITMPROXY TOOL"
echo "" && echo "--------------------------------------------"

# wait for the user to turn on the intercept mode in the mitproxy app
echo "" && echo "Now switch to the mitproxy tool AND configure an intercept"
echo "  enter the Shortcut i and enter: /oauth20_authorize.srf "
echo "" && read -p "Press Enter key to acknowledge and continue... (ctrl-c to cancel and quit)"

# wait for the user to return from the mitproxy window
echo "" && echo "Ok, so you DID SWITCH to the mitproxy tool and "
echo "  enter the Shortcut i and enter: /oauth20_authorize.srf "
echo "" && read -p "Press Enter key to acknowledge and continue... (ctrl-c to cancel and quit)"

# 
# USER INSTRUCTIONS - COMPLETE THE AUTHENTICATION IN THE PRODUCT USING THE INTERCEPT
echo "" && echo "" && echo "7. COMPLETE THE AUTHENTICATION IN THE PRODUCT USING THE INTERCEPT"
echo "" && echo "--------------------------------------------"

    # toggle the proxy ON
    turn_on_proxy

        echo "" && echo "Cleaned Token URL: "
        echo "" && echo "${URLWithToken}"
        echo "" && echo ""

        # wait for the user to continue the process in the mitproxy app
        echo "" && echo "Hit back on the authentication dialog and then proceed again entering your creds"

        # wait for the user to continue the process in the mitproxy app
        echo "" && echo "The interceptor will pause the call while you Add the Authenticated URL and set a rturn code"

        # wait for the user to continue the process in the mitproxy app
        echo "" && echo "Click on the paused call to select it"

        # wait for the user to continue the process in the mitproxy app
        echo "" && echo "Ok, add a header row, with Shortcut e, 9, a"
        echo "  where KEY: Location and VALUE: <your pasted URLWithToken>"
        echo "  finish the new row by hitting Escape twice"

        # wait for the user to continue the process in the mitproxy app
        echo "" && echo "Then add a response code, with Shortcut e, c, and enter 302 and hit return"

        # wait for the user to continue the process in the mitproxy app
        echo "" && echo "Now type a capital A to release the intercepted call, (and again with capital A should any more calls get intercepted)"

        # wait for the user to finish the process in the mitproxy app
        echo "" && echo "Finally the authentication should go thru, and you will have succeeded 👍"
        echo "" && read -p "Press Enter key to acknowledge and finish this script"        

    # toggle the proxy OFF
    turn_off_proxy

# finished

@ajoslin103 interesting… did you generate this script with AI?

This works for me.....
https://gist.github.com/zthxxx/9ddc171d00df98cbf8b4b0d8469ce90a

What I have:
MB Pro mid 2010
High Sierra 10.13.6

It didn't asked to Activate, when I check Word, it opens right away then when I click About, it says it is already licensed.

Here's what I did.

1. Install the the Office 16.27 (Do Not Open App after install)
2. Install the Office License Removal (to ensure previous failed activations are cleared / cleaned)
3. Install MS Office 2019 VL Serializer

Boom it worked!!

I was also able to update to 16.43.20

@ajoslin103 interesting… did you generate this script with AI?

@rafaelfonte Portions of it, yes. I've been working on several other bash+docker scripts that have to run in very tightly controlled environments and it's nice not to have to debug everything

I've been absolutely loving Windsurf (by codeium) and have just yesterday finished a 3 week effort to get a new module written almost entirely without touching the code. in the end it only worked when I gave it super detailed instructions and walked it thru how I wanted the problem solved. When I gave it free reign it overcreated (in just almost valid ways) and failed 3 times.

@rafaelfonte than you so much, with these instructions I was able to sign into Office apps with an old High Sierra Mac.

Unfortunately, it does not work completely with OneDrive - following the instructions, after releasing the intercepted call I was able to get past the blank window as for the other apps, but in the case of OneDrive I'm then stuck on a subsequent "Loading" page... Any idea how to continue from there?

Big thanks! Got it working, High Sierra & Office 2019.

I used the WIP addon method. I still needed to go to the network, setup proxies, install mitmproxy certificate and trust it. It is not clear that these steps are required at the WIP recipe.