How Install Office 2019 on old Mac OS when you're stuck on a blank authentication page

install-office-2019-old-mac.md

Pre-requisites

• Have an old Mac Laptop with an old MacOS version that you need Microsoft Office installed on (works with Intel-based Mac running High Sierra)
• Have an Office 365 License
• You attempted to install Office and, when prompted to input your account details to authenticate in each Office App, the authentication window turns blank (in my case, it occurs right after inputting the account email)

• Although it presents similiar issues when authenticating, I can't tell for sure if it works with Office 2016 (which I also installed, but moved on from before trying out this approach). This method was tested with Office 2019 alone.

Limitations

• This method works for most of the apps bundled in Office 2019 (tested with Excel, Word, PowerPoint and OneNote - I think Outlook doesn't require it, although I haven't set it up). However, I couldn't get it to work for Microsoft Teams, as it seems to follow an alternate authentication approach that I haven't investigated too deeply as I wasn't invested in getting that App specifically to work.
• In its current state, this method will require you to move quickly to manually select, alter and submit the intercepted request. It may take a few attempts to do it quickly enough (from what I tested, it seems like you need to do it in under 30s). Maybe this method could be replaced by a small mitmproxy add-on to overcome this

Method details

The method involves intercepting the App request made from the authentication window (i.e. the embedded browser window that pops up when the Microsoft Office App attempts to authenticate to your Microsoft Account) that leads to the blank page, using that request URL in a browser to complete the login, capturing the result code and then forcing the authentication page window to redirect to that same code URL. In other words, we will run part of the authentication process from a separate browser in order to see it completed and then simply return the auth code to the authentication window via a specially-crafted redirect response.

Intercepting and modifying the authentication window requests may take some time to learn and to execute quickly enough. Take some time to understand how it works in order to do that, as the authentication page times out after a certain period of time without a response. I highly recommend learning the tool shortcuts to avoid wasting any time in that process.

Steps

1. Have a working browser available in the machine (in my case I had to install the latest available Firefox for MacOS High Sierra)
2. Download and install Office 2019 for Mac
   1. Here you should be able to find a version that works in your case: https://learn.microsoft.com/en-us/officeupdates/update-history-office-for-mac
3. Install this proxy tool for intercepting and modifying the authentication requests: https://mitmproxy.org/
   1. You need to install an older version that is compatible with your macOS version: https://mitmproxy.org/downloads/
4. Start up the proxy tool (in my case, it opened a Terminal window with a text-based UI)
5. Enable proxy in the computer network settings (I've set it to proxy both http and https traffic via 127.0.0.1:8080)
   1. The tool should be showing flows in the Terminal UI

6. Install the tool certificates and have the machine trust them in order to intercept and manipulate https traffic: https://docs.mitmproxy.org/stable/concepts-certificates/
   1. This should lead you to the following local URL, which the proxy will intercept: mitm.it
   2. Remember to set this certificate to "Always Trust"

8. Select one Office App that you wish to authenticate under and start the App

   1. After providing your email, the authentication page should go blank when requesting the password
   2. Look for the last request made by the authentication window in the mitmproxy tool before it went blank. Focus on that URL with the arrow keys and hit enter to highlight the request details. Copy that URL
      1. In my case, the URL looked like this: https://login.live.com/oauth20_authorize.srf?client_id=...
      2. After copying it from the Terminal, I also had to remove some spaces that got copied from the terminal window
   3. Disable the computer proxy setting (otherwise the next step won't work)
   4. Open the captured URL in a browser (I've done it with Firefox) and finish the authentication process:

   

   5. Now you should have been redirected to a blank page with an URL containing a code query parameter. Copy that URL
      1. In my case, the URL looked like this: https://login.live.com/oauth20_authorize.srf?lc=1046#access_token=...
   6. Re-enable the computer proxy setting

9. Let's now authenticate the Office App

   1. Go back to the authentication window, click back

   2. In the mitm proxy UI, configure an intercept command. We'll use it to intercept and modify the response to the request that leads to the blank page this time: https://docs.mitmproxy.org/stable/mitmproxytutorial-modifyrequests/. This is the setting I used:

      1. Intercept, to hold back from responding to authentication requests (shortcut i): /oauth20_authorize.srf
      2. (RECOMMENDED) Filter, to ensure that only relevant flows will show up (shortcut f): login.live.com

   3. Run through the authentication steps for the Office App once more. Right after that, go to the mitm proxy tool UI and look for the intercepted request flow and hit enter. Intercepted request flows will appear in red

   4. Within the intercepted request, modify the following response properties:

      1. Response headers (shortcut e 9, then a to add row):
         1. Key: Location
         2. Value: <Full URL with the access token you copied earlier>
      2. Response code (shortcut e c): 302

   5. Once both response code and headers are altered, go back to the flow list and hit a to allow response through

   6. Take a look at the Office App authentication window - it should have been able to move forward with the authentication process. You should now have your App authenticated with your Microsoft Account.

   7. You can re-use the same code URL for all Office apps you wish to authenticate to (earlier in the document I listed the Apps it worked with)

10. Once you're done, remove the proxy setting from your network settings and feel free to uninstall mitmproxy

11. I also recommend removing the mitmproxy certificates from your local keychain as you'll no longer need them (or, at least, set them as not trusted).

Alternate method - mitmproxy addon (WIP)

This alternate method is a slight variation of the method above that involves the aid of a mitmproxy addon to automate some of the steps. Executing this method requires some level of familiarity with the Mac Terminal application.

1. Copy the office-auth-redirect.py addon file to the same folder where the mitmproxy application is present
2. To launch the proxy, open the Terminal application and head over to the folder where the mitmproxy app and proxy addon are located. Here is an example where the mitmproxy application is located in the Downloads folder:

$ cd ~/Downloads

# Assuming that mitmproxy and the pyhton addon script are here:
$ ./mitmproxy.app/Contents/MacOS/mitmproxy -s office-auth-redirect.py

3. This should start the proxy with the addon script. Now, attempt to log into the Office App.
   1. If you have Firefox installed, this should open a Window in it where it says that you are attempting to access a page via unsafe means. Disable the proxy from the network settings and reload the page. It should get you through the steps required to authenticate to your Office 365 account (beware: it won't need to happen if you are logged into Office 365 already). You should end up in the URL with the Auth code at the end of the flow (it's a blank page, like the one shown in the steps from the regular method above). Copy that Auth code URL
   2. If you don't have Firefox installed, while in the mitmproxy UI, hit E and look for a line that starts with Head over to this URL in your browser if you haven't yet: . Copy the URL from that line and head over to a browser with it, after disabling the proxy in the networking settings. Copy the Auth URL at the end of the authentication process.
4. Re-enable the proxy in the Network settings
5. Close the mitmproxy tool in the Terminal (hit q to quit and y to confirm)
6. Open the office-auth-redirect.py file with a text editor (e.g. you could use vim from the Terminal)
7. Add the Auth URL you acquired to the AUTH_URL variable (don't forget to retain the quotes) and save the file.
   1. With this done, the script will behave differently: instead of opening a browser window, it will immediately redirect authentication attempts to the appropriate Auth code URL instead.
8. Restart mitmproxy with the same command line once again
9. Try to authenticate into Office from the Office App once again. This time, you should see the App successfully authenticating into Office 365

office-auth-redirect.py

"""mitmproxy addon to aid in logging into office from old Mac"""

from mitmproxy import http

import logging, os

# Once you have the auth code URL, place it in the variable below (remember to keep it between double quotes!)
AUTH_URL=""

def request(flow: http.HTTPFlow) -> None:
    if flow.request.url.startswith("https://login.live.com/oauth20_authorize.srf") and AUTH_URL == "" and "AppleWebKit" in flow.request.headers["User-Agent"]:
        logging.info("Head over to this URL in your browser if you haven't yet: %s"%(flow.request.url))
        os.system("open /Applications/Firefox.app -g '%s'"%(flow.request.url))

def response(flow: http.HTTPFlow) -> None:
    if flow.request.url.startswith("https://login.live.com/oauth20_authorize.srf") and AUTH_URL != "":
        logging.info("Redirecting to AUTH_URL...")
        flow.response.headers["Location"] = AUTH_URL
        flow.response.status_code = 302

@Jean-LucWa I updated the gist with a (for now) Work In Progress alternative that involves using a mitmproxy addon to automate some of the steps. It requires some familiarity with the Terminal to work.

Very helpful of you. (familiarity with the Terminal to work) is something I might not have? I am away for a month from the location where my High Sierra iMac is located so I don't think I will be able to try remotely but I will definitely try it when I return, in the meantime I have my Macbook (M1 - Sonoma 14.7.2) with me not sure if I could try on it or a friend has an older Macbook (Monterey 12.7.6). I will give it a go in the next 3-4 days. Best wishes for the festive season and for a happy and prosperous New Year. Jean-Luc

@rafaelfonte many thanks for posting this! It almost works for me, but I run into an issue:

I tried both the manual mitmproxy method as well as the python script. Any ideas? At least I can use it for 15 days but then I have to run mitmproxy again.

@stanmoore1 sorry, never ran into that message before so it's hard to tell what might've happened.
What Office version are you installing? Is it 2019?
Is your license still valid?
Did you manage to get an auth code in the format detailed in the steps?

@rafaelfonte yes Office 2019--I have a valid license and I got an auth code but also got some 403 forbidden errors in mitmproxy after redirecting the response with the auth code. I tried everything and couldn't get it to work on High Sierra, so I finally installed macOS Monterey using OpenCore Legacy Patcher and updated MS Office 2019 to the last version in Monterey (16.78), and then Office was finally able to activate successfully. Then I copied the plist license files back to the High Sierra partition and now it all works. Note that the Office license is tied to the boot drive serial number so it all has to be done on the same drive. Even with Office 16.43 in Monterey I still got the same error as above, so it wasn't a problem with your workflow. Updating to Office 16.78 was the key. Thanks for creating this Gist!

I'm too old and slow to click all those things and get everything right - but I can write a script !!

---

It's a Cookbook !!

1. required: your certs are installed and trusted, and you have run the mitproxy tool from the terminal 👍
2. if it’s still open, close the mitproxy tool: hit ctrl-c, and answer the question with `y`
3. note the command that you used to run the mitproxy tool - you will need it to update the script
4. start a new text file by typing this command `cat > office-auth.sh` and hitting return
5. use copy and paste to fill the file with the whole office-auth.sh script, then hit return, and hit ctrl-d to close the file
6. check your work by typing `ls -l office-auth.sh` and hit return
7. confirm the output something like this: steve$ -rw-r--r--  1 steve  staff  1157 20 Jan 14:07 office-auth.sh
8. make the script executable like this: `chmod 755 office-auth.sh` (there will be no output)
9. confirm the output added x’s like this: steve$ -rwxr-xr-x  1 steve  staff  1157 20 Jan 14:07 office-auth.sh
10. type `pwd` and hit return - this should help in creating an absolute path to the the mitproxy tool
11. update that path in the top of the script and save your changes
12. to confirm: paste the absolute path into the terminal and hit return - the mitproxy tool should open

👍 ok, if you feel good at this point then we are going to run the script with ./office-auth.sh

This is what we will do with the script:

1. confirm you are logged into your MS365 account
2. authenticate the script, so we can turn the proxy on and off
3. configure a filter in the mitproxy tool to reduce confusion
4. copy the authentication URL to your clipboard so we can clean it
5. with the cleaned url complete the authentication to get an url with a token
6. configure an intercept into the mitproxy tool to add the token url to the request
7. complete activation in the product

NOTE: the script will take care of turning the proxy on and off as needed, cleaning and presenting the urls for you to copy and paste, and will prompt you when you need to take the next step

👍 congrats!! we are now ready to run everything and do the task of authentication. Together we will use the proxy and attempt to activate the software, the script will prompt you so you know when to do what 👍

---

---

script: office-auth.sh

#!/bin/bash

# update this cmd to the full path to the mitproxy at it's actual location --> YMMV !!
mitproxy_cmd="/Users/steve/Downloads/mitmproxy.app/Contents/MacOS/mitmproxy"

## shouldn't need any changes below here ##

# source the bash profile
source ~/.bash_profile

# Function to turn on the proxy
turn_on_proxy() {
sudo networksetup -setsecurewebproxy "Wi-Fi" 127.0.0.1 8080
sudo networksetup -setwebproxy "Wi-Fi" 127.0.0.1 8080
    echo "" && echo ""
    echo "The proxy has been turned ON"
}

# Function to turn off the proxy
turn_off_proxy() {
    sudo networksetup -setwebproxystate "Wi-Fi" off
    sudo networksetup -setsecurewebproxystate "Wi-Fi" off
    echo "" && echo ""
    echo "The proxy has been turned OFF"
}

# Trap script to turn OFF the proxy if the script is cancelled
trap turn_off_proxy EXIT

## setup is done, we get started below here ##

# 
# USER INSTRUCTIONS - LOGIN TO YOUR OFFICE 365 ACCOUNT
echo "" && echo "" && echo "1. LOGIN TO YOUR OFFICE 365 ACCOUNT"
echo "" && echo "--------------------------------------------"

# wait for the user to finish the process in the mitproxy app
echo "" && echo "Ok, you have logged into your 365 account (likely at account.microsoft.com)"
echo "" && read -p "Press Enter key to acknowledge and continue... (ctrl-c to cancel and quit)"

# 
# USER INSTRUCTIONS - AUTHENTICATE THIS SCRIPT
echo "" && echo "" && echo "2. AUTHENTICATE THIS SCRIPT"
echo "" && echo "--------------------------------------------"

# authenticate the script
echo "" && echo ""
echo "Ok, now we authenticate this script"
echo "  (so we can turn the proxy off and on as needed)"
echo "  NOTE: You May Be Asked For Your Password Here :NOTE"
echo "" && read -p "Press Enter key to acknowledge and continue... (ctrl-c to cancel and quit)"
sudo -s date || exit 1

# 
# USER INSTRUCTIONS - CONFIGURE A FILTER IN THE MITMPROXY TOOL
echo "" && echo "" && echo "3. CONFIGURE A FILTER IN THE MITMPROXY TOOL"
echo "" && echo "--------------------------------------------"

# wait for the user to return from the mitproxy window
echo "Ok, so the mitproxy WILL OPEN in another window"
echo "  where you WILL BE setting up a filter to limit the display "
echo "" && read -p "Press Enter key to acknowledge and continue... (ctrl-c to cancel and quit)"

# open the mit proxy into a new terminal window
osascript -e "tell application \"Terminal\" to do script \" ${mitproxy_cmd} \""

# wait for the user to return from the mitproxy window
echo "" && echo "Ok, so the mitproxy HAS OPENED in another window"
echo "  and you DID HIT the Shortcut: f and HAVE ENTERED: login.live.com "
echo "" && read -p "Press Enter key to acknowledge and continue... (ctrl-c to cancel and quit)"

# 
# USER INSTRUCTIONS - START ACTIVATION AND COPY THE AUTHORIZATION URL
echo "" && echo "" && echo "4. START ACTIVATION AND COPY THE AUTHORIZATION URL"
echo "" && echo "--------------------------------------------"

    # toggle the proxy ON
    turn_on_proxy

        unset AllegedURL
        # try to copy from the clipboard - sometimes it takes a few tries...
        while [ -z "${AllegedURL}" ]; do

            # wait for the user to return with an authorization URL
            echo "" && echo "Now, go and attempt to activate your product"
            echo "  and when the dialog goes blank, switch to the mitproxy tool"
            echo "  and click the authorization URL and copy it to your clipboard"
            echo "" && echo "Don't continue until you have copied the authorization URL to your clipboard"
            echo "  NOTE: on a Mac I had to hold down the fn key to select anything in the mitproxy tool :Note"
            echo "" && read -p "Press Enter key to acknowledge and continue... (ctrl-c to cancel and quit)"

            # attempt copy from clipboard
            AllegedURL=$(pbpaste)
            # echo "from clipboard: ${AllegedURL}"

        done

    # toggle the proxy OFF
    turn_off_proxy

# clean the alleged url and return the authorization URL
AuthenticationURL=$(echo "${AllegedURL}" | tr -d ' \n')

# 
# USER INSTRUCTIONS - WITH THE CLEAN URL, COMPLETE THE AUTHENTICATION IN BROWSER
echo "" && echo "" && echo "5. WITH THE CLEAN URL, COMPLETE THE AUTHENTICATION IN BROWSER"
echo "" && echo "--------------------------------------------"

echo "" && echo "Cleaned URL: "
echo "" && echo "${AuthenticationURL}"
echo "" && echo ""
echo "Copy and paste this cleaned url into a browser and complete the Activation"
echo "(the window CAN REMAIN BLANK and the url STILL HAVE CHANGED to show a token)"

echo "" && echo ""
echo "Copy the final url from the browser (should be a token in the url) to your clipboard so we can clean it"

unset AllegedURL
# try to copy from the clipboard - sometimes it takes a few tries...
while [ -z "${AllegedURL}" ]; do

    # wait for the user to return with an authorization URL
    echo "" && echo "Now that Activation is done, copy the final URL from the browser"
    echo "  and when you have copied the final URL from browser come back here"
    echo "" && echo "Don't continue until you have copied the final URL with token to your clipboard"
    echo "" && read -p "Press Enter key to acknowledge and continue... (ctrl-c to cancel and quit)"

    # attempt copy from clipboard
    AllegedURL=$(pbpaste)
    # echo "from clipboard: ${AllegedURL}"

done

# clean the alleged url and return the an URL with a Token
URLWithToken=$(echo "${AllegedURL}" | tr -d ' \n')

# 
# USER INSTRUCTIONS - SETUP THE INTERCEPT IN THE MITMPROXY TOOL
echo "" && echo "" && echo "6. SETUP THE INTERCEPT IN THE MITMPROXY TOOL"
echo "" && echo "--------------------------------------------"

# wait for the user to turn on the intercept mode in the mitproxy app
echo "" && echo "Now switch to the mitproxy tool AND configure an intercept"
echo "  enter the Shortcut i and enter: /oauth20_authorize.srf "
echo "" && read -p "Press Enter key to acknowledge and continue... (ctrl-c to cancel and quit)"

# wait for the user to return from the mitproxy window
echo "" && echo "Ok, so you DID SWITCH to the mitproxy tool and "
echo "  enter the Shortcut i and enter: /oauth20_authorize.srf "
echo "" && read -p "Press Enter key to acknowledge and continue... (ctrl-c to cancel and quit)"

# 
# USER INSTRUCTIONS - COMPLETE THE AUTHENTICATION IN THE PRODUCT USING THE INTERCEPT
echo "" && echo "" && echo "7. COMPLETE THE AUTHENTICATION IN THE PRODUCT USING THE INTERCEPT"
echo "" && echo "--------------------------------------------"

    # toggle the proxy ON
    turn_on_proxy

        echo "" && echo "Cleaned Token URL: "
        echo "" && echo "${URLWithToken}"
        echo "" && echo ""

        # wait for the user to continue the process in the mitproxy app
        echo "" && echo "Hit back on the authentication dialog and then proceed again entering your creds"

        # wait for the user to continue the process in the mitproxy app
        echo "" && echo "The interceptor will pause the call while you Add the Authenticated URL and set a rturn code"

        # wait for the user to continue the process in the mitproxy app
        echo "" && echo "Click on the paused call to select it"

        # wait for the user to continue the process in the mitproxy app
        echo "" && echo "Ok, add a header row, with Shortcut e, 9, a"
        echo "  where KEY: Location and VALUE: <your pasted URLWithToken>"
        echo "  finish the new row by hitting Escape twice"

        # wait for the user to continue the process in the mitproxy app
        echo "" && echo "Then add a response code, with Shortcut e, c, and enter 302 and hit return"

        # wait for the user to continue the process in the mitproxy app
        echo "" && echo "Now type a capital A to release the intercepted call, (and again with capital A should any more calls get intercepted)"

        # wait for the user to finish the process in the mitproxy app
        echo "" && echo "Finally the authentication should go thru, and you will have succeeded 👍"
        echo "" && read -p "Press Enter key to acknowledge and finish this script"        

    # toggle the proxy OFF
    turn_off_proxy

# finished

@ajoslin103 interesting… did you generate this script with AI?

This works for me.....
https://gist.github.com/zthxxx/9ddc171d00df98cbf8b4b0d8469ce90a

What I have:
MB Pro mid 2010
High Sierra 10.13.6

It didn't asked to Activate, when I check Word, it opens right away then when I click About, it says it is already licensed.

Here's what I did.

1. Install the the Office 16.27 (Do Not Open App after install)
2. Install the Office License Removal (to ensure previous failed activations are cleared / cleaned)
3. Install MS Office 2019 VL Serializer

Boom it worked!!

I was also able to update to 16.43.20

@ajoslin103 interesting… did you generate this script with AI?

@rafaelfonte Portions of it, yes. I've been working on several other bash+docker scripts that have to run in very tightly controlled environments and it's nice not to have to debug everything

I've been absolutely loving Windsurf (by codeium) and have just yesterday finished a 3 week effort to get a new module written almost entirely without touching the code. in the end it only worked when I gave it super detailed instructions and walked it thru how I wanted the problem solved. When I gave it free reign it overcreated (in just almost valid ways) and failed 3 times.

@rafaelfonte than you so much, with these instructions I was able to sign into Office apps with an old High Sierra Mac.

Unfortunately, it does not work completely with OneDrive - following the instructions, after releasing the intercepted call I was able to get past the blank window as for the other apps, but in the case of OneDrive I'm then stuck on a subsequent "Loading" page... Any idea how to continue from there?

Big thanks! Got it working, High Sierra & Office 2019.

I used the WIP addon method. I still needed to go to the network, setup proxies, install mitmproxy certificate and trust it. It is not clear that these steps are required at the WIP recipe.

MITM script (Deepseek's work, my testing...) which fixes the issue automatically.

I have just used it to activate my Office 2016 on my High Sierra (OSX's webkit lacks polyfill / Object.fromEntries ...).

I produced this before finding out about your efforts and hopefully it will help someone out there:

from mitmproxy import http

POLYFILL = b"""
<script nonce="polyfill">
// Ultra-compatible polyfill
if(!Object.fromEntries){
    Object.fromEntries=function(e){
        var o={},i,p;
        try{
            if(Array.from){
                Array.from(e).forEach(function(p){o[p[0]]=p[1]});
            }else{
                for(i=0;i<e.length;i++)o[e[i][0]]=e[i][1];
            }
        }catch(e){
            for(p in e)o[e[p][0]]=e[p][1];
        }
        return o;
    };
    console.log("Polyfill loaded");
}
</script>
"""

def response(flow: http.HTTPFlow) -> None:
    try:
        # Robust host checking that works with any input type
        host = flow.request.host
        target = "login.live.com"

        # Convert both to strings in a safe way
        if isinstance(host, bytes):
            host_str = host.decode('utf-8', errors='ignore')
        else:
            host_str = str(host)

        # Case-insensitive comparison
        if target.lower() not in host_str.lower():
            return

        # Only modify HTML responses
        if not flow.response or not flow.response.content:
            return

        content_type = flow.response.headers.get("content-type", "")
        if isinstance(content_type, bytes):
            content_type = content_type.decode('utf-8', errors='ignore')

        if "text/html" not in content_type.lower():
            return

        # Convert content to bytes if needed
        content = flow.response.content
        if isinstance(content, str):
            content = content.encode('utf-8')

        # Remove CSP headers
        csp_headers = ["content-security-policy", "x-content-security-policy"]
        for header in csp_headers:
            if header.encode() in flow.response.headers:
                del flow.response.headers[header.encode()]

        # Find injection point
        injection_points = [b"<head>", b"<html", b"<!DOCTYPE", b"<body"]
        for point in injection_points:
            if point in content:
                flow.response.content = content.replace(
                    point,
                    point + POLYFILL,
                    1
                )
                print(f"✓ Injected into {flow.request.url}")
                return

        # Final fallback: prepend
        flow.response.content = POLYFILL + content
        print(f"✓ Prepended to {flow.request.url}")

    except Exception as e:
        print(f"✗ Error: {type(e).__name__}: {str(e)}")

Hi @brightidea123, can you please give some more details on how exactly your code can be used to activate Office 2016 on High Sierra? Many thanks in advance.

@koosdevos

step-by-step instructions to:

• Install and set up MITMProxy on macOS High Sierra
• Trust the MITMProxy CA certificate system-wide
• Configure the system proxy settings
• Run MITMProxy with the necessary script and arguments

Activating Office 2016 on macOS High Sierra with MITMProxy (Step-by-Step Guide)

Older Macs running macOS High Sierra can encounter a blank sign-in window when trying to activate Microsoft Office 2016. This happens because the embedded web view in Office (which uses High Sierra’s older WebKit engine) doesn’t support some modern web features needed by the Office 365 login page. To resolve this, we will use a man-in-the-middle proxy tool (mitmproxy) along with a custom script to inject a fix into the authentication page. This method requires a valid Office 2016 license tied to your Microsoft account (it doesn’t bypass licensing – you must sign in with your own credentials that have an Office license). The steps below will guide you through setting up mitmproxy, configuring your Mac to use it, trusting its certificate, and then activating Office 2016 by signing in successfully.

Prerequisites

• Office 2016 installed on your Mac High Sierra system.
• An Office 365 or Office 2016 license associated with your Microsoft account (you'll sign in with this account to activate).
• Administrator access on the Mac (to install software and trust certificates).
• Internet connectivity (for contacting Microsoft’s activation servers via the proxy).
• mitmproxy tool downloaded and installed (steps below).
• The MITM proxy script provided by @brightidea123 (the Python code that will inject the necessary fix into the login page) – save this script as a file on your Mac (e.g., office2016_login_fix.py). This script was confirmed to fix the blank activation page issue for Office 2016 on High Sierra by injecting a polyfill for missing JavaScript features.

Steps to Set Up MITMProxy and Activate Office 2016

1. Install mitmproxy on your Mac: Download and install the mitmproxy tool, which will allow us to intercept and modify web traffic. If you use Homebrew, you can install it by running brew install mitmproxy in Terminal. Otherwise, download a compatible version from the [official mitmproxy website](https://mitmproxy.org/) (High Sierra may require using an older mitmproxy release). After installation, you should be able to open Terminal and run mitmproxy --version to verify it’s installed. (The gist we’re following suggests using an older mitmproxy build for compatibility with High Sierra, so if the latest version doesn’t run on your OS, grab a previous release from the mitmproxy downloads page.)

2. Save the Office activation fix script: Copy the Python script provided by brightidea123 (from the GitHub Gist comment) into a text file on your High Sierra Mac. You can use a simple text editor (e.g., TextEdit in plain text mode or Nano in Terminal) to create the file. Save the file as, for example, office2016_login_fix.py. Ensure the file includes the entire code snippet starting with from mitmproxy import http and defining the response function. This script is what modifies the Office login page on the fly by injecting a JavaScript polyfill for the Object.fromEntries function, which High Sierra’s web view lacks. (The code specifically targets the Microsoft login page and injects a small script to add the missing Object.fromEntries functionality, allowing the page to load properly.)

3. Launch mitmproxy with the script: Open Terminal on your Mac and navigate to the folder where you saved the script (e.g., cd ~/Desktop if you saved it on the Desktop). Run mitmproxy with the script by entering:

   mitmproxy -s office2016_login_fix.py

   This command starts the mitmproxy proxy and loads your script (-s means run this Python script as a mitmproxy addon). You should see the mitmproxy interface open in the Terminal (a text-based UI). By default, mitmproxy will listen as an HTTP/HTTPS proxy on 127.0.0.1 port 8080. Leave this Terminal window open and running while you proceed (it is now waiting to intercept network traffic). If everything is set up correctly, you’ll later see log messages in this window when the script injects the fix (e.g., lines indicating “✓ Injected into ...” once the Office sign-in page is intercepted).

4. Configure macOS to use the proxy for web traffic: Now you need to direct your Mac’s internet traffic through the mitmproxy. Go to System Preferences > Network, select your active network interface (e.g. Wi-Fi), then click Advanced and go to the Proxies tab. Enable both Web Proxy (HTTP) and Secure Web Proxy (HTTPS), and set the proxy server address to 127.0.0.1 and Port to 8080 for both protocols. Click OK and then Apply to save the settings.

   The screenshot above shows the proxy settings in macOS High Sierra. Both HTTP and HTTPS proxies are pointed to the local mitmproxy at 127.0.0.1:8080. Enabling these ensures that Office’s sign-in request will be routed through our proxy tool.

5. Install and trust the mitmproxy certificate: Because Office’s sign-in uses HTTPS, we need to allow mitmproxy to decrypt and re-encrypt this secure traffic. Mitmproxy generates its own Certificate Authority (CA) certificate for this purpose. With the proxy still running and the system proxy enabled, open a web browser on your Mac and navigate to http://mitm.it/. This will load mitmproxy’s certificate installation page (since your traffic is going through the proxy, mitmproxy intercepts this request and serves a local page). On the mitm.it page, click the Apple icon or the link for macOS to download the certificate (mitmproxy-ca-cert.pem). Once downloaded, double-click the certificate file to open it in Keychain Access. You may be prompted to add the certificate to your keychain (add it to the login keychain by default).

   Next, find the newly added “mitmproxy” certificate in Keychain Access (it will likely be in the Certificates category). Right-click it and choose Get Info, or simply double-click it to open its details. Expand the Trust section, and for “When using this certificate,” select “Always Trust.” You will need to enter your administrator password to confirm this change. Marking it as “Always Trust” is crucial; it tells your system to trust the proxy’s certificate so that secure connections won’t be blocked. After this, the certificate icon may show a blue plus or a white checkmark, indicating it’s trusted.

   The image above shows the mitmproxy certificate being set to “Always Trust” in Keychain Access. By downloading the certificate via mitm.it and trusting it, you allow mitmproxy to act as an intermediary for HTTPS connections without MacOS or Office raising security errors. Be sure to authenticate the trust change with your admin password when prompted.

6. Sign in to Office 2016 to activate: Everything is now in place to fix the blank login issue. Ensure mitmproxy is still running and your proxy settings are enabled. Launch an Office 2016 app that needs activation (for example, Microsoft Word). When prompted to Sign In, enter your Microsoft account email and proceed. This time, when the Office activation dialog tries to load the password page, it should not remain blank – it will load the Microsoft login page properly (it may take a moment). The script running in mitmproxy will detect the Office sign-in page (from the domain login.live.com) and inject the missing JavaScript polyfill into it on the fly. This injection allows the page to function in High Sierra’s older web view. You can then enter your Microsoft account password and complete any 2FA if prompted, just as you would in a normal browser. After submitting your credentials, Office should accept the login and activate.

   • Watch the Terminal output: As you sign in, you should see messages in the mitmproxy Terminal window indicating that the script found the page and injected the polyfill (look for lines with “✓ Injected into [https://login.live.com/...”](https://login.live.com/...”)). This feedback confirms the fix was applied.
   • Activation success: Once signed in, the blank window should close and the Office application will open normally, now logged in with your account. You can verify activation by going to the app’s Help > About or Account section – it should show your email/account and that the product is licensed. (If the login page still doesn’t load or remains blank, double-check that the proxy is enabled and the certificate is trusted. Also ensure your account is indeed linked to an Office license.)

7. Disable the proxy and clean up (after activation): After your Office 2016 is activated, you should turn off the proxy settings to return your Mac’s network to normal. Go back to System Preferences > Network > Proxies and uncheck the Web Proxy and Secure Web Proxy boxes, then apply the changes. This will restore your internet connection to bypass the local proxy. You can then go to the Terminal running mitmproxy and press Q to quit (then Y to confirm exit if using the interactive interface). It’s also a good idea to remove the mitmproxy certificate from your Keychain or at least set it back to “Never Trust” now that you’re done, for security purposes. Simply find the mitmproxy certificate in Keychain, right-click and delete it (or change its trust setting to default). If you ever need to run this fix again, you can always re-install the certificate.

By following the above steps, you’ve effectively worked around the High Sierra blank authentication page issue. Mitmproxy, combined with the custom script, injected a missing web capability into the Office sign-in dialog, allowing you to log in with your own Microsoft credentials and activate Office 2016 on your older Mac. This gives you full access to your Office apps without upgrading your OS. Enjoy your activated Office 2016, and remember that you can re-use this method in the future if you encounter the blank sign-in window again (just run mitmproxy with the script and enable the proxy/cert as done here). Finally, since this solution was intended for an end-user, we made sure to use straightforward steps – no coding experience is required beyond copying the script and running commands as shown. You have now successfully signed in and activated Office on High Sierra using the mitmproxy workaround. ✅

Thank you so much, works like a charm! The only thing we had to adapt was the ip-address for the proxy and to use https://mitm.it instead of http://mitm.it.