OAuth 2.0 Support

Some information on the support for OAuth 2.0 in Squirrel
Several Internet mail providers are rolling out support for OAuth2 user authentication. Starting with version 1.6.0, Squirrel supports user authentication with OAuth 2.0. Before using OAuth 2.0, you will need to setup the OAuth 2.0 authentication with your Internet hosting provider to obtain an OAuth 2.0 access token.
As Squirrel for Domino runs in the background on the HCL Domino server, it can only use OAuth 2.0 authentication methods which do not need any user interactions. These OAuth 2.0 access methods are called machine-to-machine (M2M) communications.

Microsoft 365 Outlook Mail

The support for OAuth 2.0 Client Credentials grant type with IMAP and POP3 access on the Azure platform is available as of July 1st, 2022. Please follow the steps carefully in setting up the application id and the client credentials:

Important Notes

  • Add the Application Type API permission Office 365 Exchange Online > IMAP.AccessAsApp or POP.AccessAsApp depending on the protocol to be used.
  • These API permissions do require admin consent.
  • Do not forget to issue the required PowerShell commands (see below).
  • Use the hostname outlook.office365.com in the connection document.
  • The client secret will expire after the specified period and will have to be renewed.

PowerShell Command Example

1
Install-Module -Name ExchangeOnlineManagement
2
Import-module ExchangeOnlineManagement
3
Connect-ExchangeOnline -Organization {Azure-Tenant-ID}
4
New-ServicePrincipal -AppId {Enterprise-Application-ID} -ServiceId {Enterprise-Object-ID}
5
Add-MailboxPermission -Identity "{Email-Address}" -User {Enterprise-Application-ID} -AccessRights FullAccess

Field Assignments

Subscription Document
Example value
Authorization Token Endpoint
https://login.microsoftonline.com/11111111-2222-3333-4444-55555555555/oauth2/v2.0/token
Authorization Scope
https://outlook.office365.com/.default
Client/Application ID
66666666-7777-888-9999-11111111111
Client Value/Secret
puG8Qak340dhfnskfrieuhnfe3dr.456saa.O

Google Gmail

Google wrote in an article, that they will be limiting access to G Suite thru OAuth 2.0 in the future. Since they do not yet support machine-to-machine authentication (thru password or client_credentials grant type), we are unable to support Gmail access thru OAuth 2.0.

Other Email Providers

Basically, any email provider should be able to be used as long as it supports the OAuth 2.0 Client Credential flow.
If you know any other OAuth 2.0 provider which support a machine-to-machine authentication (without prompting the user) please let us know. We will be glad to implement them in Squirrel for Domino.