OAuth 2.0 Support
Some information on the support for OAuth 2.0 in Squirrel
Several Internet mail providers are rolling out support for OAuth2 user authentication. Starting with version 1.6.0, Squirrel supports user authentication with OAuth 2.0. Before using OAuth 2.0, you will need to setup the OAuth 2.0 authentication with your Internet hosting provider to obtain an OAuth 2.0 access token.
As Squirrel for Domino runs in the background on the HCL Domino server, it can only use OAuth 2.0 authentication methods which do not need any user interactions. These OAuth 2.0 access methods are called machine-to-machine (M2M) communications.
The support for OAuth 2.0 Client Credentials grant type with IMAP and POP3 access on the Azure platform is available as of July 1st, 2022. Please follow the steps carefully in setting up the application id and the client credentials:
- Add the Application Type API permission Office 365 Exchange Online > IMAP.AccessAsApp or POP.AccessAsApp depending on the protocol to be used.
- These API permissions do require admin consent.
- Do not forget to issue the required PowerShell commands (see below).
- Use the hostname outlook.office365.com in the connection document.
- The client secret will expire after the specified period and will have to be renewed.
1
Install-Module -Name ExchangeOnlineManagement
2
Import-module ExchangeOnlineManagement
3
Connect-ExchangeOnline -Organization {Azure-Tenant-ID}
4
New-ServicePrincipal -AppId {Enterprise-Application-ID} -ServiceId {Enterprise-Object-ID}
5
Add-MailboxPermission -Identity "{Email-Address}" -User {Enterprise-Application-ID} -AccessRights FullAccess
Subscription Document | Example value |
---|---|
Authorization Token Endpoint | https://login.microsoftonline.com/11111111-2222-3333-4444-55555555555/oauth2/v2.0/token |
Authorization Scope | https://outlook.office365.com/.default |
Client/Application ID | 66666666-7777-888-9999-11111111111 |
Client Value/Secret | puG8Qak340dhfnskfrieuhnfe3dr.456saa.O |
Google wrote in an article, that they will be limiting access to G Suite thru OAuth 2.0 in the future. Since they do not yet support machine-to-machine authentication (thru password or client_credentials grant type), we are unable to support Gmail access thru OAuth 2.0.
Basically, any email provider should be able to be used as long as it supports the OAuth 2.0 Client Credential flow.
If you know any other OAuth 2.0 provider which support a machine-to-machine authentication (without prompting the user) please let us know. We will be glad to implement them in Squirrel for Domino.
Last modified 8mo ago