OAuth2

  • 08 May

    Sending emails using GMail SMTP with OAuth2 authentication – OOB

    Q: Sending emails using GMail SMTP with OAuth2 authentication. I am trying to set up an outgoing email notification that will happen when a file moves to it’s destination.

    8th of May 2022, we are working on an update because of: OAuth out-of-band (oob) flow will be deprecated

    Instead of the Google URI urn:ietf:wg:oauth:2.0:oob you’ll have to use a loopback (IP) address as Redirect URI like http://127.0.0.1 or http://localhost

    Starting from version v2022.5.8.0 a redirect port will be added to the OAuth2 setup which is only needed during the OAuth2 verification setup.

     

    A: Yes this is possible.

    First check if you enabled the GMail API in your account: https://support.google.com/googleapi/answer/6158841?hl=en

    Secondly we’ll need credentials ‘Client ID and Client Secret’  for the OAuth2 authentication: https://support.google.com/googleapi/answer/6158857?hl=en&ref_topic=7013279

    We added some screenshots to help you with the setup.

    Limagito File Mover SMTP Setup

    Don’t forget the Security Options:

    Limagito File Mover SMTP Setup

    OAuth2 Setup:

    OAuth out-of-band (oob) flow will be deprecated
    Please add the following information:
    – Authorization Endpoint URL: https://accounts.google.com/o/oauth2/v2/auth
    – Token Endpoint URL: https://www.googleapis.com/oauth2/v4/token
    – Client ID
    – Client Secret
    – Scope: https://mail.google.com/
    – Redirect URI: http://127.0.0.1
    – Redirect Port: 3017 (can be any other port that is not in use)
    Click GET and your browser will open. Please follow the steps in your browser and after acceptance we will automatically fill in Refresh Token and Access Token. Do not forget to <Save> afterwards.

    Limagito File Mobver GMail SMTP with OAuth2

    RunTime Log Result when testing:

    8/05/2022 17:54:07 OAuth2 Authorization Successful
    8/05/2022 17:54:09 Send Success C:\Test\In\IntroXFM.pdf to smtp.gmail.com;1356113
    8/05/2022 17:54:09 ************************************************************
    8/05/2022 17:54:09 Rule Start Time: 8/05/2022 17:54:07
    8/05/2022 17:54:09 Rule End Time: 8/05/2022 17:54:09
    8/05/2022 17:54:09 Total Files Successful, Count: 1 & Size: 1356113
    8/05/2022 17:54:09 ************************************************************

    #FileTransfer

    If you need any info about this ‘GMail SMTP with OAuth2’ question, please let us know.

    Best regards,

    Limagito Team

  • 31 Jul

    Connecting to Office 365 email using IMAP and OAuth2 authentication

    Q: Connecting to Office 365 email using IMAP and OAuth2 authentication.

    Wir versuchen gerade mit Limagito eine Verbindung zu einem MS Office 365 Email Postfach herzustellen und scheitern an der OAuth2 Authntifizierung. Wir wissen nicht genau was alles in die Felder muss.

    A: Best to use a more recent version since we did quite some code changes for IMAP4 as Source and OAuth2 authentication in version v2021.8.5.0 to make it easier to connect to MS Office 365.

    Important: Setup your App Registration in Azure beforehand. Here are the steps:

    1) In the Azure portal, go to Azure Active Directory. In “App registrations” create a “+ New registration”.
    2) Register the app with Redirect URI = “http://localhost:3017”.
    3) Goto “API permissions” to add permissions. For this OAuth2 authorization flow, we’ll add “Delegated permissions”.
    4) Add IMAP.AccessAsUser.All and offline_access permissions.
    5) Go to “Certificates & secrets” and add a new client secret.
    6) In “App registrations”, go to “Endpoints” (located to the right of the “+ New registration” link. Note your endpoints for “OAuth 2.0 authorization endpoint (v2)” and “OAuth 2.0 token endpoint (v2)
    7) Also, just in case, go to your Microsoft 365 admin center (this is not Azure). Go to your Active users. Click on a user to find the “Manage email apps” link. See Microsoft 365 Manage Email Apps
    8) Click on “Manage email apps”. Then make sure the “IMAP” checkbox is checked.

    Next, configuration of our File Mover:

    • Add IMAP4 as Source

    Limagito File Mover IMAP4 as Source

    • IMAP4 Setup. Be sure to select our second API Vendor: ‘Vendor 2 – CK’.

    Limagito File Mover IMAP4 Setup

    • IMAP4 Security Setup (please use version v2021.8.5.0 or higher).

    Limagito File Mover IMAP4 Security Setup

    • IMAP4 Common Setup

    Limagito File Mover IMAP4 Common Setup

    • IMAP4 OAuth2 Setup

    Limagito File Mover IMAP4 OAuth2 setup

    1. Fill in the correct Authorization and Token Url
    2. Enter Client ID and Secret
    3. Adjust your scope to: openid profile offline_access https://outlook.office365.com/IMAP.AccessAsUser.All
      • Provide a SPACE separated list of scopes.
      •  Important: The offline_access scope is needed to get a refresh token.
    4. Set Redirect URI to: http://localhost:3017/
    5. Set Redirect Port to 3017
      • This should be the port in the localhost callback URL for your app.
      • The callback URL would look like “http://localhost:3017/”, if the port number is 3017.
      • The redirect must go to http://localhost:/. It must be localhost, and it cannot be “https”.

    Next, click on the <GET> button.

    Should ‘Windows Defender’ popup, please <Allow access>.

    Limagito File Mover IMAP4 Oauth2

    Your browser will open and ask you for ‘Confirmation’.

    Limagito File Mover IMAP4 OAuth2

    Follow the routine in your browser and accept the authorization request.

    Limagito File Mover IMAP4 OAuth2 Access is granted

    Now you can close the browser. The ‘Refresh’ and ‘Access’ Token in the IMAP4 OAuth2 Setup should contain values. Click <Save>.

    Limagito File Mover IMAP4 OAuth2 Setup

    The IMAP as Source configuration is finished. Just add a Destination and you are ready to go.

    If you need any help with this ‘Office 365 email using IMAP’ request, please let us know.

    Some extra information: ‘Explaining OAuth2 Authentication’.

    The OAuth2 Get Token button does a couple of things:

    1. It starts the OAuth2 Authentication process.
    2. Returns a URL that should be displayed in a browser.
    3. Starts a background thread to receive the redirect callback from the browser.

    The flow of control is like this:

    1. The browser (popped up and displayed by our file mover) automatically navigates to the URL provided by Start Authentication.
    2. The user interactively authorizes the access. In doing so, the response sent back to the browser is a redirect to http://localhost:<someport>/
    3. The browser receives the response, and redirects to the http://localhost:<someport>/
    4. The background thread (= temporary HTTP server using <someport>) is the thing that is listening at and receives the response, and then your OAuth2 is completed.

    The redirect must go to http://localhost:<someport>/. It must be localhost, and it cannot be “https”. If you defined your application’s redirect URL to a web address such as “https://yourdomain.com/something…”, then the background thread is just sitting there waiting for the callback, which never happens (because it went to your web server).

    Note 1: For Microsoft API’s such as for OneDrive, make sure that your App on Microsoft Developer Dashboard, inside Authentication, Redirect URIs, set the app type to Web (not public client). Your desktop app is acting as a web server when receiving the single redirect request.

    Note 2: We used the Scope needed for IMAP. Other examples are:

    • openid profile offline_access https://outlook.office365.com/SMTP.Send
    • openid profile offline_access https://outlook.office365.com/POP.AccessAsUser.All

     

    #FileTransfer

    Best Regards,

    Limagito Team

    By Limagito IMAP4 OAuth2 , , ,