OAuth 2.0 Support

Some information on the support for OAuth 2.0 in Squirrel
Several Internet mail providers are rolling out support for OAuth2 user authentication. Starting with version 1.6.0, Squirrel supports user authentication with OAuth 2.0. Before using OAuth 2.0, you will need to setup the OAuth 2.0 authentication with your Internet hosting provider to obtain an OAuth 2.0 access token.
As Squirrel for Domino runs in the background on the HCL Domino server, it can only use OAuth 2.0 authentication methods which do not need any user interactions. These OAuth 2.0 access methods are called machine-to-machine (M2M) communications.

Microsoft 365 Outlook Mail

The support for OAuth 2.0 Client Credentials grant type with IMAP and POP3 access on the Azure platform is available as of July 1st, 2022. Please follow the steps carefully in setting up the application id and the client credentials:

Important Notes

  • Add the Application Type API permission Office 365 Exchange Online > IMAP.AccessAsApp or POP.AccessAsApp depending on the protocol to be used.
  • These API permissions do require admin consent.
  • Do not forget to issue the required PowerShell commands (see below).
  • Use the hostname outlook.office365.com in the connection document.
  • The client secret will expire after the specified period and will have to be renewed.

PowerShell Command Example

Install-Module -Name ExchangeOnlineManagement
Import-module ExchangeOnlineManagement
Connect-ExchangeOnline -Organization {Azure-Tenant-ID}
New-ServicePrincipal -AppId {Enterprise-Application-ID} -ServiceId {Enterprise-Object-ID}
Add-MailboxPermission -Identity "{Email-Address}" -User {Enterprise-Application-ID} -AccessRights FullAccess

Field Assignments

Subscription Document
Example value
Authorization Token Endpoint
Authorization Scope
Client/Application ID
Client Value/Secret

Google Gmail

Google wrote in an article, that they will be limiting access to G Suite thru OAuth 2.0 in the future. Since they do not yet support machine-to-machine authentication (thru password or client_credentials grant type), we are unable to support Gmail access thru OAuth 2.0.

Other Email Providers

Basically, any email provider should be able to be used as long as it supports the OAuth 2.0 Client Credential flow.
If you know any other OAuth 2.0 provider which support a machine-to-machine authentication (without prompting the user) please let us know. We will be glad to implement them in Squirrel for Domino.