https://wiki.innovaphone.com/api.php?action=feedcontributions&feedformat=atom&user=Tmoinnovaphone wiki - User contributions [en]2026-05-09T05:40:19ZUser contributionsMediaWiki 1.42.3https://wiki.innovaphone.com/index.php?title=Howto16r1:Configure_OAuth2_E-Mail&diff=78192Howto16r1:Configure OAuth2 E-Mail2025-10-08T21:55:39Z<p>Tmo: /* Modes */</p>
<hr />
<div>{{FIXME|reason=This product is in the beta phase and is not yet finished}}<br />
<br />
The innovaphone PBX and apps can be configured to send E-Mails for various subjects and purposes. Major E-Mail providers intent to discontinue the username/password authentication schemes in favour of OAuth2. PBX and Apps version 16r1 does support OAuth2 authentication for SMTP. Here is a step by step guide how to set up OAuth2 support in Microsoft 365 through the Azure Portal and how to set it up on a Google Gmail account in the Google Cloud Console.<br />
<br />
== General Information ==<br />
Most of the large email providers offer the possibility to define an app that is allowed to gain access of a certain scope like SMTP. <br><br />
It assigns a Client ID / Client Secret.<br><br />
<br><br />
Authorization for sending from the mail account needs to be given one time either:<br><br />
* By providing resource owner username/password. Sending this to the token endpoint results in an access token and long term refresh token.<br />
* By interactive authorization via a popup dialogue that is loaded from the authorization endpoint. After the credentials are verified, the dialogue redirects to the redirect URI with an authorization code that is traded to an access token and refresh token.<br />
<br><br />
The access token is sent for authentication in SMTP. It needs regular refresh, which will be done automatically.<br />
<br />
=== Modes ===<br />
<br />
* '''Exchange''': Microsoft, with interactive authorization<br />
* '''Microsoft 365''': Microsoft, without interactive authorization (Resource owner and password has to be filled)<br />
* '''Gmail''': Google, with interactive authorization<br />
* '''Google Service Account''': Google, without interactive authorization (Client e-mail, Private Key ID and Private Key of the service account must be provided)<br />
* '''Client secret post''': Generic configuration where all parameters of the client secret post OAuth2 flow can be set.<br />
* '''Private key jwt''': Generic configuration where all parameters of the private key jwt OAuth2 flow can be set.<br />
<br />
== Microsoft 365 ==<br />
=== Azure Portal ===<br />
Log in to Microsoft Azure Portal (https://portal.azure.com) and go to Microsoft Entra ID.<br />
[[File:AzureMicrosoftEntraID.png|none|thumb|600x600px|/AzureMicrosoftEntraID.png|/AzureMicrosoftEntraID.png]]<br />
Add a new app registration to create client credentials.<br />
[[File:AzureAddAppRegistration.png|none|thumb|600x600px|/AzureAddAppRegistration.png|/AzureAddAppRegistration.png]]<br />
Register the application and maybe already fill in the redirect URI for Web based application type to path OAUTH2-CLIENT/auth.htm at the PBX.<br />
[[File:AzureRegisterAnApplication.png|none|thumb|600x600px|/AzureRegisterAnApplication.png|/AzureRegisterAnApplication.png]]<br />
App registration is complete. Client ID and tenant needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureApp.png|none|thumb|600x600px|/AzureApp.png|/AzureApp.png]]<br />
Create a client secret. Note that expiry is limited to no longer than 2 years. The client secret must be renewed before expiry and the new secret configured and interactive authorisation carried out again to ensure continuous operation.<br />
[[File:AzureAddClientSecret.png|none|thumb|600x600px|/AzureAddClientSecret.png|/AzureAddClientSecret.png]]<br />
Copy the client secret. It also needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureCopyClientSecret.png|none|thumb|600x600px|/AzureCopyClientSecret.png|/AzureCopyClientSecret.png]]<br />
Add permissions located in APIs my organization uses.<br />
[[File:AzureAddApiPermissionMyOrganization.png|none|thumb|600x600px|/AzureAddApiPermissionMyOrganization.png|/AzureAddApiPermissionMyOrganization.png]]<br />
More precisely located in Office 365 Exchange Online.<br />
[[File:AzureAddApiPermissionExchange.png|none|thumb|600x600px|/AzureAddApiPermissionExchange.png|/AzureAddApiPermissionExchange.png]]<br />
And there in the application permissions.<br />
[[File:AzureAddApiExchangeApplication.png|none|thumb|600x600px|/AzureAddApiExchangeApplication.png|/AzureAddApiExchangeApplication.png]]<br />
Namely SMTP Mail.Send.<br />
[[File:AzureAddApiSendMailAsUser.png|none|thumb|600x600px|/AzureAddApiSendMailAsUser.png|/AzureAddApiSendMailAsUser.png]]<br />
Grant admin permission for Mail.Send.<br />
[[File:AzureGrantApiPermissions.png|none|thumb|600x600px|/AzureGrantApiPermissions.png|/AzureGrantApiPermissions.png]]<br />
API permissions are now granted.<br />
[[File:AzureApiPermissionsGranted.png|none|thumb|600x600px|/AzureApiPermissionsGranted.png|/AzureApiPermissionsGranted.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:AzureRedirectUris.png|none|thumb|600x600px|/AzureRedirectUris.png|/AzureRedirectUris.png]]<br />
Allow public client flows of OAuth2. Resource Owner Password Credentials Flow has the advantage that it doesn't need interactive authorization.<br />
[[File:AzureAllowPublicClientFlows.png|none|thumb|600x600px|/AzureAllowPublicClientFlows.png|/AzureAllowPublicClientFlows.png]]<br />
<br />
=== Microsoft 365 admin center ===<br />
Log in to the Microsoft 365 admin center (https://admin.cloud.microsoft).<br />
[[File:MS365AdminCenter.png|none|thumb|600x600px|/MS365AdminCenter.png|/MS365AdminCenter.png]]<br />
Make sure that Microsoft 365 licenses are assigned to your user.<br />
[[File:MS365UserLicenses.png|none|thumb|600x600px|/MS365UserLicenses.png|/MS365UserLicenses.png]]<br />
Set your user active.<br />
[[File:MS365ActiveUsers.png|none|thumb|600x600px|/MS365ActiveUsers.png|/MS365ActiveUsers.png]]<br />
Locate the Mail tab of your user.<br />
[[File:MS365UserEMail.png|none|thumb|600x600px|/MS365UserEMail.png|/MS365UserEMail.png]]<br />
Allow authenticated SMTP.<br />
[[File:MS365AuthenticatedSMTP.png|none|thumb|600x600px|/MS365AuthenticatedSMTP.png|/MS365AuthenticatedSMTP.png]]<br />
<br />
=== Exchange admin center ===<br />
Login to the Exchange admin center (https://admin.exchange.microsoft.com).<br />
[[File:ExchangeAdminCenter.png|none|thumb|600x600px|/ExchangeAdminCenter.png|/ExchangeAdminCenter.png]]<br />
Remove deactivation of the SMTP AUTH protocol.<br />
[[File:ExchangeRemoveDeavtivatedOAuth2.png|none|thumb|600x600px|/ExchangeRemoveDeavtivatedOAuth2.png|/ExchangeRemoveDeavtivatedOAuth2.png]]<br />
<br />
=== PBX Example configuration === <br />
With this Microsoft setup the OAuth2 configuration for the resource owner password credentials flow can be filled in as follows. <br />
[[File:OAuth2ResourceOwnerPasswordCredentials.png|none|thumb|600x600px|/OAuth2ResourceOwnerPasswordCredentials.png|/OAuth2ResourceOwnerPasswordCredentials.png]]<br />
For interactive authorization this is the OAuth2 configuration. Authorize e-mail access one time and send a test mail to verify everything went well.<br />
[[File:OAuth2InteractiveAuthorization.png|none|thumb|600x600px|/OAuth2InteractiveAuthorization.png|/OAuth2InteractiveAuthorization.png]]<br />
<br />
== Gmail ==<br />
=== Preparations === <br />
Login to the Google Cloud Console (https://console.cloud.google.com), select a project, New project.<br />
[[File:GoogleSelectProject.png|none|thumb|600x600px|/GoogleSelectProject.png|/GoogleSelectProject.png]]<br />
Create the project.<br />
[[File:GoogleCreateProject.png|none|thumb|600x600px|/GoogleCreateProject.png|/GoogleCreateProject.png]]<br />
Client credentials will be created in this project.<br />
[[File:GoogleProjectCreated.png|none|thumb|600x600px|/GoogleProjectCreated.png|/GoogleProjectCreated.png]]<br />
From the library specify the APIs needed to access.<br />
[[File:GoogleApisServicesFromLibrary.png|none|thumb|600x600px|/GoogleApisServicesFromLibrary.png|/GoogleApisServicesFromLibrary.png]]<br />
These are in the Gmail API.<br />
[[File:GoogleApisServicesApiLibrary.png|none|thumb|600x600px|/GoogleApisServicesApiLibrary.png|/GoogleApisServicesApiLibrary.png]]<br />
Choose the Gmail API and enable it.<br />
[[File:GoogleGmailApis.png|none|thumb|600x600px|/GoogleGmailApis.png|/GoogleGmailApis.png]]<br />
Credentials need to be created.<br />
[[File:GoogleGmailApiAdded.png|none|thumb|600x600px|/GoogleGmailApiAdded.png|/GoogleGmailApiAdded.png]]<br />
Invoke the help me choose wizard.<br />
[[File:GoogleCreateCredentialsHelpMeChoose.png|none|thumb|600x600px|/GoogleCreateCredentialsHelpMeChoose.png|/GoogleCreateCredentialsHelpMeChoose.png]]<br />
User data access is needed.<br />
[[File:GoogleCredentialsUserData.png|none|thumb|600x600px|/GoogleCredentialsUserData.png|/GoogleCredentialsUserData.png]]<br />
Configure the consent screen of the interactive authorization.<br />
[[File:GoogleOAuthConsentScreen.png|none|thumb|600x600px|/GoogleOAuthConsentScreen.png|/GoogleOAuthConsentScreen.png]]<br />
Specify the permissions that need to be authorized by the user.<br />
[[File:GoogleOAuthScopes.png|none|thumb|600x600px|/GoogleOAuthScopes.png|/GoogleOAuthScopes.png]]<br />
Its mail.google.com in general.<br />
[[File:GoogleScopeMailGoogleCom.png|none|thumb|600x600px|/GoogleScopeMailGoogleCom.png|/GoogleScopeMailGoogleCom.png]]<br />
And its to send email on the users behalf.<br />
[[File:GoogleScopeAuthGmailSend.png|none|thumb|600x600px|/GoogleScopeAuthGmailSend.png|/GoogleScopeAuthGmailSend.png]]<br />
These are the scopes needed.<br />
[[File:GoogleScopes.png|none|thumb|600x600px|/GoogleScopes.png|/GoogleScopes.png]]<br />
Ask client credentials for Web type application.<br />
[[File:GoogleOAuthClientID.png|none|thumb|600x600px|/GoogleOAuthClientID.png|/GoogleOAuthClientID.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:GoogleRedirectURIs.png|none|thumb|600x600px|/GoogleRedirectURIs.png|/GoogleRedirectURIs.png]]<br />
Download the credentials. This json file contains all information for OAuth2 configuration.<br />
[[File:GoogleClientCredentialsDownload.png|none|thumb|600x600px|/GoogleClientCredentialsDownload.png|/GoogleClientCredentialsDownload.png]]<br />
Customize the OAuth consent screen<br />
[[File:GoogleOAuthConsentScreenSettings.png|none|thumb|600x600px|/GoogleOAuthConsentScreenSettings.png|/GoogleOAuthConsentScreenSettings.png]]<br />
Start the customization wizard.<br />
[[File:GoogleConsentScreenWizard.png|none|thumb|600x600px|/GoogleConsentScreenWizard.png|/GoogleConsentScreenWizard.png]]<br />
Choose which users may authorize.<br />
[[File:GoogleAudienceExternal.png|none|thumb|600x600px|/GoogleAudienceExternal.png|/GoogleAudienceExternal.png]]<br />
Google workspace users may choose internal audience. Users not in Google workspace proceed with external.<br />
[[File:GoogleContactInformation.png|none|thumb|600x600px|/GoogleContactInformation.png|/GoogleContactInformation.png]]<br />
Add a test user.<br />
[[File:GoogleTestUserAdded.png|none|thumb|600x600px|/GoogleTestUserAdded.png|/GoogleTestUserAdded.png]]<br />
<br />
=== PBX Example configuration === <br />
The OAuth2 parameters can be filled in with the information from the json file downloaded above. Authorize e-mail access one time and send a test mail to verify everything went well.<br />
[[File:OAuth2InteractiveGmail.png|none|thumb|600x600px|/OAuth2InteractiveGmail.png|/OAuth2InteractiveGmail.png]]<br />
<br />
== Generic ==<br />
<br />
For other e-mail providers the client secret post OAuth2 flow may be configured in a generic way. Details need to be supplied by the e-mail provider.<br />
<br />
For the Microsoft 365 setup above it would be as follows with Token endpoint ''<nowiki>https://login.microsoftonline.com/af326a34-169c-469e-946b-1ef57925306b/oauth2/v2.0/token</nowiki>'' Authorization URL ''<nowiki>https://login.microsoftonline.com/af326a34-169c-469e-946b-1ef57925306b/oauth2/v2.0/authorize?scope=https://outlook.office.com/SMTP.Send</nowiki> offline_access'' The configuration appends ''&response_type=code&prompt=consent&login_hint=...&redirect_uri=...&client_id=...'' automatically.[[File:OAuth2ClientSecretPost.png|none|thumb|600x600px|/OAuth2ClientSecretPost.png|/OAuth2ClientSecretPost.png]]<br />
For the Gmail example above the generic confguration would be like this with Token endpoint ''<nowiki>https://oauth2.googleapis.com/token</nowiki>'' Authorization URL ''<nowiki>https://accounts.google.com/o/oauth2/auth?access_type=offline&scope=https://mail.google.com/</nowiki>'' The configuration appends ''&response_type=code&prompt=consent&login_hint=...&redirect_uri=...&client_id=...'' automatically.<br />
[[File:OAith2ClientSecretPostGmail.png|none|thumb|600x600px|/OAith2ClientSecretPostGmail.png|/OAith2ClientSecretPostGmail.png]]<br />
The private key jwt OAuth2 flow can be configured generically as well.[[File:OAuth2PrivateKeyJWT.png|none|thumb|600x600px|/OAuth2PrivateKeyJWT.png|/OAuth2PrivateKeyJWT.png]]<br />
<br />
== Related Articles ==<br />
https://wiki.innovaphone.com/index.php?title=Reference16r1:PBX/Config/Authentication</div>Tmohttps://wiki.innovaphone.com/index.php?title=Howto16r1:Configure_OAuth2_E-Mail&diff=78189Howto16r1:Configure OAuth2 E-Mail2025-10-08T21:26:50Z<p>Tmo: </p>
<hr />
<div>{{FIXME|reason=This product is in the beta phase and is not yet finished}}<br />
<br />
The innovaphone PBX and apps can be configured to send E-Mails for various subjects and purposes. Major E-Mail providers intent to discontinue the username/password authentication schemes in favour of OAuth2. PBX and Apps version 16r1 does support OAuth2 authentication for SMTP. Here is a step by step guide how to set up OAuth2 support in Microsoft 365 through the Azure Portal and how to set it up on a Google Gmail account in the Google Cloud Console.<br />
<br />
== Principle ==<br />
The e-mail provider enables definition of an app that is allowed to gain access of a certain scope like SMTP. It assigns a Client ID / Client Secret.<br />
<br />
Authorization for sending from the mail account needs to be given one time:<br />
by providing resource owner username/password. Sending this to the token endpoint results in an access token and long term refresh token.<br />
or interactively via the dialog that is loaded from the authorization endpoint. On agreement the dialog redirects to the redirect URI with an authorization code that is traded to an access token and refresh token.<br />
<br />
The access token is sent for authentication in SMTP. It needs regular refresh.<br />
<br />
== Microsoft 365 ==<br />
=== Azure Portal ===<br />
Log in to Microsoft Azure Portal (https://portal.azure.com) and go to Microsoft Entra ID.<br />
[[File:AzureMicrosoftEntraID.png|none|thumb|600x600px|/AzureMicrosoftEntraID.png|/AzureMicrosoftEntraID.png]]<br />
Add a new app registration to create client credentials.<br />
[[File:AzureAddAppRegistration.png|none|thumb|600x600px|/AzureAddAppRegistration.png|/AzureAddAppRegistration.png]]<br />
Register the application and maybe already fill in the redirect URI for Web based application type to path OAUTH2-CLIENT/auth.htm at the PBX.<br />
[[File:AzureRegisterAnApplication.png|none|thumb|600x600px|/AzureRegisterAnApplication.png|/AzureRegisterAnApplication.png]]<br />
App registration is complete. Client ID and tenant needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureApp.png|none|thumb|600x600px|/AzureApp.png|/AzureApp.png]]<br />
Create a client secret. Note that expiry is limited to no longer than 2 years. The client secret must be renewed before expiry and the new secret configured and interactive authorisation carried out again to ensure continuous operation.<br />
[[File:AzureAddClientSecret.png|none|thumb|600x600px|/AzureAddClientSecret.png|/AzureAddClientSecret.png]]<br />
Copy the client secret. It also needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureCopyClientSecret.png|none|thumb|600x600px|/AzureCopyClientSecret.png|/AzureCopyClientSecret.png]]<br />
Add permissions located in APIs my organization uses.<br />
[[File:AzureAddApiPermissionMyOrganization.png|none|thumb|600x600px|/AzureAddApiPermissionMyOrganization.png|/AzureAddApiPermissionMyOrganization.png]]<br />
More precisely located in Office 365 Exchange Online.<br />
[[File:AzureAddApiPermissionExchange.png|none|thumb|600x600px|/AzureAddApiPermissionExchange.png|/AzureAddApiPermissionExchange.png]]<br />
And there in the application permissions.<br />
[[File:AzureAddApiExchangeApplication.png|none|thumb|600x600px|/AzureAddApiExchangeApplication.png|/AzureAddApiExchangeApplication.png]]<br />
Namely SMTP Mail.Send.<br />
[[File:AzureAddApiSendMailAsUser.png|none|thumb|600x600px|/AzureAddApiSendMailAsUser.png|/AzureAddApiSendMailAsUser.png]]<br />
Grant admin permission for Mail.Send.<br />
[[File:AzureGrantApiPermissions.png|none|thumb|600x600px|/AzureGrantApiPermissions.png|/AzureGrantApiPermissions.png]]<br />
API permissions are now granted.<br />
[[File:AzureApiPermissionsGranted.png|none|thumb|600x600px|/AzureApiPermissionsGranted.png|/AzureApiPermissionsGranted.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:AzureRedirectUris.png|none|thumb|600x600px|/AzureRedirectUris.png|/AzureRedirectUris.png]]<br />
Allow public client flows of OAuth2. Resource Owner Password Credentials Flow has the advantage that it doesn't need interactive authorization.<br />
[[File:AzureAllowPublicClientFlows.png|none|thumb|600x600px|/AzureAllowPublicClientFlows.png|/AzureAllowPublicClientFlows.png]]<br />
<br />
=== Microsoft 365 admin center ===<br />
Log in to the Microsoft 365 admin center (https://admin.cloud.microsoft).<br />
[[File:MS365AdminCenter.png|none|thumb|600x600px|/MS365AdminCenter.png|/MS365AdminCenter.png]]<br />
Make sure that Microsoft 365 licenses are assigned to your user.<br />
[[File:MS365UserLicenses.png|none|thumb|600x600px|/MS365UserLicenses.png|/MS365UserLicenses.png]]<br />
Set your user active.<br />
[[File:MS365ActiveUsers.png|none|thumb|600x600px|/MS365ActiveUsers.png|/MS365ActiveUsers.png]]<br />
Locate the Mail tab of your user.<br />
[[File:MS365UserEMail.png|none|thumb|600x600px|/MS365UserEMail.png|/MS365UserEMail.png]]<br />
Allow authenticated SMTP.<br />
[[File:MS365AuthenticatedSMTP.png|none|thumb|600x600px|/MS365AuthenticatedSMTP.png|/MS365AuthenticatedSMTP.png]]<br />
<br />
=== Exchange admin center ===<br />
Login to the Exchange admin center (https://admin.exchange.microsoft.com).<br />
[[File:ExchangeAdminCenter.png|none|thumb|600x600px|/ExchangeAdminCenter.png|/ExchangeAdminCenter.png]]<br />
Remove deactivation of the SMTP AUTH protocol.<br />
[[File:ExchangeRemoveDeavtivatedOAuth2.png|none|thumb|600x600px|/ExchangeRemoveDeavtivatedOAuth2.png|/ExchangeRemoveDeavtivatedOAuth2.png]]<br />
<br />
=== PBX Example configuration === <br />
With this Microsoft setup the OAuth2 configuration for the resource owner password credentials flow can be filled in as follows. <br />
[[File:OAuth2ResourceOwnerPasswordCredentials.png|none|thumb|600x600px|/OAuth2ResourceOwnerPasswordCredentials.png|/OAuth2ResourceOwnerPasswordCredentials.png]]<br />
For interactive authorization this is the OAuth2 configuration. Authorize e-mail access one time and send a test mail to verify everything went well.<br />
[[File:OAuth2InteractiveAuthorization.png|none|thumb|600x600px|/OAuth2InteractiveAuthorization.png|/OAuth2InteractiveAuthorization.png]]<br />
<br />
== Gmail ==<br />
=== Preparations === <br />
Login to the Google Cloud Console (https://console.cloud.google.com), select a project, New project.<br />
[[File:GoogleSelectProject.png|none|thumb|600x600px|/GoogleSelectProject.png|/GoogleSelectProject.png]]<br />
Create the project.<br />
[[File:GoogleCreateProject.png|none|thumb|600x600px|/GoogleCreateProject.png|/GoogleCreateProject.png]]<br />
Client credentials will be created in this project.<br />
[[File:GoogleProjectCreated.png|none|thumb|600x600px|/GoogleProjectCreated.png|/GoogleProjectCreated.png]]<br />
From the library specify the APIs needed to access.<br />
[[File:GoogleApisServicesFromLibrary.png|none|thumb|600x600px|/GoogleApisServicesFromLibrary.png|/GoogleApisServicesFromLibrary.png]]<br />
These are in the Gmail API.<br />
[[File:GoogleApisServicesApiLibrary.png|none|thumb|600x600px|/GoogleApisServicesApiLibrary.png|/GoogleApisServicesApiLibrary.png]]<br />
Choose the Gmail API and enable it.<br />
[[File:GoogleGmailApis.png|none|thumb|600x600px|/GoogleGmailApis.png|/GoogleGmailApis.png]]<br />
Credentials need to be created.<br />
[[File:GoogleGmailApiAdded.png|none|thumb|600x600px|/GoogleGmailApiAdded.png|/GoogleGmailApiAdded.png]]<br />
Invoke the help me choose wizard.<br />
[[File:GoogleCreateCredentialsHelpMeChoose.png|none|thumb|600x600px|/GoogleCreateCredentialsHelpMeChoose.png|/GoogleCreateCredentialsHelpMeChoose.png]]<br />
User data access is needed.<br />
[[File:GoogleCredentialsUserData.png|none|thumb|600x600px|/GoogleCredentialsUserData.png|/GoogleCredentialsUserData.png]]<br />
Configure the consent screen of the interactive authorization.<br />
[[File:GoogleOAuthConsentScreen.png|none|thumb|600x600px|/GoogleOAuthConsentScreen.png|/GoogleOAuthConsentScreen.png]]<br />
Specify the permissions that need to be authorized by the user.<br />
[[File:GoogleOAuthScopes.png|none|thumb|600x600px|/GoogleOAuthScopes.png|/GoogleOAuthScopes.png]]<br />
Its mail.google.com in general.<br />
[[File:GoogleScopeMailGoogleCom.png|none|thumb|600x600px|/GoogleScopeMailGoogleCom.png|/GoogleScopeMailGoogleCom.png]]<br />
And its to send email on the users behalf.<br />
[[File:GoogleScopeAuthGmailSend.png|none|thumb|600x600px|/GoogleScopeAuthGmailSend.png|/GoogleScopeAuthGmailSend.png]]<br />
These are the scopes needed.<br />
[[File:GoogleScopes.png|none|thumb|600x600px|/GoogleScopes.png|/GoogleScopes.png]]<br />
Ask client credentials for Web type application.<br />
[[File:GoogleOAuthClientID.png|none|thumb|600x600px|/GoogleOAuthClientID.png|/GoogleOAuthClientID.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:GoogleRedirectURIs.png|none|thumb|600x600px|/GoogleRedirectURIs.png|/GoogleRedirectURIs.png]]<br />
Download the credentials. This json file contains all information for OAuth2 configuration.<br />
[[File:GoogleClientCredentialsDownload.png|none|thumb|600x600px|/GoogleClientCredentialsDownload.png|/GoogleClientCredentialsDownload.png]]<br />
Customize the OAuth consent screen<br />
[[File:GoogleOAuthConsentScreenSettings.png|none|thumb|600x600px|/GoogleOAuthConsentScreenSettings.png|/GoogleOAuthConsentScreenSettings.png]]<br />
Start the customization wizard.<br />
[[File:GoogleConsentScreenWizard.png|none|thumb|600x600px|/GoogleConsentScreenWizard.png|/GoogleConsentScreenWizard.png]]<br />
Choose which users may authorize.<br />
[[File:GoogleAudienceExternal.png|none|thumb|600x600px|/GoogleAudienceExternal.png|/GoogleAudienceExternal.png]]<br />
Google workspace users may choose internal audience. Users not in Google workspace proceed with external.<br />
[[File:GoogleContactInformation.png|none|thumb|600x600px|/GoogleContactInformation.png|/GoogleContactInformation.png]]<br />
Add a test user.<br />
[[File:GoogleTestUserAdded.png|none|thumb|600x600px|/GoogleTestUserAdded.png|/GoogleTestUserAdded.png]]<br />
<br />
=== PBX Example configuration === <br />
The OAuth2 parameters can be filled in with the information from the json file downloaded above. Authorize e-mail access one time and send a test mail to verify everything went well.<br />
[[File:OAuth2InteractiveGmail.png|none|thumb|600x600px|/OAuth2InteractiveGmail.png|/OAuth2InteractiveGmail.png]]<br />
<br />
== Generic ==<br />
<br />
For other e-mail providers the client secret post OAuth2 flow may be configured in a generic way. Details need to be supplied by the e-mail provider.<br />
<br />
For the Microsoft 365 setup above it would be as follows with Token endpoint ''<nowiki>https://login.microsoftonline.com/af326a34-169c-469e-946b-1ef57925306b/oauth2/v2.0/token</nowiki>'' Authorization URL ''<nowiki>https://login.microsoftonline.com/af326a34-169c-469e-946b-1ef57925306b/oauth2/v2.0/authorize?scope=https://outlook.office.com/SMTP.Send</nowiki> offline_access'' The configuration appends ''&response_type=code&prompt=consent&login_hint=...&redirect_uri=...&client_id=...'' automatically.[[File:OAuth2ClientSecretPost.png|none|thumb|600x600px|/OAuth2ClientSecretPost.png|/OAuth2ClientSecretPost.png]]<br />
For the Gmail example above the generic confguration would be like this with Token endpoint ''<nowiki>https://oauth2.googleapis.com/token</nowiki>'' Authorization URL ''<nowiki>https://accounts.google.com/o/oauth2/auth?access_type=offline&scope=https://mail.google.com/</nowiki>'' The configuration appends ''&response_type=code&prompt=consent&login_hint=...&redirect_uri=...&client_id=...'' automatically.<br />
[[File:OAith2ClientSecretPostGmail.png|none|thumb|600x600px|/OAith2ClientSecretPostGmail.png]]<br />
The private key jwt OAuth2 flow can be configured generically as well.[[File:OAuth2PrivateKeyJWT.png|none|thumb|600x600px|/OAuth2PrivateKeyJWT.png|/OAuth2PrivateKeyJWT.png]]<br />
<br />
== Related Articles ==<br />
https://wiki.innovaphone.com/index.php?title=Reference16r1:PBX/Config/Authentication</div>Tmohttps://wiki.innovaphone.com/index.php?title=Reference16r1:Apps/PbxManager/Email&diff=78170Reference16r1:Apps/PbxManager/Email2025-10-06T11:38:15Z<p>Tmo: </p>
<hr />
<div>{{FIXME|reason=This product is in the beta phase and is not yet finished}}<br />
This PBX Manager Plugin configures the E-Mail Account of all PBXes in the system. The same configuration can be found in the advanced UI of the individual PBXes at [[Reference13r2:PBX/Config/Authentication|PBX/Config/Authentication]].<br />
<br />
== Add Email Account ==<br />
; SMTP Server<br />
: Your SMTP Server<br />
<br />
; Email Address<br />
: The used From Address<br />
<br />
; Username<br />
: The username for the authorization<br />
<br />
; Password<br />
: The password for the authorization<br />
<br />
; Sender's name<br />
: The used Name in the From field<br />
<br />
; OAuth2<br />
: Alternatively OAuth2 credentials to authenticate for e-mail sending. See [[Howto16r1:Configure_OAuth2_E-Mail]].</div>Tmohttps://wiki.innovaphone.com/index.php?title=Reference13r1:Services/Logging&diff=78169Reference13r1:Services/Logging2025-10-06T11:35:54Z<p>Tmo: </p>
<hr />
<div>== Log Server ==<br />
External '''logging''' is disabled by default (Off). You can still view log messages in real time (see [[Reference7:Administration/Diagnostics/Logging|Logging]]), but messages are not stored or sent to an external destination.<br />
<br />
Available ''Type''s:<br />
<br />
{|<br />
|valign=top nowrap=true|'''Off:'''<br />
| Logging is disabled.<br />
|-<br />
|valign=top nowrap=true|'''TCP:'''<br />
| The device transmits the syslog entries using a TCP connection.<br />
* In the '''Address''' field, the remote IP-address is entered.<br />
* In the '''Port''' field, the remote port is specified.<br />
|-<br />
|valign=top nowrap=true|'''SYSLOG:'''<br />
| The syslog entries are transmitted to a syslog recipient (also referred to as syslogd, syslog server or syslog daemon).<br />
* In the '''Address''' field, the IP-address of the syslogd server is entered.<br />
* In the '''Class''' field, the syslog message class for the syslog entries sent is entered. The class is a numeric value between 0 and 7, it will be used as ''Facility'' (0 => local0, ... 7 => local7). The ''Severity'' field will always be 6 (informational). See [http://de.wikipedia.org/wiki/Syslog wikipedia.org/wiki/Syslog] for details.<br />
|-<br />
|valign=top nowrap=true|'''HTTP:'''<br />
| The syslog entries are transferred to a web server. Each individual syslog entry is transferred to the server as an individual request. <br />
* In the '''Address''' field, the IP-address of remote server is entered.<br />
* In the '''Path''' field, the relative URL to be used in the HTTP request is entered.<br />
* The Method field selects the method used to send the request. There are 3 formats available:<br />
{|<br />
| Format || Request Type || URI || Description<br />
|-<br />
| Standard || POST || ''hardwired'' || This should be used to forward log messages to another innovaphone device, e.g. to store it on a central CF card<br />
|-<br />
| External(POST) || POST || as defined in the Path field || This is identical to the ''Standard'' method, except that you may specifiy the URI to be used<br />
|-<br />
| External(GET) || GET || as defined in the Path field || The log message will be coded into GET ''form data'' (a.k.a. ''query args''). This method is compatible to the method used in firmware versions 5.01 and 6.<br />
|}<br />
For more information on HTTP request formatting, see [[Reference7:HTTP Request Message Format]].<br />
<br />
If the addressed Web server requires authentication, an ''Authenticated URL'' has to be configured on the [[Reference:Configuration/General/HTTP-Client|HTTP-Client]] Page. The ''URL'' constructed by the logger is shown right next to the ''Path'' field. It must be entered in exactly this format on the [[Reference:Configuration/General/HTTP-Client|HTTP-Client]] Page. The device has to be restarted after the ''Authenticated URL'' has been set. <br />
|- <br />
|valign=top nowrap=true|'''LOCAL:'''<br />
| The syslog entries are saved to [[Reference:Administration/Diagnostics/CF|the local CF card]] into the '''/log''' directory, e.g. '''\\''ipaddr''\drive\CF0\log'''. Log files named '''LOG0.''n''''' are created, where '''''n''''' goes from 0 to 3. The next log file is created when either the '''Max File Size''' is reached or the '''Backup Time''' has passed. '''LOG0.0''' is the newest log file always.<br />
<br />
To concentrate all syslog messages to a single CF card, you would use the '''HTTP Log Server Type''' in all but one boxes with '''Method''' set to '''Standard'''. '''Address''' must be set to the IP-address of the single box that has the CF card used for log message storage. '''Port''' must be set to the port configured for the [[Reference:Configuration/General/HTTP-Server|HTTP-Server]] of this box. <br />
<br />
|- <br />
|valign=top nowrap=true|'''LOCAL-AP:'''<br />
|The logs are transmitted to the local Linux application platform. Logs are stored under \\AP-IP\webdav\log\ and alarms under \\AP-IP\webdav\alarm\<br />
|- <br />
|valign=top nowrap=true|'''REMOTE-AP:'''<br />
|The logs are transmitted to a remote Linux application platform. Store path is the same as under LOCAL-AP.<br />
* In the Address field, you enter the IP address of the remote Linux application platform.<br />
* In the Port field, you specify the port to which the connection is set up.<br />
Remark: Don't forget to enable access to \\AP-IP\ap\log.fcgi as [[Reference10:Concept_Linux_Application_Platform#Use_as_Log_or_Alarm_Server | required for use of LinAP as logserver]].<br />
|- <br />
|valign=top nowrap=true|'''REMOTE-AP-S:'''<br />
|Same as REMOTE-AP, just a secure transmission is used.<br />
|}<br />
<br />
A second server may be configured as '''Log Server Shadow''' receiving the same records as the first server.<br />
<br />
== Alarm and Event Handling ==<br />
Alarm and event forwarding is configured independently from the handling of log messages.<br />
<br />
If no '''Forward Server''' is configured in the '''Alarm and Event Forward Server''' area, alarms and events are stored locally as specified in the '''Local Alarm and Event Queues''' area below. Otherwise, alarms and events are additionally forwarded to the external server using HTTP requests. Each individual alarm or event entry is transferred to the server as an individual request.<br/><br />
<code>SYSLOG</code> option is only available on Gateway devices. Phones should use HTTP to forward alarm/events to an innovaphone gateway which may forward the collected events to a syslog server. <br />
<br />
* The '''Address''' is used to set the IP-address of an external HTTP server that will receive the forwarded alarms and events.<br />
* The '''Port''' defines the TCP port the HTTP request is sent to.<br />
* The '''Method''' selects the method used to send the the requests. The same methods as for the '''Log Server''' are available here. (only on gateways)<br />
<br />
To collect all alarms and events in a single device card, you would use the '''Standard Method''' in all but one boxes. '''Address''' must be set to the IP-address of the central box. '''Port''' must be set to the port configured for the [[{{NAMESPACE}}:Configuration/General/HTTP-Server|HTTP-Server]] of this box.<br/><br />
The collected alarms and events may further be forwarded to one or two SYSLOG server(s) as XML-encoded records. <br />
This is achieved by configuring a '''Forward Server''' with '''Method''' SYSLOG, the server address under '''Address''' and the SYSLOG-Class under '''Class'''.<br />
<br />
The '''Local Alarm and Event Queues''' area allows you to control the number of events and alarms that are kept in memory and stored in non-volatile memory during restarts.<br />
<br />
== Alarms and Errors as Email ==<br />
Definition of email target to send alarms and errors as email to.<br />
<br />
* '''Sender Address''': email adress of sender<br />
* '''Senders' Name''': alias of sender name<br />
* '''Recipient Address''': email adress of recipient<br />
* '''Recipients' Name''': alias of recipient name<br />
* '''Email Server Address''': ip-adress or DNS name of smtp email server. TLS will be supported automatically, if demanded by the server. <br />
* '''User''': user account at email server<br />
* '''Password''': user password at email server<br />
* '''OAuth2''': Alternatively OAuth2 credentials to authenticate for e-mail sending. See [[Howto16r1:Configure_OAuth2_E-Mail]].<br />
<br />
== Handling of incoming Alarms/Events ==<br />
{|<br />
|valign=top nowrap=true|'''Authenticate:'''<br />
| When enabled request HTTP Authentication for the incoming HTTP Alarms/Events messages. You must configure in the sender the HTTP credentials to be able to deliver the Alarms/Events. <br />
|-<br />
{|<br />
== Local Alarm and Event Queues ==<br />
{|<br />
|valign=top nowrap=true|'''Memory Queue Entries:'''<br />
| Maximum number of faults and alarms to hold in volatile memory (DRAM)(Default:100).<br />
|-<br />
|valign=top nowrap=true|'''Persistent Queue Entries:'''<br />
| Maximum number of faults and alarms to keep in flash memory (Default:50).<br />
|-<br />
{|<br />
<br />
== Catch trace on Event ==<br />
<br />
Event codes (up to 4 different) may be configured, on which the tracing is stopped. The event codes can be copied from actual events displayed on Maintenance/Events. Hexadecimal values was converted and stored as Decimal values.<br />
<br />
After the event has happend the trace was stopped, the trace can be read which hopefully contains what caused the event.<br />
<br />
You can restart the logfile by emptying the [[{{NAMESPACE}}:Maintenance/Diagnostics/Tracing |buffer]].</div>Tmohttps://wiki.innovaphone.com/index.php?title=Howto16r1:Configure_OAuth2_E-Mail&diff=78168Howto16r1:Configure OAuth2 E-Mail2025-10-06T11:28:27Z<p>Tmo: </p>
<hr />
<div>{{FIXME|reason=This product is in the beta phase and is not yet finished}}<br />
<br />
innovaphone PBX and apps can be configured to send E-Mails for various subjects and purposes. Major E-Mail providers intent to discontinue the username/password authentication schemes in favour of OAuth2. PBX and Apps version 16r1 does support OAuth2 authentication for SMTP. Here is a step by step guide how to set up OAuth2 support in Microsoft 365 through the Azure Portal and how to set it up on a Google Gmail account in the Google Cloud Console.<br />
<br />
== Microsoft 365 ==<br />
Log in to Microsoft Azure Portal (<nowiki>https://portal.azure.com</nowiki>) and go to Microsoft Entra ID.<br />
[[File:AzureMicrosoftEntraID.png|none|thumb|600x600px|/AzureMicrosoftEntraID.png|/AzureMicrosoftEntraID.png]]<br />
Add a new app registration to create client credentials.<br />
[[File:AzureAddAppRegistration.png|none|thumb|600x600px|/AzureAddAppRegistration.png|/AzureAddAppRegistration.png]]<br />
Register the application and maybe already fill in the redirect URI for Web based application type to path OAUTH2-CLIENT/auth.htm at the PBX.<br />
[[File:AzureRegisterAnApplication.png|none|thumb|600x600px|/AzureRegisterAnApplication.png|/AzureRegisterAnApplication.png]]<br />
App registration is complete. Client ID and tenant needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureApp.png|none|thumb|600x600px|/AzureApp.png|/AzureApp.png]]<br />
Create a client secret. Note that expiry is limited to no longer than 2 years. The client secret must be renewed before expiry and the new secret configured and interactive authorisation carried out again to ensure continuous operation.<br />
[[File:AzureAddClientSecret.png|none|thumb|600x600px|/AzureAddClientSecret.png|/AzureAddClientSecret.png]]<br />
Copy the client secret. It also needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureCopyClientSecret.png|none|thumb|600x600px|/AzureCopyClientSecret.png|/AzureCopyClientSecret.png]]<br />
Add permissions located in APIs my organization uses.<br />
[[File:AzureAddApiPermissionMyOrganization.png|none|thumb|600x600px|/AzureAddApiPermissionMyOrganization.png|/AzureAddApiPermissionMyOrganization.png]]<br />
More precisely located in Office 365 Exchange Online.<br />
[[File:AzureAddApiPermissionExchange.png|none|thumb|600x600px|/AzureAddApiPermissionExchange.png|/AzureAddApiPermissionExchange.png]]<br />
And there in the application permissions.<br />
[[File:AzureAddApiExchangeApplication.png|none|thumb|600x600px|/AzureAddApiExchangeApplication.png|/AzureAddApiExchangeApplication.png]]<br />
Namely SMTP Mail.Send.<br />
[[File:AzureAddApiSendMailAsUser.png|none|thumb|600x600px|/AzureAddApiSendMailAsUser.png|/AzureAddApiSendMailAsUser.png]]<br />
Grant admin permission for Mail.Send.<br />
[[File:AzureGrantApiPermissions.png|none|thumb|600x600px|/AzureGrantApiPermissions.png|/AzureGrantApiPermissions.png]]<br />
API permissions are now granted.<br />
[[File:AzureApiPermissionsGranted.png|none|thumb|600x600px|/AzureApiPermissionsGranted.png|/AzureApiPermissionsGranted.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:AzureRedirectUris.png|none|thumb|600x600px|/AzureRedirectUris.png|/AzureRedirectUris.png]]<br />
Allow public client flows of OAuth2. Resource Owner Password Credentials Flow has the advantage that it doesn't need interactive authorization.<br />
[[File:AzureAllowPublicClientFlows.png|none|thumb|600x600px|/AzureAllowPublicClientFlows.png|/AzureAllowPublicClientFlows.png]]<br />
Log in to the Microsoft 365 admin center (https://admin.cloud.microsoft).<br />
[[File:MS365AdminCenter.png|none|thumb|600x600px|/MS365AdminCenter.png|/MS365AdminCenter.png]]<br />
Make sure that Microsoft 365 licenses are assigned to your user.<br />
[[File:MS365UserLicenses.png|none|thumb|600x600px|/MS365UserLicenses.png|/MS365UserLicenses.png]]<br />
Set your user active.<br />
[[File:MS365ActiveUsers.png|none|thumb|600x600px|/MS365ActiveUsers.png|/MS365ActiveUsers.png]]<br />
Locate the Mail tab of your user.<br />
[[File:MS365UserEMail.png|none|thumb|600x600px|/MS365UserEMail.png|/MS365UserEMail.png]]<br />
Allow authenticated SMTP.<br />
[[File:MS365AuthenticatedSMTP.png|none|thumb|600x600px|/MS365AuthenticatedSMTP.png|/MS365AuthenticatedSMTP.png]]<br />
Login to the Exchange admin center (<nowiki>https://admin.exchange.microsoft.com</nowiki>).<br />
[[File:ExchangeAdminCenter.png|none|thumb|600x600px|/ExchangeAdminCenter.png|/ExchangeAdminCenter.png]]<br />
Remove deactivation of the SMTP AUTH protocol.<br />
[[File:ExchangeRemoveDeavtivatedOAuth2.png|none|thumb|600x600px|/ExchangeRemoveDeavtivatedOAuth2.png|/ExchangeRemoveDeavtivatedOAuth2.png]]<br />
With this Microsoft setup the OAuth2 configuration for the resource owner password credentials flow can be filled in as follows. <br />
[[File:OAuth2ResourceOwnerPasswordCredentials.png|none|thumb|600x600px|/OAuth2ResourceOwnerPasswordCredentials.png|/OAuth2ResourceOwnerPasswordCredentials.png]]<br />
For interactive authorization this is the OAuth2 configuration. Authorize e-mail access one time and send a test mail to verify everything went well.<br />
[[File:OAuth2InteractiveAuthorization.png|none|thumb|600x600px|/OAuth2InteractiveAuthorization.png|/OAuth2InteractiveAuthorization.png]]<br />
<br />
== Gmail ==<br />
Login to the Google Cloud Console (https://console.cloud.google.com), select a project, New project.<br />
[[File:GoogleSelectProject.png|none|thumb|600x600px|/GoogleSelectProject.png|/GoogleSelectProject.png]]<br />
Create the project.<br />
[[File:GoogleCreateProject.png|none|thumb|600x600px|/GoogleCreateProject.png|/GoogleCreateProject.png]]<br />
Client credentials will be created in this project.<br />
[[File:GoogleProjectCreated.png|none|thumb|600x600px|/GoogleProjectCreated.png|/GoogleProjectCreated.png]]<br />
From the library specify the APIs needed to access.<br />
[[File:GoogleApisServicesFromLibrary.png|none|thumb|600x600px|/GoogleApisServicesFromLibrary.png|/GoogleApisServicesFromLibrary.png]]<br />
These are in the Gmail API.<br />
[[File:GoogleApisServicesApiLibrary.png|none|thumb|600x600px|/GoogleApisServicesApiLibrary.png|/GoogleApisServicesApiLibrary.png]]<br />
Choose the Gmail API and enable it.<br />
[[File:GoogleGmailApis.png|none|thumb|600x600px|/GoogleGmailApis.png|/GoogleGmailApis.png]]<br />
Credentials need to be created.<br />
[[File:GoogleGmailApiAdded.png|none|thumb|600x600px|/GoogleGmailApiAdded.png|/GoogleGmailApiAdded.png]]<br />
Invoke the help me choose wizard.<br />
[[File:GoogleCreateCredentialsHelpMeChoose.png|none|thumb|600x600px|/GoogleCreateCredentialsHelpMeChoose.png|/GoogleCreateCredentialsHelpMeChoose.png]]<br />
User data access is needed.<br />
[[File:GoogleCredentialsUserData.png|none|thumb|600x600px|/GoogleCredentialsUserData.png|/GoogleCredentialsUserData.png]]<br />
Configure the consent screen of the interactive authorization.<br />
[[File:GoogleOAuthConsentScreen.png|none|thumb|600x600px|/GoogleOAuthConsentScreen.png|/GoogleOAuthConsentScreen.png]]<br />
Specify the permissions that need to be authorized by the user.<br />
[[File:GoogleOAuthScopes.png|none|thumb|600x600px|/GoogleOAuthScopes.png|/GoogleOAuthScopes.png]]<br />
Its mail.google.com in general.<br />
[[File:GoogleScopeMailGoogleCom.png|none|thumb|600x600px|/GoogleScopeMailGoogleCom.png|/GoogleScopeMailGoogleCom.png]]<br />
And its to send email on the users behalf.<br />
[[File:GoogleScopeAuthGmailSend.png|none|thumb|600x600px|/GoogleScopeAuthGmailSend.png|/GoogleScopeAuthGmailSend.png]]<br />
These are the scopes needed.<br />
[[File:GoogleScopes.png|none|thumb|600x600px|/GoogleScopes.png|/GoogleScopes.png]]<br />
Ask client credentials for Web type application.<br />
[[File:GoogleOAuthClientID.png|none|thumb|600x600px|/GoogleOAuthClientID.png|/GoogleOAuthClientID.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:GoogleRedirectURIs.png|none|thumb|600x600px|/GoogleRedirectURIs.png|/GoogleRedirectURIs.png]]<br />
Download the credentials. This json file contains all information for OAuth2 configuration.<br />
[[File:GoogleClientCredentialsDownload.png|none|thumb|600x600px|/GoogleClientCredentialsDownload.png|/GoogleClientCredentialsDownload.png]]<br />
Customize the OAuth consent screen<br />
[[File:GoogleOAuthConsentScreenSettings.png|none|thumb|600x600px|/GoogleOAuthConsentScreenSettings.png|/GoogleOAuthConsentScreenSettings.png]]<br />
Start the customization wizard.<br />
[[File:GoogleConsentScreenWizard.png|none|thumb|600x600px|/GoogleConsentScreenWizard.png|/GoogleConsentScreenWizard.png]]<br />
Choose which users may authorize.<br />
[[File:GoogleAudienceExternal.png|none|thumb|600x600px|/GoogleAudienceExternal.png|/GoogleAudienceExternal.png]]<br />
Google workspace users may choose internal audience. Users not in Google workspace proceed with external.<br />
[[File:GoogleContactInformation.png|none|thumb|600x600px|/GoogleContactInformation.png|/GoogleContactInformation.png]]<br />
Add a test user.<br />
[[File:GoogleTestUserAdded.png|none|thumb|600x600px|/GoogleTestUserAdded.png|/GoogleTestUserAdded.png]]<br />
The OAuth2 parameters can be filled in with the information from the json file downloaded above. Authorize e-mail access one time and send a test mail to verify everything went well.<br />
[[File:OAuth2InteractiveGmail.png|none|thumb|600x600px|/OAuth2InteractiveGmail.png|/OAuth2InteractiveGmail.png]]<br />
<br />
== Generic ==<br />
<br />
For other e-mail providers the client secret post OAuth2 flow may be configured in a generic way. Details need to be supplied by the e-mail provider.<br />
<br />
For the Microsoft 365 setup above it would be as follows with Token endpoint ''<nowiki>https://login.microsoftonline.com/af326a34-169c-469e-946b-1ef57925306b/oauth2/v2.0/token</nowiki>'' Authorization URL ''<nowiki>https://login.microsoftonline.com/af326a34-169c-469e-946b-1ef57925306b/oauth2/v2.0/authorize?scope=https://outlook.office.com/SMTP.Send</nowiki> offline_access'' The configuration appends ''&response_type=code&prompt=consent&login_hint=...&redirect_uri=...&client_id=...'' automatically.[[File:OAuth2ClientSecretPost.png|none|thumb|600x600px|/OAuth2ClientSecretPost.png|/OAuth2ClientSecretPost.png]]<br />
For the Gmail example above the generic confguration would be like this with Token endpoint ''<nowiki>https://oauth2.googleapis.com/token</nowiki>'' Authorization URL ''<nowiki>https://accounts.google.com/o/oauth2/auth?access_type=offline&scope=https://mail.google.com/</nowiki>'' The configuration appends ''&response_type=code&prompt=consent&login_hint=...&redirect_uri=...&client_id=...'' automatically.<br />
[[File:OAith2ClientSecretPostGmail.png|none|thumb|600x600px|/OAith2ClientSecretPostGmail.png]]<br />
The private key jwt OAuth2 flow can be configured generically as well.[[File:OAuth2PrivateKeyJWT.png|none|thumb|600x600px|/OAuth2PrivateKeyJWT.png|/OAuth2PrivateKeyJWT.png]]</div>Tmohttps://wiki.innovaphone.com/index.php?title=Howto16r1:Configure_OAuth2_E-Mail&diff=78158Howto16r1:Configure OAuth2 E-Mail2025-10-05T08:08:43Z<p>Tmo: </p>
<hr />
<div>{{FIXME|reason=This product is in the beta phase and is not yet finished}}<br />
<br />
innovaphone PBX and apps can be configured to send E-Mails for various subjects and purposes. Major E-Mail providers intent to discontinue the username/password authentication schemes in favour of OAuth2. PBX and Apps version 16r1 does support OAuth2 authentication for SMTP. Here is a step by step guide how to set up OAuth2 support in Microsoft 365 through the Azure Portal and how to set it up on a Google Gmail account in the Google Cloud Console.<br />
<br />
== Microsoft 365 ==<br />
Log in to Microsoft Azure Portal (<nowiki>https://portal.azure.com</nowiki>) and go to Microsoft Entra ID.<br />
[[File:AzureMicrosoftEntraID.png|none|thumb|600x600px|/AzureMicrosoftEntraID.png|/AzureMicrosoftEntraID.png]]<br />
Add a new app registration to create client credentials.<br />
[[File:AzureAddAppRegistration.png|none|thumb|600x600px|/AzureAddAppRegistration.png|/AzureAddAppRegistration.png]]<br />
Register the application and maybe already fill in the redirect URI for Web based application type to path OAUTH2-CLIENT/auth.htm at the PBX.<br />
[[File:AzureRegisterAnApplication.png|none|thumb|600x600px|/AzureRegisterAnApplication.png|/AzureRegisterAnApplication.png]]<br />
App registration is complete. Client ID and tenant needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureApp.png|none|thumb|600x600px|/AzureApp.png|/AzureApp.png]]<br />
Create a client secret.<br />
[[File:AzureAddClientSecret.png|none|thumb|600x600px|/AzureAddClientSecret.png|/AzureAddClientSecret.png]]<br />
Copy the client secret. It also needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureCopyClientSecret.png|none|thumb|600x600px|/AzureCopyClientSecret.png|/AzureCopyClientSecret.png]]<br />
Add permissions located in APIs my organization uses.<br />
[[File:AzureAddApiPermissionMyOrganization.png|none|thumb|600x600px|/AzureAddApiPermissionMyOrganization.png|/AzureAddApiPermissionMyOrganization.png]]<br />
More precisely located in Office 365 Exchange Online.<br />
[[File:AzureAddApiPermissionExchange.png|none|thumb|600x600px|/AzureAddApiPermissionExchange.png|/AzureAddApiPermissionExchange.png]]<br />
And there in the application permissions.<br />
[[File:AzureAddApiExchangeApplication.png|none|thumb|600x600px|/AzureAddApiExchangeApplication.png|/AzureAddApiExchangeApplication.png]]<br />
Namely SMTP Mail.Send.<br />
[[File:AzureAddApiSendMailAsUser.png|none|thumb|600x600px|/AzureAddApiSendMailAsUser.png|/AzureAddApiSendMailAsUser.png]]<br />
Grant admin permission for Mail.Send.<br />
[[File:AzureGrantApiPermissions.png|none|thumb|600x600px|/AzureGrantApiPermissions.png|/AzureGrantApiPermissions.png]]<br />
API permissions are now granted.<br />
[[File:AzureApiPermissionsGranted.png|none|thumb|600x600px|/AzureApiPermissionsGranted.png|/AzureApiPermissionsGranted.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:AzureRedirectUris.png|none|thumb|600x600px|/AzureRedirectUris.png|/AzureRedirectUris.png]]<br />
Allow public client flows of OAuth2. Resource Owner Password Credentials Flow has the advantage that it doesn't need interactive authorization.<br />
[[File:AzureAllowPublicClientFlows.png|none|thumb|600x600px|/AzureAllowPublicClientFlows.png|/AzureAllowPublicClientFlows.png]]<br />
Log in to the Microsoft 365 admin center (https://admin.cloud.microsoft).<br />
[[File:MS365AdminCenter.png|none|thumb|600x600px|/MS365AdminCenter.png|/MS365AdminCenter.png]]<br />
Make sure that Microsoft 365 licenses are assigned to your user.<br />
[[File:MS365UserLicenses.png|none|thumb|600x600px|/MS365UserLicenses.png|/MS365UserLicenses.png]]<br />
Set your user active.<br />
[[File:MS365ActiveUsers.png|none|thumb|600x600px|/MS365ActiveUsers.png|/MS365ActiveUsers.png]]<br />
Locate the Mail tab of your user.<br />
[[File:MS365UserEMail.png|none|thumb|600x600px|/MS365UserEMail.png|/MS365UserEMail.png]]<br />
Allow authenticated SMTP.<br />
[[File:MS365AuthenticatedSMTP.png|none|thumb|600x600px|/MS365AuthenticatedSMTP.png|/MS365AuthenticatedSMTP.png]]<br />
Login to the Exchange admin center (<nowiki>https://admin.exchange.microsoft.com</nowiki>).<br />
[[File:ExchangeAdminCenter.png|none|thumb|600x600px|/ExchangeAdminCenter.png|/ExchangeAdminCenter.png]]<br />
Remove deactivation of the SMTP AUTH protocol.<br />
[[File:ExchangeRemoveDeavtivatedOAuth2.png|none|thumb|600x600px|/ExchangeRemoveDeavtivatedOAuth2.png|/ExchangeRemoveDeavtivatedOAuth2.png]]<br />
With this Microsoft setup the OAuth2 configuration for the resource owner password credentials flow can be filled in as follows. <br />
[[File:OAuth2ResourceOwnerPasswordCredentials.png|none|thumb|600x600px|/OAuth2ResourceOwnerPasswordCredentials.png|/OAuth2ResourceOwnerPasswordCredentials.png]]<br />
For interactive authorization this is the OAuth2 configuration. Authorize e-mail access one time and send a test mail to verify everything went well.<br />
[[File:OAuth2InteractiveAuthorization.png|none|thumb|600x600px|/OAuth2InteractiveAuthorization.png|/OAuth2InteractiveAuthorization.png]]<br />
<br />
== Gmail ==<br />
Login to the Google Cloud Console (https://console.cloud.google.com), select a project, New project.<br />
[[File:GoogleSelectProject.png|none|thumb|600x600px|/GoogleSelectProject.png|/GoogleSelectProject.png]]<br />
Create the project.<br />
[[File:GoogleCreateProject.png|none|thumb|600x600px|/GoogleCreateProject.png|/GoogleCreateProject.png]]<br />
Client credentials will be created in this project.<br />
[[File:GoogleProjectCreated.png|none|thumb|600x600px|/GoogleProjectCreated.png|/GoogleProjectCreated.png]]<br />
From the library specify the APIs needed to access.<br />
[[File:GoogleApisServicesFromLibrary.png|none|thumb|600x600px|/GoogleApisServicesFromLibrary.png|/GoogleApisServicesFromLibrary.png]]<br />
These are in the Gmail API.<br />
[[File:GoogleApisServicesApiLibrary.png|none|thumb|600x600px|/GoogleApisServicesApiLibrary.png|/GoogleApisServicesApiLibrary.png]]<br />
Choose the Gmail API and enable it.<br />
[[File:GoogleGmailApis.png|none|thumb|600x600px|/GoogleGmailApis.png|/GoogleGmailApis.png]]<br />
Credentials need to be created.<br />
[[File:GoogleGmailApiAdded.png|none|thumb|600x600px|/GoogleGmailApiAdded.png|/GoogleGmailApiAdded.png]]<br />
Invoke the help me choose wizard.<br />
[[File:GoogleCreateCredentialsHelpMeChoose.png|none|thumb|600x600px|/GoogleCreateCredentialsHelpMeChoose.png|/GoogleCreateCredentialsHelpMeChoose.png]]<br />
User data access is needed.<br />
[[File:GoogleCredentialsUserData.png|none|thumb|600x600px|/GoogleCredentialsUserData.png|/GoogleCredentialsUserData.png]]<br />
Configure the consent screen of the interactive authorization.<br />
[[File:GoogleOAuthConsentScreen.png|none|thumb|600x600px|/GoogleOAuthConsentScreen.png|/GoogleOAuthConsentScreen.png]]<br />
Specify the permissions that need to be authorized by the user.<br />
[[File:GoogleOAuthScopes.png|none|thumb|600x600px|/GoogleOAuthScopes.png|/GoogleOAuthScopes.png]]<br />
Its mail.google.com in general.<br />
[[File:GoogleScopeMailGoogleCom.png|none|thumb|600x600px|/GoogleScopeMailGoogleCom.png|/GoogleScopeMailGoogleCom.png]]<br />
And its to send email on the users behalf.<br />
[[File:GoogleScopeAuthGmailSend.png|none|thumb|600x600px|/GoogleScopeAuthGmailSend.png|/GoogleScopeAuthGmailSend.png]]<br />
These are the scopes needed.<br />
[[File:GoogleScopes.png|none|thumb|600x600px|/GoogleScopes.png|/GoogleScopes.png]]<br />
Ask client credentials for Web type application.<br />
[[File:GoogleOAuthClientID.png|none|thumb|600x600px|/GoogleOAuthClientID.png|/GoogleOAuthClientID.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:GoogleRedirectURIs.png|none|thumb|600x600px|/GoogleRedirectURIs.png|/GoogleRedirectURIs.png]]<br />
Download the credentials. This json file contains all information for OAuth2 configuration.<br />
[[File:GoogleClientCredentialsDownload.png|none|thumb|600x600px|/GoogleClientCredentialsDownload.png|/GoogleClientCredentialsDownload.png]]<br />
Customize the OAuth consent screen<br />
[[File:GoogleOAuthConsentScreenSettings.png|none|thumb|600x600px|/GoogleOAuthConsentScreenSettings.png|/GoogleOAuthConsentScreenSettings.png]]<br />
Start the customization wizard.<br />
[[File:GoogleConsentScreenWizard.png|none|thumb|600x600px|/GoogleConsentScreenWizard.png|/GoogleConsentScreenWizard.png]]<br />
Choose which users may authorize.<br />
[[File:GoogleAudienceExternal.png|none|thumb|600x600px|/GoogleAudienceExternal.png|/GoogleAudienceExternal.png]]<br />
Google workspace users may choose internal audience. Users not in Google workspace proceed with external.<br />
[[File:GoogleContactInformation.png|none|thumb|600x600px|/GoogleContactInformation.png|/GoogleContactInformation.png]]<br />
Add a test user.<br />
[[File:GoogleTestUserAdded.png|none|thumb|600x600px|/GoogleTestUserAdded.png|/GoogleTestUserAdded.png]]<br />
The OAuth2 parameters can be filled in with the information from the json file downloaded above. Authorize e-mail access one time and send a test mail to verify everything went well.<br />
[[File:OAuth2InteractiveGmail.png|none|thumb|600x600px|/OAuth2InteractiveGmail.png|/OAuth2InteractiveGmail.png]]<br />
<br />
== Generic ==<br />
<br />
For other e-mail providers the client secret post OAuth2 flow may be configured in a generic way. Details need to be supplied by the e-mail provider.<br />
<br />
For the Microsoft 365 setup above it would be as follows with Token endpoint ''<nowiki>https://login.microsoftonline.com/af326a34-169c-469e-946b-1ef57925306b/oauth2/v2.0/token</nowiki>'' Authorization URL ''<nowiki>https://login.microsoftonline.com/af326a34-169c-469e-946b-1ef57925306b/oauth2/v2.0/authorize?scope=https://outlook.office.com/SMTP.Send</nowiki> offline_access'' The configuration appends ''&response_type=code&prompt=consent&login_hint=...&redirect_uri=...&client_id=...'' automatically.[[File:OAuth2ClientSecretPost.png|none|thumb|600x600px|/OAuth2ClientSecretPost.png|/OAuth2ClientSecretPost.png]]<br />
For the Gmail example above the generic confguration would be like this with Token endpoint ''<nowiki>https://oauth2.googleapis.com/token</nowiki>'' Authorization URL ''<nowiki>https://accounts.google.com/o/oauth2/auth?access_type=offline&scope=https://mail.google.com/</nowiki>'' The configuration appends ''&response_type=code&prompt=consent&login_hint=...&redirect_uri=...&client_id=...'' automatically.<br />
[[File:OAith2ClientSecretPostGmail.png|none|thumb|600x600px]]<br />
The private key jwt OAuth2 flow can be configured generically as well.[[File:OAuth2PrivateKeyJWT.png|none|thumb|600x600px|/OAuth2PrivateKeyJWT.png|/OAuth2PrivateKeyJWT.png]]</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:OAith2ClientSecretPostGmail.png&diff=78157File:OAith2ClientSecretPostGmail.png2025-10-05T07:50:49Z<p>Tmo: </p>
<hr />
<div>OAuth2 Client Secret Post Gmail</div>Tmohttps://wiki.innovaphone.com/index.php?title=Howto16r1:Configure_OAuth2_E-Mail&diff=78156Howto16r1:Configure OAuth2 E-Mail2025-10-05T06:49:39Z<p>Tmo: </p>
<hr />
<div>{{FIXME|reason=This product is in the beta phase and is not yet finished}}<br />
<br />
innovaphone PBX and apps can be configured to send E-Mails for various subjects and purposes. Major E-Mail providers intent to discontinue the username/password authentication schemes in favour of OAuth2. PBX and Apps version 16r1 does support OAuth2 authentication for SMTP. Here is a step by step guide how to set up OAuth2 support in Microsoft 365 through the Azure Portal and how to set it up on a Google Gmail account in the Google Cloud Console.<br />
<br />
== Microsoft 365 ==<br />
Log in to Microsoft Azure Portal (<nowiki>https://portal.azure.com</nowiki>) and go to Microsoft Entra ID.<br />
[[File:AzureMicrosoftEntraID.png|none|thumb|600x600px|/AzureMicrosoftEntraID.png|/AzureMicrosoftEntraID.png]]<br />
Add a new app registration to create client credentials.<br />
[[File:AzureAddAppRegistration.png|none|thumb|600x600px|/AzureAddAppRegistration.png|/AzureAddAppRegistration.png]]<br />
Register the application and maybe already fill in the redirect URI for Web based application type to path OAUTH2-CLIENT/auth.htm at the PBX.<br />
[[File:AzureRegisterAnApplication.png|none|thumb|600x600px|/AzureRegisterAnApplication.png|/AzureRegisterAnApplication.png]]<br />
App registration is complete. Client ID and tenant needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureApp.png|none|thumb|600x600px|/AzureApp.png|/AzureApp.png]]<br />
Create a client secret.<br />
[[File:AzureAddClientSecret.png|none|thumb|600x600px|/AzureAddClientSecret.png|/AzureAddClientSecret.png]]<br />
Copy the client secret. It also needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureCopyClientSecret.png|none|thumb|600x600px|/AzureCopyClientSecret.png|/AzureCopyClientSecret.png]]<br />
Add permissions located in APIs my organization uses.<br />
[[File:AzureAddApiPermissionMyOrganization.png|none|thumb|600x600px|/AzureAddApiPermissionMyOrganization.png|/AzureAddApiPermissionMyOrganization.png]]<br />
More precisely located in Office 365 Exchange Online.<br />
[[File:AzureAddApiPermissionExchange.png|none|thumb|600x600px|/AzureAddApiPermissionExchange.png|/AzureAddApiPermissionExchange.png]]<br />
And there in the application permissions.<br />
[[File:AzureAddApiExchangeApplication.png|none|thumb|600x600px|/AzureAddApiExchangeApplication.png|/AzureAddApiExchangeApplication.png]]<br />
Namely SMTP Mail.Send.<br />
[[File:AzureAddApiSendMailAsUser.png|none|thumb|600x600px|/AzureAddApiSendMailAsUser.png|/AzureAddApiSendMailAsUser.png]]<br />
Grant admin permission for Mail.Send.<br />
[[File:AzureGrantApiPermissions.png|none|thumb|600x600px|/AzureGrantApiPermissions.png|/AzureGrantApiPermissions.png]]<br />
API permissions are now granted.<br />
[[File:AzureApiPermissionsGranted.png|none|thumb|600x600px|/AzureApiPermissionsGranted.png|/AzureApiPermissionsGranted.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:AzureRedirectUris.png|none|thumb|600x600px|/AzureRedirectUris.png|/AzureRedirectUris.png]]<br />
Allow public client flows of OAuth2. Resource Owner Password Credentials Flow has the advantage that it doesn't need interactive authorization.<br />
[[File:AzureAllowPublicClientFlows.png|none|thumb|600x600px|/AzureAllowPublicClientFlows.png|/AzureAllowPublicClientFlows.png]]<br />
Log in to the Microsoft 365 admin center (https://admin.cloud.microsoft).<br />
[[File:MS365AdminCenter.png|none|thumb|600x600px|/MS365AdminCenter.png|/MS365AdminCenter.png]]<br />
Make sure that Microsoft 365 licenses are assigned to your user.<br />
[[File:MS365UserLicenses.png|none|thumb|600x600px|/MS365UserLicenses.png|/MS365UserLicenses.png]]<br />
Set your user active.<br />
[[File:MS365ActiveUsers.png|none|thumb|600x600px|/MS365ActiveUsers.png|/MS365ActiveUsers.png]]<br />
Locate the Mail tab of your user.<br />
[[File:MS365UserEMail.png|none|thumb|600x600px|/MS365UserEMail.png|/MS365UserEMail.png]]<br />
Allow authenticated SMTP.<br />
[[File:MS365AuthenticatedSMTP.png|none|thumb|600x600px|/MS365AuthenticatedSMTP.png|/MS365AuthenticatedSMTP.png]]<br />
Login to the Exchange admin center (<nowiki>https://admin.exchange.microsoft.com</nowiki>).<br />
[[File:ExchangeAdminCenter.png|none|thumb|600x600px|/ExchangeAdminCenter.png|/ExchangeAdminCenter.png]]<br />
Remove deactivation of the SMTP AUTH protocol.<br />
[[File:ExchangeRemoveDeavtivatedOAuth2.png|none|thumb|600x600px|/ExchangeRemoveDeavtivatedOAuth2.png|/ExchangeRemoveDeavtivatedOAuth2.png]]<br />
With this Microsoft setup the OAuth2 configuration for the resource owner password credentials flow can be filled in as follows. <br />
[[File:OAuth2ResourceOwnerPasswordCredentials.png|none|thumb|600x600px|/OAuth2ResourceOwnerPasswordCredentials.png|/OAuth2ResourceOwnerPasswordCredentials.png]]<br />
For interactive authorization this is the OAuth2 configuration. Authorize e-mail access one time and send a test mail to verify everything went well.<br />
[[File:OAuth2InteractiveAuthorization.png|none|thumb|600x600px|/OAuth2InteractiveAuthorization.png|/OAuth2InteractiveAuthorization.png]]<br />
<br />
== Gmail ==<br />
Login to the Google Cloud Console (https://console.cloud.google.com), select a project, New project.<br />
[[File:GoogleSelectProject.png|none|thumb|600x600px|/GoogleSelectProject.png|/GoogleSelectProject.png]]<br />
Create the project.<br />
[[File:GoogleCreateProject.png|none|thumb|600x600px|/GoogleCreateProject.png|/GoogleCreateProject.png]]<br />
Client credentials will be created in this project.<br />
[[File:GoogleProjectCreated.png|none|thumb|600x600px|/GoogleProjectCreated.png|/GoogleProjectCreated.png]]<br />
From the library specify the APIs needed to access.<br />
[[File:GoogleApisServicesFromLibrary.png|none|thumb|600x600px|/GoogleApisServicesFromLibrary.png|/GoogleApisServicesFromLibrary.png]]<br />
These are in the Gmail API.<br />
[[File:GoogleApisServicesApiLibrary.png|none|thumb|600x600px|/GoogleApisServicesApiLibrary.png|/GoogleApisServicesApiLibrary.png]]<br />
Choose the Gmail API and enable it.<br />
[[File:GoogleGmailApis.png|none|thumb|600x600px|/GoogleGmailApis.png|/GoogleGmailApis.png]]<br />
Credentials need to be created.<br />
[[File:GoogleGmailApiAdded.png|none|thumb|600x600px|/GoogleGmailApiAdded.png|/GoogleGmailApiAdded.png]]<br />
Invoke the help me choose wizard.<br />
[[File:GoogleCreateCredentialsHelpMeChoose.png|none|thumb|600x600px|/GoogleCreateCredentialsHelpMeChoose.png|/GoogleCreateCredentialsHelpMeChoose.png]]<br />
User data access is needed.<br />
[[File:GoogleCredentialsUserData.png|none|thumb|600x600px|/GoogleCredentialsUserData.png|/GoogleCredentialsUserData.png]]<br />
Configure the consent screen of the interactive authorization.<br />
[[File:GoogleOAuthConsentScreen.png|none|thumb|600x600px|/GoogleOAuthConsentScreen.png|/GoogleOAuthConsentScreen.png]]<br />
Specify the permissions that need to be authorized by the user.<br />
[[File:GoogleOAuthScopes.png|none|thumb|600x600px|/GoogleOAuthScopes.png|/GoogleOAuthScopes.png]]<br />
Its mail.google.com in general.<br />
[[File:GoogleScopeMailGoogleCom.png|none|thumb|600x600px|/GoogleScopeMailGoogleCom.png|/GoogleScopeMailGoogleCom.png]]<br />
And its to send email on the users behalf.<br />
[[File:GoogleScopeAuthGmailSend.png|none|thumb|600x600px|/GoogleScopeAuthGmailSend.png|/GoogleScopeAuthGmailSend.png]]<br />
These are the scopes needed.<br />
[[File:GoogleScopes.png|none|thumb|600x600px|/GoogleScopes.png|/GoogleScopes.png]]<br />
Ask client credentials for Web type application.<br />
[[File:GoogleOAuthClientID.png|none|thumb|600x600px|/GoogleOAuthClientID.png|/GoogleOAuthClientID.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:GoogleRedirectURIs.png|none|thumb|600x600px|/GoogleRedirectURIs.png|/GoogleRedirectURIs.png]]<br />
Download the credentials. This json file contains all information for OAuth2 configuration.<br />
[[File:GoogleClientCredentialsDownload.png|none|thumb|600x600px|/GoogleClientCredentialsDownload.png|/GoogleClientCredentialsDownload.png]]<br />
Customize the OAuth consent screen<br />
[[File:GoogleOAuthConsentScreenSettings.png|none|thumb|600x600px|/GoogleOAuthConsentScreenSettings.png|/GoogleOAuthConsentScreenSettings.png]]<br />
Start the customization wizard.<br />
[[File:GoogleConsentScreenWizard.png|none|thumb|600x600px|/GoogleConsentScreenWizard.png|/GoogleConsentScreenWizard.png]]<br />
Choose which users may authorize.<br />
[[File:GoogleAudienceExternal.png|none|thumb|600x600px|/GoogleAudienceExternal.png|/GoogleAudienceExternal.png]]<br />
Google workspace users may choose internal audience. Users not in Google workspace proceed with external.<br />
[[File:GoogleContactInformation.png|none|thumb|600x600px|/GoogleContactInformation.png|/GoogleContactInformation.png]]<br />
Add a test user.<br />
[[File:GoogleTestUserAdded.png|none|thumb|600x600px|/GoogleTestUserAdded.png|/GoogleTestUserAdded.png]]<br />
The OAuth2 parameters can be filled in with the information from the json file downloaded above. Authorize e-mail access one time and send a test mail to verify everything went well.<br />
[[File:OAuth2InteractiveGmail.png|none|thumb|600x600px|/OAuth2InteractiveGmail.png|/OAuth2InteractiveGmail.png]]<br />
<br />
== Generic ==<br />
<br />
For other e-mail providers the client secret post OAuth2 flow may be configured in a generic way. Details need to be supplied by the e-mail provider.<br />
<br />
For the Microsoft 365 setup above it would be as follows with<br />
<br />
Token endpoint: ''<nowiki>https://login.microsoftonline.com/af326a34-169c-469e-946b-1ef57925306b/oauth2/v2.0/token</nowiki>''<br />
<br />
Authorization URL: ''<nowiki>https://login.microsoftonline.com/af326a34-169c-469e-946b-1ef57925306b/oauth2/v2.0/authorize?scope=https://outlook.office.com/SMTP.Send</nowiki> offline_access''<br />
[[File:OAuth2ClientSecretPost.png|none|thumb|600x600px|/OAuth2ClientSecretPost.png|/OAuth2ClientSecretPost.png]]<br />
For the Gmail example above the generic confguration would be like this with<br />
<br />
<br />
<br />
The private key jwt OAuth2 flow can be configured generically as well.<br />
[[File:OAuth2PrivateKeyJWT.png|none|thumb|600x600px|/OAuth2PrivateKeyJWT.png|/OAuth2PrivateKeyJWT.png]]</div>Tmohttps://wiki.innovaphone.com/index.php?title=Howto16r1:Configure_OAuth2_E-Mail&diff=78153Howto16r1:Configure OAuth2 E-Mail2025-10-03T11:54:39Z<p>Tmo: </p>
<hr />
<div>{{FIXME|reason=This product is in the beta phase and is not yet finished}}<br />
<br />
innovaphone PBX and apps can be configured to send E-Mails for various subjects and purposes. Major E-Mail providers intent to discontinue the username/password authentication schemes in favour of OAuth2. PBX and Apps version 16r1 does support OAuth2 authentication for SMTP. Here is a step by step guide how to set up OAuth2 support in Microsoft 365 through the Azure Portal and how to set it up on a Google Gmail account in the Google Cloud Console.<br />
<br />
== Microsoft 365 ==<br />
Log in to Microsoft Azure Portal (<nowiki>https://portal.azure.com</nowiki>) and go to Microsoft Entra ID.<br />
[[File:AzureMicrosoftEntraID.png|none|thumb|600x600px|/AzureMicrosoftEntraID.png|/AzureMicrosoftEntraID.png]]<br />
Add a new app registration to create client credentials.<br />
[[File:AzureAddAppRegistration.png|none|thumb|600x600px|/AzureAddAppRegistration.png|/AzureAddAppRegistration.png]]<br />
Register the application and maybe already fill in the redirect URI for Web based application type to path OAUTH2-CLIENT/auth.htm at the PBX.<br />
[[File:AzureRegisterAnApplication.png|none|thumb|600x600px|/AzureRegisterAnApplication.png|/AzureRegisterAnApplication.png]]<br />
App registration is complete. Client ID and tenant needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureApp.png|none|thumb|600x600px|/AzureApp.png|/AzureApp.png]]<br />
Create a client secret.<br />
[[File:AzureAddClientSecret.png|none|thumb|600x600px|/AzureAddClientSecret.png|/AzureAddClientSecret.png]]<br />
Copy the client secret. It also needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureCopyClientSecret.png|none|thumb|600x600px|/AzureCopyClientSecret.png|/AzureCopyClientSecret.png]]<br />
Add permissions located in APIs my organization uses.<br />
[[File:AzureAddApiPermissionMyOrganization.png|none|thumb|600x600px|/AzureAddApiPermissionMyOrganization.png|/AzureAddApiPermissionMyOrganization.png]]<br />
More precisely located in Office 365 Exchange Online.<br />
[[File:AzureAddApiPermissionExchange.png|none|thumb|600x600px|/AzureAddApiPermissionExchange.png|/AzureAddApiPermissionExchange.png]]<br />
And there in the application permissions.<br />
[[File:AzureAddApiExchangeApplication.png|none|thumb|600x600px|/AzureAddApiExchangeApplication.png|/AzureAddApiExchangeApplication.png]]<br />
Namely SMTP Mail.Send.<br />
[[File:AzureAddApiSendMailAsUser.png|none|thumb|600x600px|/AzureAddApiSendMailAsUser.png|/AzureAddApiSendMailAsUser.png]]<br />
Grant admin permission for Mail.Send.<br />
[[File:AzureGrantApiPermissions.png|none|thumb|600x600px|/AzureGrantApiPermissions.png|/AzureGrantApiPermissions.png]]<br />
API permissions are now granted.<br />
[[File:AzureApiPermissionsGranted.png|none|thumb|600x600px|/AzureApiPermissionsGranted.png|/AzureApiPermissionsGranted.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:AzureRedirectUris.png|none|thumb|600x600px|/AzureRedirectUris.png|/AzureRedirectUris.png]]<br />
Allow public client flows of OAuth2. Resource Owner Password Credentials Flow has the advantage that it doesn't need interactive authorization.<br />
[[File:AzureAllowPublicClientFlows.png|none|thumb|600x600px|/AzureAllowPublicClientFlows.png|/AzureAllowPublicClientFlows.png]]<br />
Log in to the Microsoft 365 admin center (https://admin.cloud.microsoft).<br />
[[File:MS365AdminCenter.png|none|thumb|600x600px|/MS365AdminCenter.png|/MS365AdminCenter.png]]<br />
Make sure that Microsoft 365 licenses are assigned to your user.<br />
[[File:MS365UserLicenses.png|none|thumb|600x600px|/MS365UserLicenses.png|/MS365UserLicenses.png]]<br />
Set your user active.<br />
[[File:MS365ActiveUsers.png|none|thumb|600x600px|/MS365ActiveUsers.png|/MS365ActiveUsers.png]]<br />
Locate the Mail tab of your user.<br />
[[File:MS365UserEMail.png|none|thumb|600x600px|/MS365UserEMail.png|/MS365UserEMail.png]]<br />
Allow authenticated SMTP.<br />
[[File:MS365AuthenticatedSMTP.png|none|thumb|600x600px|/MS365AuthenticatedSMTP.png|/MS365AuthenticatedSMTP.png]]<br />
Login to the Exchange admin center (<nowiki>https://admin.exchange.microsoft.com</nowiki>).<br />
[[File:ExchangeAdminCenter.png|none|thumb|600x600px|/ExchangeAdminCenter.png|/ExchangeAdminCenter.png]]<br />
Remove deactivation of the SMTP AUTH protocol.<br />
[[File:ExchangeRemoveDeavtivatedOAuth2.png|none|thumb|600x600px|/ExchangeRemoveDeavtivatedOAuth2.png|/ExchangeRemoveDeavtivatedOAuth2.png]]<br />
With this Microsoft setup the OAuth2 configuration for the resource owner password credentials flow can be filled in as follows. <br />
[[File:OAuth2ResourceOwnerPasswordCredentials.png|none|thumb|600x600px|/OAuth2ResourceOwnerPasswordCredentials.png|/OAuth2ResourceOwnerPasswordCredentials.png]]<br />
For interactive authorization this is the OAuth2 configuration. Authorize e-mail access one time and send a test mail to verify everything went well.<br />
[[File:OAuth2InteractiveAuthorization.png|none|thumb|600x600px|/OAuth2InteractiveAuthorization.png|/OAuth2InteractiveAuthorization.png]]<br />
<br />
== Gmail ==<br />
Login to the Google Cloud Console (https://console.cloud.google.com), select a project, New project.<br />
[[File:GoogleSelectProject.png|none|thumb|600x600px|/GoogleSelectProject.png|/GoogleSelectProject.png]]<br />
Create the project.<br />
[[File:GoogleCreateProject.png|none|thumb|600x600px|/GoogleCreateProject.png|/GoogleCreateProject.png]]<br />
Client credentials will be created in this project.<br />
[[File:GoogleProjectCreated.png|none|thumb|600x600px|/GoogleProjectCreated.png|/GoogleProjectCreated.png]]<br />
From the library specify the APIs needed to access.<br />
[[File:GoogleApisServicesFromLibrary.png|none|thumb|600x600px|/GoogleApisServicesFromLibrary.png|/GoogleApisServicesFromLibrary.png]]<br />
These are in the Gmail API.<br />
[[File:GoogleApisServicesApiLibrary.png|none|thumb|600x600px|/GoogleApisServicesApiLibrary.png|/GoogleApisServicesApiLibrary.png]]<br />
Choose the Gmail API and enable it.<br />
[[File:GoogleGmailApis.png|none|thumb|600x600px|/GoogleGmailApis.png|/GoogleGmailApis.png]]<br />
Credentials need to be created.<br />
[[File:GoogleGmailApiAdded.png|none|thumb|600x600px|/GoogleGmailApiAdded.png|/GoogleGmailApiAdded.png]]<br />
Invoke the help me choose wizard.<br />
[[File:GoogleCreateCredentialsHelpMeChoose.png|none|thumb|600x600px|/GoogleCreateCredentialsHelpMeChoose.png|/GoogleCreateCredentialsHelpMeChoose.png]]<br />
User data access is needed.<br />
[[File:GoogleCredentialsUserData.png|none|thumb|600x600px|/GoogleCredentialsUserData.png|/GoogleCredentialsUserData.png]]<br />
Configure the consent screen of the interactive authorization.<br />
[[File:GoogleOAuthConsentScreen.png|none|thumb|600x600px|/GoogleOAuthConsentScreen.png|/GoogleOAuthConsentScreen.png]]<br />
Specify the permissions that need to be authorized by the user.<br />
[[File:GoogleOAuthScopes.png|none|thumb|600x600px|/GoogleOAuthScopes.png|/GoogleOAuthScopes.png]]<br />
Its mail.google.com in general.<br />
[[File:GoogleScopeMailGoogleCom.png|none|thumb|600x600px|/GoogleScopeMailGoogleCom.png|/GoogleScopeMailGoogleCom.png]]<br />
And its to send email on the users behalf.<br />
[[File:GoogleScopeAuthGmailSend.png|none|thumb|600x600px|/GoogleScopeAuthGmailSend.png|/GoogleScopeAuthGmailSend.png]]<br />
These are the scopes needed.<br />
[[File:GoogleScopes.png|none|thumb|600x600px|/GoogleScopes.png|/GoogleScopes.png]]<br />
Ask client credentials for Web type application.<br />
[[File:GoogleOAuthClientID.png|none|thumb|600x600px|/GoogleOAuthClientID.png|/GoogleOAuthClientID.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:GoogleRedirectURIs.png|none|thumb|600x600px|/GoogleRedirectURIs.png|/GoogleRedirectURIs.png]]<br />
Download the credentials. This json file contains all information for OAuth2 configuration.<br />
[[File:GoogleClientCredentialsDownload.png|none|thumb|600x600px|/GoogleClientCredentialsDownload.png|/GoogleClientCredentialsDownload.png]]<br />
Customize the OAuth consent screen<br />
[[File:GoogleOAuthConsentScreenSettings.png|none|thumb|600x600px|/GoogleOAuthConsentScreenSettings.png|/GoogleOAuthConsentScreenSettings.png]]<br />
Start the customization wizard.<br />
[[File:GoogleConsentScreenWizard.png|none|thumb|600x600px|/GoogleConsentScreenWizard.png|/GoogleConsentScreenWizard.png]]<br />
Choose which users may authorize.<br />
[[File:GoogleAudienceExternal.png|none|thumb|600x600px|/GoogleAudienceExternal.png|/GoogleAudienceExternal.png]]<br />
Google workspace users may choose internal audience. Users not in Google workspace proceed with external.<br />
[[File:GoogleContactInformation.png|none|thumb|600x600px|/GoogleContactInformation.png|/GoogleContactInformation.png]]<br />
Add a test user.<br />
[[File:GoogleTestUserAdded.png|none|thumb|600x600px|/GoogleTestUserAdded.png|/GoogleTestUserAdded.png]]<br />
The OAuth2 parameters can be filled in with the information from the json file downloaded above. Authorize e-mail access one time and send a test mail to verify everything went well.<br />
[[File:OAuth2InteractiveGmail.png|none|thumb|600x600px|/OAuth2InteractiveGmail.png|/OAuth2InteractiveGmail.png]]<br />
<br />
== Generic ==<br />
<br />
For other e-mail providers the client secret post OAuth2 flow may be configured in a generic way. Details need to be supplied by the e-mail provider.<br />
[[File:OAuth2ClientSecretPost.png|none|thumb|600x600px|/OAuth2ClientSecretPost.png|/OAuth2ClientSecretPost.png]]<br />
The private key jwt OAuth2 flow can be configured generically as well.<br />
[[File:OAuth2PrivateKeyJWT.png|none|thumb|600x600px|/OAuth2PrivateKeyJWT.png|/OAuth2PrivateKeyJWT.png]]</div>Tmohttps://wiki.innovaphone.com/index.php?title=Howto16r1:Configure_OAuth2_E-Mail&diff=78152Howto16r1:Configure OAuth2 E-Mail2025-10-03T08:16:53Z<p>Tmo: </p>
<hr />
<div>{{FIXME|reason=This product is in the beta phase and is not yet finished}}<br />
<br />
innovaphone PBX and apps can be configured to send E-Mails for various subjects and purposes. Major E-Mail providers intent to discontinue the username/password authentication schemes in favour of OAuth2. PBX and Apps version 16r1 does support OAuth2 authentication for SMTP. Here is a step by step guide how to set up OAuth2 support in Microsoft 365 through the Azure Portal and how to set it up on a Google Gmail account in the Google Cloud Console.<br />
<br />
== Microsoft 365 ==<br />
Log in to Microsoft Azure Portal (<nowiki>https://portal.azure.com</nowiki>) and go to Microsoft Entra ID.<br />
[[File:AzureMicrosoftEntraID.png|none|thumb|600x600px|/AzureMicrosoftEntraID.png|/AzureMicrosoftEntraID.png]]<br />
Add a new app registration to create client credentials.<br />
[[File:AzureAddAppRegistration.png|none|thumb|600x600px|/AzureAddAppRegistration.png|/AzureAddAppRegistration.png]]<br />
Register the application and maybe already fill in the redirect URI for Web based application type to path OAUTH2-CLIENT/auth.htm at the PBX.<br />
[[File:AzureRegisterAnApplication.png|none|thumb|600x600px|/AzureRegisterAnApplication.png|/AzureRegisterAnApplication.png]]<br />
App registration is complete. Client ID and tenant needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureApp.png|none|thumb|600x600px|/AzureApp.png|/AzureApp.png]]<br />
Create a client secret.<br />
[[File:AzureAddClientSecret.png|none|thumb|600x600px|/AzureAddClientSecret.png|/AzureAddClientSecret.png]]<br />
Copy the client secret. It also needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureCopyClientSecret.png|none|thumb|600x600px|/AzureCopyClientSecret.png|/AzureCopyClientSecret.png]]<br />
Add permissions located in APIs my organization uses.<br />
[[File:AzureAddApiPermissionMyOrganization.png|none|thumb|600x600px|/AzureAddApiPermissionMyOrganization.png|/AzureAddApiPermissionMyOrganization.png]]<br />
More precisely located in Office 365 Exchange Online.<br />
[[File:AzureAddApiPermissionExchange.png|none|thumb|600x600px|/AzureAddApiPermissionExchange.png|/AzureAddApiPermissionExchange.png]]<br />
And there in the application permissions.<br />
[[File:AzureAddApiExchangeApplication.png|none|thumb|600x600px|/AzureAddApiExchangeApplication.png|/AzureAddApiExchangeApplication.png]]<br />
Namely SMTP Mail.Send.<br />
[[File:AzureAddApiSendMailAsUser.png|none|thumb|600x600px|/AzureAddApiSendMailAsUser.png|/AzureAddApiSendMailAsUser.png]]<br />
Grant admin permission for Mail.Send.<br />
[[File:AzureGrantApiPermissions.png|none|thumb|600x600px|/AzureGrantApiPermissions.png|/AzureGrantApiPermissions.png]]<br />
API permissions are now granted.<br />
[[File:AzureApiPermissionsGranted.png|none|thumb|600x600px|/AzureApiPermissionsGranted.png|/AzureApiPermissionsGranted.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:AzureRedirectUris.png|none|thumb|600x600px|/AzureRedirectUris.png|/AzureRedirectUris.png]]<br />
Allow public client flows of OAuth2. Resource Owner Password Credentials Flow has the advantage that it doesn't need interactive authorization.<br />
[[File:AzureAllowPublicClientFlows.png|none|thumb|600x600px|/AzureAllowPublicClientFlows.png|/AzureAllowPublicClientFlows.png]]<br />
Log in to the Microsoft 365 admin center (https://admin.cloud.microsoft).<br />
[[File:MS365AdminCenter.png|none|thumb|600x600px|/MS365AdminCenter.png|/MS365AdminCenter.png]]<br />
Make sure that Microsoft 365 licenses are assigned to your user.<br />
[[File:MS365UserLicenses.png|none|thumb|600x600px|/MS365UserLicenses.png|/MS365UserLicenses.png]]<br />
Set your user active.<br />
[[File:MS365ActiveUsers.png|none|thumb|600x600px|/MS365ActiveUsers.png|/MS365ActiveUsers.png]]<br />
Locate the Mail tab of your user.<br />
[[File:MS365UserEMail.png|none|thumb|600x600px|/MS365UserEMail.png|/MS365UserEMail.png]]<br />
Allow authenticated SMTP.<br />
[[File:MS365AuthenticatedSMTP.png|none|thumb|600x600px|/MS365AuthenticatedSMTP.png|/MS365AuthenticatedSMTP.png]]<br />
Login to the Exchange admin center (<nowiki>https://admin.exchange.microsoft.com</nowiki>).<br />
[[File:ExchangeAdminCenter.png|none|thumb|600x600px|/ExchangeAdminCenter.png|/ExchangeAdminCenter.png]]<br />
Remove deactivation of the SMTP AUTH protocol.<br />
[[File:ExchangeRemoveDeavtivatedOAuth2.png|none|thumb|600x600px|/ExchangeRemoveDeavtivatedOAuth2.png|/ExchangeRemoveDeavtivatedOAuth2.png]]<br />
With this Microsoft setup the OAuth2 configuration for the resource owner password credentials flow can be filled in as follows. <br />
[[File:OAuth2ResourceOwnerPasswordCredentials.png|none|thumb|600x600px|/OAuth2ResourceOwnerPasswordCredentials.png|/OAuth2ResourceOwnerPasswordCredentials.png]]<br />
For interactive authorization this is the OAuth2 configuration. Authorize e-mail access one time and send a test mail to verify everything went well.<br />
[[File:OAuth2InteractiveAuthorization.png|none|thumb|600x600px|/OAuth2InteractiveAuthorization.png|/OAuth2InteractiveAuthorization.png]]<br />
<br />
== Gmail ==<br />
Login to the Google Cloud Console (https://console.cloud.google.com), select a project, New project.<br />
[[File:GoogleSelectProject.png|none|thumb|600x600px|/GoogleSelectProject.png|/GoogleSelectProject.png]]<br />
Create the project.<br />
[[File:GoogleCreateProject.png|none|thumb|600x600px|/GoogleCreateProject.png|/GoogleCreateProject.png]]<br />
Client credentials will be created in this project.<br />
[[File:GoogleProjectCreated.png|none|thumb|600x600px|/GoogleProjectCreated.png|/GoogleProjectCreated.png]]<br />
From the library specify the APIs needed to access.<br />
[[File:GoogleApisServicesFromLibrary.png|none|thumb|600x600px|/GoogleApisServicesFromLibrary.png|/GoogleApisServicesFromLibrary.png]]<br />
These are in the Gmail API.<br />
[[File:GoogleApisServicesApiLibrary.png|none|thumb|600x600px|/GoogleApisServicesApiLibrary.png|/GoogleApisServicesApiLibrary.png]]<br />
Choose the Gmail API and enable it.<br />
[[File:GoogleGmailApis.png|none|thumb|600x600px|/GoogleGmailApis.png|/GoogleGmailApis.png]]<br />
Credentials need to be created.<br />
[[File:GoogleGmailApiAdded.png|none|thumb|600x600px|/GoogleGmailApiAdded.png|/GoogleGmailApiAdded.png]]<br />
Invoke the help me choose wizard.<br />
[[File:GoogleCreateCredentialsHelpMeChoose.png|none|thumb|600x600px|/GoogleCreateCredentialsHelpMeChoose.png|/GoogleCreateCredentialsHelpMeChoose.png]]<br />
User data access is needed.<br />
[[File:GoogleCredentialsUserData.png|none|thumb|600x600px|/GoogleCredentialsUserData.png|/GoogleCredentialsUserData.png]]<br />
Configure the consent screen of the interactive authorization.<br />
[[File:GoogleOAuthConsentScreen.png|none|thumb|600x600px|/GoogleOAuthConsentScreen.png|/GoogleOAuthConsentScreen.png]]<br />
Specify the permissions that need to be authorized by the user.<br />
[[File:GoogleOAuthScopes.png|none|thumb|600x600px|/GoogleOAuthScopes.png|/GoogleOAuthScopes.png]]<br />
Its mail.google.com in general.<br />
[[File:GoogleScopeMailGoogleCom.png|none|thumb|600x600px|/GoogleScopeMailGoogleCom.png|/GoogleScopeMailGoogleCom.png]]<br />
And its to send email on the users behalf.<br />
[[File:GoogleScopeAuthGmailSend.png|none|thumb|600x600px|/GoogleScopeAuthGmailSend.png|/GoogleScopeAuthGmailSend.png]]<br />
These are the scopes needed.<br />
[[File:GoogleScopes.png|none|thumb|600x600px|/GoogleScopes.png|/GoogleScopes.png]]<br />
Ask client credentials for Web type application.<br />
[[File:GoogleOAuthClientID.png|none|thumb|600x600px|/GoogleOAuthClientID.png|/GoogleOAuthClientID.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:GoogleRedirectURIs.png|none|thumb|600x600px|/GoogleRedirectURIs.png|/GoogleRedirectURIs.png]]<br />
Download the credentials. This json file contains all information for OAuth2 configuration.<br />
[[File:GoogleClientCredentialsDownload.png|none|thumb|600x600px|/GoogleClientCredentialsDownload.png|/GoogleClientCredentialsDownload.png]]<br />
Customize the OAuth consent screen<br />
[[File:GoogleOAuthConsentScreenSettings.png|none|thumb|600x600px|/GoogleOAuthConsentScreenSettings.png|/GoogleOAuthConsentScreenSettings.png]]<br />
Start the customization wizard.<br />
[[File:GoogleConsentScreenWizard.png|none|thumb|600x600px|/GoogleConsentScreenWizard.png|/GoogleConsentScreenWizard.png]]<br />
Choose which users may authorize.<br />
[[File:GoogleAudienceExternal.png|none|thumb|600x600px|/GoogleAudienceExternal.png|/GoogleAudienceExternal.png]]<br />
Google workspace users may choose internal audience. Users not in Google workspace proceed with external.<br />
[[File:GoogleContactInformation.png|none|thumb|600x600px|/GoogleContactInformation.png|/GoogleContactInformation.png]]<br />
Add a test user.<br />
[[File:GoogleTestUserAdded.png|none|thumb|600x600px|/GoogleTestUserAdded.png|/GoogleTestUserAdded.png]]<br />
The OAuth2 parameters can be filled in with the information from the json file downloaded above.<br />
[[File:OAuth2InteractiveGmail.png|none|thumb|600x600px|/OAuth2InteractiveGmail.png|/OAuth2InteractiveGmail.png]]<br />
<br />
== Generic ==<br />
<br />
For other e-mail providers the client secret post OAuth2 flow may be configured in a generic way. Details need to be supplied by the e-mail provider.<br />
[[File:OAuth2ClientSecretPost.png|none|thumb|600x600px|/OAuth2ClientSecretPost.png|/OAuth2ClientSecretPost.png]]<br />
The private key jwt OAuth2 flow can be configured generically as well.<br />
[[File:OAuth2PrivateKeyJWT.png|none|thumb|600x600px|/OAuth2PrivateKeyJWT.png]]</div>Tmohttps://wiki.innovaphone.com/index.php?title=Howto16r1:Configure_OAuth2_E-Mail&diff=78151Howto16r1:Configure OAuth2 E-Mail2025-10-03T08:16:26Z<p>Tmo: </p>
<hr />
<div>{{FIXME|reason=This product is in the beta phase and is not yet finished}}<br />
<br />
innovaphone PBX and apps can be configured to send E-Mails for various subjects and purposes. Major E-Mail providers intent to discontinue the username/password authentication schemes in favour of OAuth2. PBX and Apps version 16r1 does support OAuth2 authentication for SMTP. Here is a step by step guide how to set up OAuth2 support in Microsoft 365 through the Azure Portal and how to set it up on a Google Gmail account in the Google Cloud Console.<br />
<br />
== Microsoft 365 ==<br />
Log in to Microsoft Azure Portal (<nowiki>https://portal.azure.com</nowiki>) and go to Microsoft Entra ID.<br />
[[File:AzureMicrosoftEntraID.png|none|thumb|600x600px|/AzureMicrosoftEntraID.png|/AzureMicrosoftEntraID.png]]<br />
Add a new app registration to create client credentials.<br />
[[File:AzureAddAppRegistration.png|none|thumb|600x600px|/AzureAddAppRegistration.png|/AzureAddAppRegistration.png]]<br />
Register the application and maybe already fill in the redirect URI for Web based application type to path OAUTH2-CLIENT/auth.htm at the PBX.<br />
[[File:AzureRegisterAnApplication.png|none|thumb|600x600px|/AzureRegisterAnApplication.png|/AzureRegisterAnApplication.png]]<br />
App registration is complete. Client ID and tenant needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureApp.png|none|thumb|600x600px|/AzureApp.png|/AzureApp.png]]<br />
Create a client secret.<br />
[[File:AzureAddClientSecret.png|none|thumb|600x600px|/AzureAddClientSecret.png|/AzureAddClientSecret.png]]<br />
Copy the client secret. It also needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureCopyClientSecret.png|none|thumb|600x600px|/AzureCopyClientSecret.png|/AzureCopyClientSecret.png]]<br />
Add permissions located in APIs my organization uses.<br />
[[File:AzureAddApiPermissionMyOrganization.png|none|thumb|600x600px|/AzureAddApiPermissionMyOrganization.png|/AzureAddApiPermissionMyOrganization.png]]<br />
More precisely located in Office 365 Exchange Online.<br />
[[File:AzureAddApiPermissionExchange.png|none|thumb|600x600px|/AzureAddApiPermissionExchange.png|/AzureAddApiPermissionExchange.png]]<br />
And there in the application permissions.<br />
[[File:AzureAddApiExchangeApplication.png|none|thumb|600x600px|/AzureAddApiExchangeApplication.png|/AzureAddApiExchangeApplication.png]]<br />
Namely SMTP Mail.Send.<br />
[[File:AzureAddApiSendMailAsUser.png|none|thumb|600x600px|/AzureAddApiSendMailAsUser.png|/AzureAddApiSendMailAsUser.png]]<br />
Grant admin permission for Mail.Send.<br />
[[File:AzureGrantApiPermissions.png|none|thumb|600x600px|/AzureGrantApiPermissions.png|/AzureGrantApiPermissions.png]]<br />
API permissions are now granted.<br />
[[File:AzureApiPermissionsGranted.png|none|thumb|600x600px|/AzureApiPermissionsGranted.png|/AzureApiPermissionsGranted.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:AzureRedirectUris.png|none|thumb|600x600px|/AzureRedirectUris.png|/AzureRedirectUris.png]]<br />
Allow public client flows of OAuth2. Resource Owner Password Credentials Flow has the advantage that it doesn't need interactive authorization.<br />
[[File:AzureAllowPublicClientFlows.png|none|thumb|600x600px|/AzureAllowPublicClientFlows.png|/AzureAllowPublicClientFlows.png]]<br />
Log in to the Microsoft 365 admin center (https://admin.cloud.microsoft).<br />
[[File:MS365AdminCenter.png|none|thumb|600x600px|/MS365AdminCenter.png|/MS365AdminCenter.png]]<br />
Make sure that Microsoft 365 licenses are assigned to your user.<br />
[[File:MS365UserLicenses.png|none|thumb|600x600px|/MS365UserLicenses.png|/MS365UserLicenses.png]]<br />
Set your user active.<br />
[[File:MS365ActiveUsers.png|none|thumb|600x600px|/MS365ActiveUsers.png|/MS365ActiveUsers.png]]<br />
Locate the Mail tab of your user.<br />
[[File:MS365UserEMail.png|none|thumb|600x600px|/MS365UserEMail.png|/MS365UserEMail.png]]<br />
Allow authenticated SMTP.<br />
[[File:MS365AuthenticatedSMTP.png|none|thumb|600x600px|/MS365AuthenticatedSMTP.png|/MS365AuthenticatedSMTP.png]]<br />
Login to the Exchange admin center (<nowiki>https://admin.exchange.microsoft.com</nowiki>).<br />
[[File:ExchangeAdminCenter.png|none|thumb|600x600px|/ExchangeAdminCenter.png|/ExchangeAdminCenter.png]]<br />
Remove deactivation of the SMTP AUTH protocol.<br />
[[File:ExchangeRemoveDeavtivatedOAuth2.png|none|thumb|600x600px|/ExchangeRemoveDeavtivatedOAuth2.png|/ExchangeRemoveDeavtivatedOAuth2.png]]<br />
With this Microsoft setup the OAuth2 configuration for the resource owner password credentials flow can be filled in as follows. <br />
[[File:OAuth2ResourceOwnerPasswordCredentials.png|none|thumb|600x600px|/OAuth2ResourceOwnerPasswordCredentials.png|/OAuth2ResourceOwnerPasswordCredentials.png]]<br />
For interactive authorization this is the OAuth2 configuration. Authorize e-mail access one time and send a test mail to verify everything went well.<br />
[[File:OAuth2InteractiveAuthorization.png|none|thumb|600x600px|/OAuth2InteractiveAuthorization.png|/OAuth2InteractiveAuthorization.png]]<br />
<br />
== Gmail ==<br />
Login to the Google Cloud Console (https://console.cloud.google.com), select a project, New project.<br />
[[File:GoogleSelectProject.png|none|thumb|600x600px|/GoogleSelectProject.png|/GoogleSelectProject.png]]<br />
Create the project.<br />
[[File:GoogleCreateProject.png|none|thumb|600x600px|/GoogleCreateProject.png|/GoogleCreateProject.png]]<br />
Client credentials will be created in this project.<br />
[[File:GoogleProjectCreated.png|none|thumb|600x600px|/GoogleProjectCreated.png|/GoogleProjectCreated.png]]<br />
From the library specify the APIs needed to access.<br />
[[File:GoogleApisServicesFromLibrary.png|none|thumb|600x600px|/GoogleApisServicesFromLibrary.png|/GoogleApisServicesFromLibrary.png]]<br />
These are in the Gmail API.<br />
[[File:GoogleApisServicesApiLibrary.png|none|thumb|600x600px|/GoogleApisServicesApiLibrary.png|/GoogleApisServicesApiLibrary.png]]<br />
Choose the Gmail API and enable it.<br />
[[File:GoogleGmailApis.png|none|thumb|600x600px|/GoogleGmailApis.png|/GoogleGmailApis.png]]<br />
Credentials need to be created.<br />
[[File:GoogleGmailApiAdded.png|none|thumb|600x600px|/GoogleGmailApiAdded.png|/GoogleGmailApiAdded.png]]<br />
Invoke the help me choose wizard.<br />
[[File:GoogleCreateCredentialsHelpMeChoose.png|none|thumb|600x600px|/GoogleCreateCredentialsHelpMeChoose.png|/GoogleCreateCredentialsHelpMeChoose.png]]<br />
User data access is needed.<br />
[[File:GoogleCredentialsUserData.png|none|thumb|600x600px|/GoogleCredentialsUserData.png|/GoogleCredentialsUserData.png]]<br />
Configure the consent screen of the interactive authorization.<br />
[[File:GoogleOAuthConsentScreen.png|none|thumb|600x600px|/GoogleOAuthConsentScreen.png|/GoogleOAuthConsentScreen.png]]<br />
Specify the permissions that need to be authorized by the user.<br />
[[File:GoogleOAuthScopes.png|none|thumb|600x600px|/GoogleOAuthScopes.png|/GoogleOAuthScopes.png]]<br />
Its mail.google.com in general.<br />
[[File:GoogleScopeMailGoogleCom.png|none|thumb|600x600px|/GoogleScopeMailGoogleCom.png|/GoogleScopeMailGoogleCom.png]]<br />
And its to send email on the users behalf.<br />
[[File:GoogleScopeAuthGmailSend.png|none|thumb|600x600px|/GoogleScopeAuthGmailSend.png|/GoogleScopeAuthGmailSend.png]]<br />
These are the scopes needed.<br />
[[File:GoogleScopes.png|none|thumb|600x600px|/GoogleScopes.png|/GoogleScopes.png]]<br />
Ask client credentials for Web type application.<br />
[[File:GoogleOAuthClientID.png|none|thumb|600x600px|/GoogleOAuthClientID.png|/GoogleOAuthClientID.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:GoogleRedirectURIs.png|none|thumb|600x600px|/GoogleRedirectURIs.png|/GoogleRedirectURIs.png]]<br />
Download the credentials. This json file contains all information for OAuth2 configuration.<br />
[[File:GoogleClientCredentialsDownload.png|none|thumb|600x600px|/GoogleClientCredentialsDownload.png|/GoogleClientCredentialsDownload.png]]<br />
Customize the OAuth consent screen<br />
[[File:GoogleOAuthConsentScreenSettings.png|none|thumb|600x600px|/GoogleOAuthConsentScreenSettings.png|/GoogleOAuthConsentScreenSettings.png]]<br />
Start the customization wizard.<br />
[[File:GoogleConsentScreenWizard.png|none|thumb|600x600px|/GoogleConsentScreenWizard.png|/GoogleConsentScreenWizard.png]]<br />
Choose which users may authorize.<br />
[[File:GoogleAudienceExternal.png|none|thumb|600x600px|/GoogleAudienceExternal.png|/GoogleAudienceExternal.png]]<br />
Google workspace users may choose internal audience. Users not in Google workspace proceed with external.<br />
[[File:GoogleContactInformation.png|none|thumb|600x600px|/GoogleContactInformation.png|/GoogleContactInformation.png]]<br />
Add a test user.<br />
[[File:GoogleTestUserAdded.png|none|thumb|600x600px|/GoogleTestUserAdded.png|/GoogleTestUserAdded.png]]<br />
The OAuth2 parameters can be filled in with the information from the json file downloaded above.<br />
[[File:OAuth2InteractiveGmail.png|none|thumb|600x600px|/OAuth2InteractiveGmail.png|/OAuth2InteractiveGmail.png]]<br />
<br />
== Generic ==<br />
<br />
For other e-mail providers the client secret post OAuth2 flow may be configured in a generic way. Details need to be supplied by the e-mail provider.<br />
[[File:OAuth2ClientSecretPost.png|none|thumb|600x600px|/OAuth2ClientSecretPost.png|/OAuth2ClientSecretPost.png]]<br />
The private key jwt OAuth2 flow can be configured generically as well.<br />
[[File:OAuth2PrivateKeyJWT.png|none|thumb|600x600px]]</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:OAuth2PrivateKeyJWT.png&diff=78150File:OAuth2PrivateKeyJWT.png2025-10-03T08:15:18Z<p>Tmo: Tmo uploaded a new version of File:OAuth2PrivateKeyJWT.png</p>
<hr />
<div>OAuth2 Private Key JWT</div>Tmohttps://wiki.innovaphone.com/index.php?title=Howto16r1:Configure_OAuth2_E-Mail&diff=78149Howto16r1:Configure OAuth2 E-Mail2025-10-03T08:14:05Z<p>Tmo: </p>
<hr />
<div>{{FIXME|reason=This product is in the beta phase and is not yet finished}}<br />
<br />
innovaphone PBX and apps can be configured to send E-Mails for various subjects and purposes. Major E-Mail providers intent to discontinue the username/password authentication schemes in favour of OAuth2. PBX and Apps version 16r1 does support OAuth2 authentication for SMTP. Here is a step by step guide how to set up OAuth2 support in Microsoft 365 through the Azure Portal and how to set it up on a Google Gmail account in the Google Cloud Console.<br />
<br />
== Microsoft 365 ==<br />
Log in to Microsoft Azure Portal (<nowiki>https://portal.azure.com</nowiki>) and go to Microsoft Entra ID.<br />
[[File:AzureMicrosoftEntraID.png|none|thumb|600x600px|/AzureMicrosoftEntraID.png|/AzureMicrosoftEntraID.png]]<br />
Add a new app registration to create client credentials.<br />
[[File:AzureAddAppRegistration.png|none|thumb|600x600px|/AzureAddAppRegistration.png|/AzureAddAppRegistration.png]]<br />
Register the application and maybe already fill in the redirect URI for Web based application type to path OAUTH2-CLIENT/auth.htm at the PBX.<br />
[[File:AzureRegisterAnApplication.png|none|thumb|600x600px|/AzureRegisterAnApplication.png|/AzureRegisterAnApplication.png]]<br />
App registration is complete. Client ID and tenant needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureApp.png|none|thumb|600x600px|/AzureApp.png|/AzureApp.png]]<br />
Create a client secret.<br />
[[File:AzureAddClientSecret.png|none|thumb|600x600px|/AzureAddClientSecret.png|/AzureAddClientSecret.png]]<br />
Copy the client secret. It also needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureCopyClientSecret.png|none|thumb|600x600px|/AzureCopyClientSecret.png|/AzureCopyClientSecret.png]]<br />
Add permissions located in APIs my organization uses.<br />
[[File:AzureAddApiPermissionMyOrganization.png|none|thumb|600x600px|/AzureAddApiPermissionMyOrganization.png|/AzureAddApiPermissionMyOrganization.png]]<br />
More precisely located in Office 365 Exchange Online.<br />
[[File:AzureAddApiPermissionExchange.png|none|thumb|600x600px|/AzureAddApiPermissionExchange.png|/AzureAddApiPermissionExchange.png]]<br />
And there in the application permissions.<br />
[[File:AzureAddApiExchangeApplication.png|none|thumb|600x600px|/AzureAddApiExchangeApplication.png|/AzureAddApiExchangeApplication.png]]<br />
Namely SMTP Mail.Send.<br />
[[File:AzureAddApiSendMailAsUser.png|none|thumb|600x600px|/AzureAddApiSendMailAsUser.png|/AzureAddApiSendMailAsUser.png]]<br />
Grant admin permission for Mail.Send.<br />
[[File:AzureGrantApiPermissions.png|none|thumb|600x600px|/AzureGrantApiPermissions.png|/AzureGrantApiPermissions.png]]<br />
API permissions are now granted.<br />
[[File:AzureApiPermissionsGranted.png|none|thumb|600x600px|/AzureApiPermissionsGranted.png|/AzureApiPermissionsGranted.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:AzureRedirectUris.png|none|thumb|600x600px|/AzureRedirectUris.png|/AzureRedirectUris.png]]<br />
Allow public client flows of OAuth2. Resource Owner Password Credentials Flow has the advantage that it doesn't need interactive authorization.<br />
[[File:AzureAllowPublicClientFlows.png|none|thumb|600x600px|/AzureAllowPublicClientFlows.png|/AzureAllowPublicClientFlows.png]]<br />
Log in to the Microsoft 365 admin center (https://admin.cloud.microsoft).<br />
[[File:MS365AdminCenter.png|none|thumb|600x600px|/MS365AdminCenter.png|/MS365AdminCenter.png]]<br />
Make sure that Microsoft 365 licenses are assigned to your user.<br />
[[File:MS365UserLicenses.png|none|thumb|600x600px|/MS365UserLicenses.png|/MS365UserLicenses.png]]<br />
Set your user active.<br />
[[File:MS365ActiveUsers.png|none|thumb|600x600px|/MS365ActiveUsers.png|/MS365ActiveUsers.png]]<br />
Locate the Mail tab of your user.<br />
[[File:MS365UserEMail.png|none|thumb|600x600px|/MS365UserEMail.png|/MS365UserEMail.png]]<br />
Allow authenticated SMTP.<br />
[[File:MS365AuthenticatedSMTP.png|none|thumb|600x600px|/MS365AuthenticatedSMTP.png|/MS365AuthenticatedSMTP.png]]<br />
Login to the Exchange admin center (<nowiki>https://admin.exchange.microsoft.com</nowiki>).<br />
[[File:ExchangeAdminCenter.png|none|thumb|600x600px|/ExchangeAdminCenter.png|/ExchangeAdminCenter.png]]<br />
Remove deactivation of the SMTP AUTH protocol.<br />
[[File:ExchangeRemoveDeavtivatedOAuth2.png|none|thumb|600x600px|/ExchangeRemoveDeavtivatedOAuth2.png|/ExchangeRemoveDeavtivatedOAuth2.png]]<br />
With this Microsoft setup the OAuth2 configuration for the resource owner password credentials flow can be filled in as follows. <br />
[[File:OAuth2ResourceOwnerPasswordCredentials.png|none|thumb|600x600px|/OAuth2ResourceOwnerPasswordCredentials.png|/OAuth2ResourceOwnerPasswordCredentials.png]]<br />
For interactive authorization this is the OAuth2 configuration. Authorize e-mail access one time and send a test mail to verify everything went well.<br />
[[File:OAuth2InteractiveAuthorization.png|none|thumb|600x600px|/OAuth2InteractiveAuthorization.png|/OAuth2InteractiveAuthorization.png]]<br />
<br />
== Gmail ==<br />
Login to the Google Cloud Console (https://console.cloud.google.com), select a project, New project.<br />
[[File:GoogleSelectProject.png|none|thumb|600x600px|/GoogleSelectProject.png|/GoogleSelectProject.png]]<br />
Create the project.<br />
[[File:GoogleCreateProject.png|none|thumb|600x600px|/GoogleCreateProject.png|/GoogleCreateProject.png]]<br />
Client credentials will be created in this project.<br />
[[File:GoogleProjectCreated.png|none|thumb|600x600px|/GoogleProjectCreated.png|/GoogleProjectCreated.png]]<br />
From the library specify the APIs needed to access.<br />
[[File:GoogleApisServicesFromLibrary.png|none|thumb|600x600px|/GoogleApisServicesFromLibrary.png|/GoogleApisServicesFromLibrary.png]]<br />
These are in the Gmail API.<br />
[[File:GoogleApisServicesApiLibrary.png|none|thumb|600x600px|/GoogleApisServicesApiLibrary.png|/GoogleApisServicesApiLibrary.png]]<br />
Choose the Gmail API and enable it.<br />
[[File:GoogleGmailApis.png|none|thumb|600x600px|/GoogleGmailApis.png|/GoogleGmailApis.png]]<br />
Credentials need to be created.<br />
[[File:GoogleGmailApiAdded.png|none|thumb|600x600px|/GoogleGmailApiAdded.png|/GoogleGmailApiAdded.png]]<br />
Invoke the help me choose wizard.<br />
[[File:GoogleCreateCredentialsHelpMeChoose.png|none|thumb|600x600px|/GoogleCreateCredentialsHelpMeChoose.png|/GoogleCreateCredentialsHelpMeChoose.png]]<br />
User data access is needed.<br />
[[File:GoogleCredentialsUserData.png|none|thumb|600x600px|/GoogleCredentialsUserData.png|/GoogleCredentialsUserData.png]]<br />
Configure the consent screen of the interactive authorization.<br />
[[File:GoogleOAuthConsentScreen.png|none|thumb|600x600px|/GoogleOAuthConsentScreen.png|/GoogleOAuthConsentScreen.png]]<br />
Specify the permissions that need to be authorized by the user.<br />
[[File:GoogleOAuthScopes.png|none|thumb|600x600px|/GoogleOAuthScopes.png|/GoogleOAuthScopes.png]]<br />
Its mail.google.com in general.<br />
[[File:GoogleScopeMailGoogleCom.png|none|thumb|600x600px|/GoogleScopeMailGoogleCom.png|/GoogleScopeMailGoogleCom.png]]<br />
And its to send email on the users behalf.<br />
[[File:GoogleScopeAuthGmailSend.png|none|thumb|600x600px|/GoogleScopeAuthGmailSend.png|/GoogleScopeAuthGmailSend.png]]<br />
These are the scopes needed.<br />
[[File:GoogleScopes.png|none|thumb|600x600px|/GoogleScopes.png|/GoogleScopes.png]]<br />
Ask client credentials for Web type application.<br />
[[File:GoogleOAuthClientID.png|none|thumb|600x600px|/GoogleOAuthClientID.png|/GoogleOAuthClientID.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:GoogleRedirectURIs.png|none|thumb|600x600px|/GoogleRedirectURIs.png|/GoogleRedirectURIs.png]]<br />
Download the credentials. This json file contains all information for OAuth2 configuration.<br />
[[File:GoogleClientCredentialsDownload.png|none|thumb|600x600px|/GoogleClientCredentialsDownload.png|/GoogleClientCredentialsDownload.png]]<br />
Customize the OAuth consent screen<br />
[[File:GoogleOAuthConsentScreenSettings.png|none|thumb|600x600px|/GoogleOAuthConsentScreenSettings.png|/GoogleOAuthConsentScreenSettings.png]]<br />
Start the customization wizard.<br />
[[File:GoogleConsentScreenWizard.png|none|thumb|600x600px|/GoogleConsentScreenWizard.png|/GoogleConsentScreenWizard.png]]<br />
Choose which users may authorize.<br />
[[File:GoogleAudienceExternal.png|none|thumb|600x600px|/GoogleAudienceExternal.png|/GoogleAudienceExternal.png]]<br />
Google workspace users may choose internal audience. Users not in Google workspace proceed with external.<br />
[[File:GoogleContactInformation.png|none|thumb|600x600px|/GoogleContactInformation.png|/GoogleContactInformation.png]]<br />
Add a test user.<br />
[[File:GoogleTestUserAdded.png|none|thumb|600x600px|/GoogleTestUserAdded.png|/GoogleTestUserAdded.png]]<br />
The OAuth2 parameters can be filled in with the information from the json file downloaded above.<br />
[[File:OAuth2InteractiveGmail.png|none|thumb|600x600px|/OAuth2InteractiveGmail.png|/OAuth2InteractiveGmail.png]]<br />
<br />
== Generic ==<br />
<br />
For other e-mail providers the client secret post OAuth2 flow may be configured in a generic way. Details need to be supplied by the e-mail provider.<br />
[[File:OAuth2ClientSecretPost.png|none|thumb|600x600px|/OAuth2ClientSecretPost.png|/OAuth2ClientSecretPost.png]]<br />
The private key jwt OAuth2 flow can be configured generically as well.<br />
<br />
3</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:OAuth2PrivateKeyJWT.png&diff=78148File:OAuth2PrivateKeyJWT.png2025-10-03T08:11:27Z<p>Tmo: </p>
<hr />
<div>OAuth2 Private Key JWT</div>Tmohttps://wiki.innovaphone.com/index.php?title=Howto16r1:Configure_OAuth2_E-Mail&diff=78147Howto16r1:Configure OAuth2 E-Mail2025-10-03T07:58:49Z<p>Tmo: </p>
<hr />
<div>{{FIXME|reason=This product is in the beta phase and is not yet finished}}<br />
<br />
innovaphone PBX and apps can be configured to send E-Mails for various subjects and purposes. Major E-Mail providers intent to discontinue the username/password authentication schemes in favour of OAuth2. PBX and Apps version 16r1 does support OAuth2 authentication for SMTP. Here is a step by step guide how to set up OAuth2 support in Microsoft 365 through the Azure Portal and how to set it up on a Google Gmail account in the Google Cloud Console.<br />
<br />
== Microsoft 365 ==<br />
Log in to Microsoft Azure Portal (<nowiki>https://portal.azure.com</nowiki>) and go to Microsoft Entra ID.<br />
[[File:AzureMicrosoftEntraID.png|none|thumb|600x600px|/AzureMicrosoftEntraID.png|/AzureMicrosoftEntraID.png]]<br />
Add a new app registration to create client credentials.<br />
[[File:AzureAddAppRegistration.png|none|thumb|600x600px|/AzureAddAppRegistration.png|/AzureAddAppRegistration.png]]<br />
Register the application and maybe already fill in the redirect URI for Web based application type to path OAUTH2-CLIENT/auth.htm at the PBX.<br />
[[File:AzureRegisterAnApplication.png|none|thumb|600x600px|/AzureRegisterAnApplication.png|/AzureRegisterAnApplication.png]]<br />
App registration is complete. Client ID and tenant needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureApp.png|none|thumb|600x600px|/AzureApp.png|/AzureApp.png]]<br />
Create a client secret.<br />
[[File:AzureAddClientSecret.png|none|thumb|600x600px|/AzureAddClientSecret.png|/AzureAddClientSecret.png]]<br />
Copy the client secret. It also needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureCopyClientSecret.png|none|thumb|600x600px|/AzureCopyClientSecret.png|/AzureCopyClientSecret.png]]<br />
Add permissions located in APIs my organization uses.<br />
[[File:AzureAddApiPermissionMyOrganization.png|none|thumb|600x600px|/AzureAddApiPermissionMyOrganization.png|/AzureAddApiPermissionMyOrganization.png]]<br />
More precisely located in Office 365 Exchange Online.<br />
[[File:AzureAddApiPermissionExchange.png|none|thumb|600x600px|/AzureAddApiPermissionExchange.png|/AzureAddApiPermissionExchange.png]]<br />
And there in the application permissions.<br />
[[File:AzureAddApiExchangeApplication.png|none|thumb|600x600px|/AzureAddApiExchangeApplication.png|/AzureAddApiExchangeApplication.png]]<br />
Namely SMTP Mail.Send.<br />
[[File:AzureAddApiSendMailAsUser.png|none|thumb|600x600px|/AzureAddApiSendMailAsUser.png|/AzureAddApiSendMailAsUser.png]]<br />
Grant admin permission for Mail.Send.<br />
[[File:AzureGrantApiPermissions.png|none|thumb|600x600px|/AzureGrantApiPermissions.png|/AzureGrantApiPermissions.png]]<br />
API permissions are now granted.<br />
[[File:AzureApiPermissionsGranted.png|none|thumb|600x600px|/AzureApiPermissionsGranted.png|/AzureApiPermissionsGranted.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:AzureRedirectUris.png|none|thumb|600x600px|/AzureRedirectUris.png|/AzureRedirectUris.png]]<br />
Allow public client flows of OAuth2. Resource Owner Password Credentials Flow has the advantage that it doesn't need interactive authorization.<br />
[[File:AzureAllowPublicClientFlows.png|none|thumb|600x600px|/AzureAllowPublicClientFlows.png|/AzureAllowPublicClientFlows.png]]<br />
Log in to the Microsoft 365 admin center (https://admin.cloud.microsoft).<br />
[[File:MS365AdminCenter.png|none|thumb|600x600px|/MS365AdminCenter.png|/MS365AdminCenter.png]]<br />
Make sure that Microsoft 365 licenses are assigned to your user.<br />
[[File:MS365UserLicenses.png|none|thumb|600x600px|/MS365UserLicenses.png|/MS365UserLicenses.png]]<br />
Set your user active.<br />
[[File:MS365ActiveUsers.png|none|thumb|600x600px|/MS365ActiveUsers.png|/MS365ActiveUsers.png]]<br />
Locate the Mail tab of your user.<br />
[[File:MS365UserEMail.png|none|thumb|600x600px|/MS365UserEMail.png|/MS365UserEMail.png]]<br />
Allow authenticated SMTP.<br />
[[File:MS365AuthenticatedSMTP.png|none|thumb|600x600px|/MS365AuthenticatedSMTP.png|/MS365AuthenticatedSMTP.png]]<br />
Login to the Exchange admin center (<nowiki>https://admin.exchange.microsoft.com</nowiki>).<br />
[[File:ExchangeAdminCenter.png|none|thumb|600x600px|/ExchangeAdminCenter.png|/ExchangeAdminCenter.png]]<br />
Remove deactivation of the SMTP AUTH protocol.<br />
[[File:ExchangeRemoveDeavtivatedOAuth2.png|none|thumb|600x600px|/ExchangeRemoveDeavtivatedOAuth2.png|/ExchangeRemoveDeavtivatedOAuth2.png]]<br />
With this Microsoft setup the OAuth2 configuration for the resource owner password credentials flow can be filled in as follows. <br />
[[File:OAuth2ResourceOwnerPasswordCredentials.png|none|thumb|600x600px|/OAuth2ResourceOwnerPasswordCredentials.png|/OAuth2ResourceOwnerPasswordCredentials.png]]<br />
For interactive authorization this is the OAuth2 configuration. Authorize e-mail access one time and send a test mail to verify everything went well.<br />
[[File:OAuth2InteractiveAuthorization.png|none|thumb|600x600px|/OAuth2InteractiveAuthorization.png|/OAuth2InteractiveAuthorization.png]]<br />
<br />
== Gmail ==<br />
Login to the Google Cloud Console (https://console.cloud.google.com), select a project, New project.<br />
[[File:GoogleSelectProject.png|none|thumb|600x600px|/GoogleSelectProject.png|/GoogleSelectProject.png]]<br />
Create the project.<br />
[[File:GoogleCreateProject.png|none|thumb|600x600px|/GoogleCreateProject.png|/GoogleCreateProject.png]]<br />
Client credentials will be created in this project.<br />
[[File:GoogleProjectCreated.png|none|thumb|600x600px|/GoogleProjectCreated.png|/GoogleProjectCreated.png]]<br />
From the library specify the APIs needed to access.<br />
[[File:GoogleApisServicesFromLibrary.png|none|thumb|600x600px|/GoogleApisServicesFromLibrary.png|/GoogleApisServicesFromLibrary.png]]<br />
These are in the Gmail API.<br />
[[File:GoogleApisServicesApiLibrary.png|none|thumb|600x600px|/GoogleApisServicesApiLibrary.png|/GoogleApisServicesApiLibrary.png]]<br />
Choose the Gmail API and enable it.<br />
[[File:GoogleGmailApis.png|none|thumb|600x600px|/GoogleGmailApis.png|/GoogleGmailApis.png]]<br />
Credentials need to be created.<br />
[[File:GoogleGmailApiAdded.png|none|thumb|600x600px|/GoogleGmailApiAdded.png|/GoogleGmailApiAdded.png]]<br />
Invoke the help me choose wizard.<br />
[[File:GoogleCreateCredentialsHelpMeChoose.png|none|thumb|600x600px|/GoogleCreateCredentialsHelpMeChoose.png|/GoogleCreateCredentialsHelpMeChoose.png]]<br />
User data access is needed.<br />
[[File:GoogleCredentialsUserData.png|none|thumb|600x600px|/GoogleCredentialsUserData.png|/GoogleCredentialsUserData.png]]<br />
Configure the consent screen of the interactive authorization.<br />
[[File:GoogleOAuthConsentScreen.png|none|thumb|600x600px|/GoogleOAuthConsentScreen.png|/GoogleOAuthConsentScreen.png]]<br />
Specify the permissions that need to be authorized by the user.<br />
[[File:GoogleOAuthScopes.png|none|thumb|600x600px|/GoogleOAuthScopes.png|/GoogleOAuthScopes.png]]<br />
Its mail.google.com in general.<br />
[[File:GoogleScopeMailGoogleCom.png|none|thumb|600x600px|/GoogleScopeMailGoogleCom.png|/GoogleScopeMailGoogleCom.png]]<br />
And its to send email on the users behalf.<br />
[[File:GoogleScopeAuthGmailSend.png|none|thumb|600x600px|/GoogleScopeAuthGmailSend.png|/GoogleScopeAuthGmailSend.png]]<br />
These are the scopes needed.<br />
[[File:GoogleScopes.png|none|thumb|600x600px|/GoogleScopes.png|/GoogleScopes.png]]<br />
Ask client credentials for Web type application.<br />
[[File:GoogleOAuthClientID.png|none|thumb|600x600px|/GoogleOAuthClientID.png|/GoogleOAuthClientID.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:GoogleRedirectURIs.png|none|thumb|600x600px|/GoogleRedirectURIs.png|/GoogleRedirectURIs.png]]<br />
Download the credentials. This json file contains all information for OAuth2 configuration.<br />
[[File:GoogleClientCredentialsDownload.png|none|thumb|600x600px|/GoogleClientCredentialsDownload.png|/GoogleClientCredentialsDownload.png]]<br />
Customize the OAuth consent screen<br />
[[File:GoogleOAuthConsentScreenSettings.png|none|thumb|600x600px|/GoogleOAuthConsentScreenSettings.png|/GoogleOAuthConsentScreenSettings.png]]<br />
Start the customization wizard.<br />
[[File:GoogleConsentScreenWizard.png|none|thumb|600x600px|/GoogleConsentScreenWizard.png|/GoogleConsentScreenWizard.png]]<br />
Choose which users may authorize.<br />
[[File:GoogleAudienceExternal.png|none|thumb|600x600px|/GoogleAudienceExternal.png|/GoogleAudienceExternal.png]]<br />
Google workspace users may choose internal audience. Users not in Google workspace proceed with external.<br />
[[File:GoogleContactInformation.png|none|thumb|600x600px|/GoogleContactInformation.png|/GoogleContactInformation.png]]<br />
Add a test user.<br />
[[File:GoogleTestUserAdded.png|none|thumb|600x600px|/GoogleTestUserAdded.png|/GoogleTestUserAdded.png]]<br />
The OAuth2 parameters can be filled in with the information from the json file downloaded above.<br />
[[File:OAuth2InteractiveGmail.png|none|thumb|600x600px|/OAuth2InteractiveGmail.png|/OAuth2InteractiveGmail.png]]<br />
<br />
== Generic ==<br />
<br />
1<br />
[[File:OAuth2ClientSecretPost.png|none|thumb|600x600px|/OAuth2ClientSecretPost.png]]<br />
2<br />
<br />
3</div>Tmohttps://wiki.innovaphone.com/index.php?title=Howto16r1:Configure_OAuth2_E-Mail&diff=78146Howto16r1:Configure OAuth2 E-Mail2025-10-03T07:58:10Z<p>Tmo: </p>
<hr />
<div>{{FIXME|reason=This product is in the beta phase and is not yet finished}}<br />
[[File:OAuth2ClientSecretPost.png|none|thumb|600x600px]]<br />
innovaphone PBX and apps can be configured to send E-Mails for various subjects and purposes. Major E-Mail providers intent to discontinue the username/password authentication schemes in favour of OAuth2. PBX and Apps version 16r1 does support OAuth2 authentication for SMTP. Here is a step by step guide how to set up OAuth2 support in Microsoft 365 through the Azure Portal and how to set it up on a Google Gmail account in the Google Cloud Console.<br />
<br />
== Microsoft 365 ==<br />
Log in to Microsoft Azure Portal (<nowiki>https://portal.azure.com</nowiki>) and go to Microsoft Entra ID.<br />
[[File:AzureMicrosoftEntraID.png|none|thumb|600x600px|/AzureMicrosoftEntraID.png|/AzureMicrosoftEntraID.png]]<br />
Add a new app registration to create client credentials.<br />
[[File:AzureAddAppRegistration.png|none|thumb|600x600px|/AzureAddAppRegistration.png|/AzureAddAppRegistration.png]]<br />
Register the application and maybe already fill in the redirect URI for Web based application type to path OAUTH2-CLIENT/auth.htm at the PBX.<br />
[[File:AzureRegisterAnApplication.png|none|thumb|600x600px|/AzureRegisterAnApplication.png|/AzureRegisterAnApplication.png]]<br />
App registration is complete. Client ID and tenant needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureApp.png|none|thumb|600x600px|/AzureApp.png|/AzureApp.png]]<br />
Create a client secret.<br />
[[File:AzureAddClientSecret.png|none|thumb|600x600px|/AzureAddClientSecret.png|/AzureAddClientSecret.png]]<br />
Copy the client secret. It also needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureCopyClientSecret.png|none|thumb|600x600px|/AzureCopyClientSecret.png|/AzureCopyClientSecret.png]]<br />
Add permissions located in APIs my organization uses.<br />
[[File:AzureAddApiPermissionMyOrganization.png|none|thumb|600x600px|/AzureAddApiPermissionMyOrganization.png|/AzureAddApiPermissionMyOrganization.png]]<br />
More precisely located in Office 365 Exchange Online.<br />
[[File:AzureAddApiPermissionExchange.png|none|thumb|600x600px|/AzureAddApiPermissionExchange.png|/AzureAddApiPermissionExchange.png]]<br />
And there in the application permissions.<br />
[[File:AzureAddApiExchangeApplication.png|none|thumb|600x600px|/AzureAddApiExchangeApplication.png|/AzureAddApiExchangeApplication.png]]<br />
Namely SMTP Mail.Send.<br />
[[File:AzureAddApiSendMailAsUser.png|none|thumb|600x600px|/AzureAddApiSendMailAsUser.png|/AzureAddApiSendMailAsUser.png]]<br />
Grant admin permission for Mail.Send.<br />
[[File:AzureGrantApiPermissions.png|none|thumb|600x600px|/AzureGrantApiPermissions.png|/AzureGrantApiPermissions.png]]<br />
API permissions are now granted.<br />
[[File:AzureApiPermissionsGranted.png|none|thumb|600x600px|/AzureApiPermissionsGranted.png|/AzureApiPermissionsGranted.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:AzureRedirectUris.png|none|thumb|600x600px|/AzureRedirectUris.png|/AzureRedirectUris.png]]<br />
Allow public client flows of OAuth2. Resource Owner Password Credentials Flow has the advantage that it doesn't need interactive authorization.<br />
[[File:AzureAllowPublicClientFlows.png|none|thumb|600x600px|/AzureAllowPublicClientFlows.png|/AzureAllowPublicClientFlows.png]]<br />
Log in to the Microsoft 365 admin center (https://admin.cloud.microsoft).<br />
[[File:MS365AdminCenter.png|none|thumb|600x600px|/MS365AdminCenter.png|/MS365AdminCenter.png]]<br />
Make sure that Microsoft 365 licenses are assigned to your user.<br />
[[File:MS365UserLicenses.png|none|thumb|600x600px|/MS365UserLicenses.png|/MS365UserLicenses.png]]<br />
Set your user active.<br />
[[File:MS365ActiveUsers.png|none|thumb|600x600px|/MS365ActiveUsers.png|/MS365ActiveUsers.png]]<br />
Locate the Mail tab of your user.<br />
[[File:MS365UserEMail.png|none|thumb|600x600px|/MS365UserEMail.png|/MS365UserEMail.png]]<br />
Allow authenticated SMTP.<br />
[[File:MS365AuthenticatedSMTP.png|none|thumb|600x600px|/MS365AuthenticatedSMTP.png|/MS365AuthenticatedSMTP.png]]<br />
Login to the Exchange admin center (<nowiki>https://admin.exchange.microsoft.com</nowiki>).<br />
[[File:ExchangeAdminCenter.png|none|thumb|600x600px|/ExchangeAdminCenter.png|/ExchangeAdminCenter.png]]<br />
Remove deactivation of the SMTP AUTH protocol.<br />
[[File:ExchangeRemoveDeavtivatedOAuth2.png|none|thumb|600x600px|/ExchangeRemoveDeavtivatedOAuth2.png|/ExchangeRemoveDeavtivatedOAuth2.png]]<br />
With this Microsoft setup the OAuth2 configuration for the resource owner password credentials flow can be filled in as follows. <br />
[[File:OAuth2ResourceOwnerPasswordCredentials.png|none|thumb|600x600px|/OAuth2ResourceOwnerPasswordCredentials.png|/OAuth2ResourceOwnerPasswordCredentials.png]]<br />
For interactive authorization this is the OAuth2 configuration. Authorize e-mail access one time and send a test mail to verify everything went well.<br />
[[File:OAuth2InteractiveAuthorization.png|none|thumb|600x600px|/OAuth2InteractiveAuthorization.png|/OAuth2InteractiveAuthorization.png]]<br />
<br />
== Gmail ==<br />
Login to the Google Cloud Console (https://console.cloud.google.com), select a project, New project.<br />
[[File:GoogleSelectProject.png|none|thumb|600x600px|/GoogleSelectProject.png|/GoogleSelectProject.png]]<br />
Create the project.<br />
[[File:GoogleCreateProject.png|none|thumb|600x600px|/GoogleCreateProject.png|/GoogleCreateProject.png]]<br />
Client credentials will be created in this project.<br />
[[File:GoogleProjectCreated.png|none|thumb|600x600px|/GoogleProjectCreated.png|/GoogleProjectCreated.png]]<br />
From the library specify the APIs needed to access.<br />
[[File:GoogleApisServicesFromLibrary.png|none|thumb|600x600px|/GoogleApisServicesFromLibrary.png|/GoogleApisServicesFromLibrary.png]]<br />
These are in the Gmail API.<br />
[[File:GoogleApisServicesApiLibrary.png|none|thumb|600x600px|/GoogleApisServicesApiLibrary.png|/GoogleApisServicesApiLibrary.png]]<br />
Choose the Gmail API and enable it.<br />
[[File:GoogleGmailApis.png|none|thumb|600x600px|/GoogleGmailApis.png|/GoogleGmailApis.png]]<br />
Credentials need to be created.<br />
[[File:GoogleGmailApiAdded.png|none|thumb|600x600px|/GoogleGmailApiAdded.png|/GoogleGmailApiAdded.png]]<br />
Invoke the help me choose wizard.<br />
[[File:GoogleCreateCredentialsHelpMeChoose.png|none|thumb|600x600px|/GoogleCreateCredentialsHelpMeChoose.png|/GoogleCreateCredentialsHelpMeChoose.png]]<br />
User data access is needed.<br />
[[File:GoogleCredentialsUserData.png|none|thumb|600x600px|/GoogleCredentialsUserData.png|/GoogleCredentialsUserData.png]]<br />
Configure the consent screen of the interactive authorization.<br />
[[File:GoogleOAuthConsentScreen.png|none|thumb|600x600px|/GoogleOAuthConsentScreen.png|/GoogleOAuthConsentScreen.png]]<br />
Specify the permissions that need to be authorized by the user.<br />
[[File:GoogleOAuthScopes.png|none|thumb|600x600px|/GoogleOAuthScopes.png|/GoogleOAuthScopes.png]]<br />
Its mail.google.com in general.<br />
[[File:GoogleScopeMailGoogleCom.png|none|thumb|600x600px|/GoogleScopeMailGoogleCom.png|/GoogleScopeMailGoogleCom.png]]<br />
And its to send email on the users behalf.<br />
[[File:GoogleScopeAuthGmailSend.png|none|thumb|600x600px|/GoogleScopeAuthGmailSend.png|/GoogleScopeAuthGmailSend.png]]<br />
These are the scopes needed.<br />
[[File:GoogleScopes.png|none|thumb|600x600px|/GoogleScopes.png|/GoogleScopes.png]]<br />
Ask client credentials for Web type application.<br />
[[File:GoogleOAuthClientID.png|none|thumb|600x600px|/GoogleOAuthClientID.png|/GoogleOAuthClientID.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:GoogleRedirectURIs.png|none|thumb|600x600px|/GoogleRedirectURIs.png|/GoogleRedirectURIs.png]]<br />
Download the credentials. This json file contains all information for OAuth2 configuration.<br />
[[File:GoogleClientCredentialsDownload.png|none|thumb|600x600px|/GoogleClientCredentialsDownload.png|/GoogleClientCredentialsDownload.png]]<br />
Customize the OAuth consent screen<br />
[[File:GoogleOAuthConsentScreenSettings.png|none|thumb|600x600px|/GoogleOAuthConsentScreenSettings.png|/GoogleOAuthConsentScreenSettings.png]]<br />
Start the customization wizard.<br />
[[File:GoogleConsentScreenWizard.png|none|thumb|600x600px|/GoogleConsentScreenWizard.png|/GoogleConsentScreenWizard.png]]<br />
Choose which users may authorize.<br />
[[File:GoogleAudienceExternal.png|none|thumb|600x600px|/GoogleAudienceExternal.png|/GoogleAudienceExternal.png]]<br />
Google workspace users may choose internal audience. Users not in Google workspace proceed with external.<br />
[[File:GoogleContactInformation.png|none|thumb|600x600px|/GoogleContactInformation.png|/GoogleContactInformation.png]]<br />
Add a test user.<br />
[[File:GoogleTestUserAdded.png|none|thumb|600x600px|/GoogleTestUserAdded.png|/GoogleTestUserAdded.png]]<br />
The OAuth2 parameters can be filled in with the information from the json file downloaded above.<br />
[[File:OAuth2InteractiveGmail.png|none|thumb|600x600px|/OAuth2InteractiveGmail.png|/OAuth2InteractiveGmail.png]]<br />
<br />
== Generic ==<br />
<br />
1<br />
<br />
2<br />
<br />
3</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:OAuth2ClientSecretPost.png&diff=78145File:OAuth2ClientSecretPost.png2025-10-03T07:57:49Z<p>Tmo: </p>
<hr />
<div>OAuth2 Client Secret Post</div>Tmohttps://wiki.innovaphone.com/index.php?title=Howto16r1:Configure_OAuth2_E-Mail&diff=78144Howto16r1:Configure OAuth2 E-Mail2025-10-03T07:51:29Z<p>Tmo: </p>
<hr />
<div>{{FIXME|reason=This product is in the beta phase and is not yet finished}}<br />
<br />
innovaphone PBX and apps can be configured to send E-Mails for various subjects and purposes. Major E-Mail providers intent to discontinue the username/password authentication schemes in favour of OAuth2. PBX and Apps version 16r1 does support OAuth2 authentication for SMTP. Here is a step by step guide how to set up OAuth2 support in Microsoft 365 through the Azure Portal and how to set it up on a Google Gmail account in the Google Cloud Console.<br />
<br />
== Microsoft 365 ==<br />
Log in to Microsoft Azure Portal (<nowiki>https://portal.azure.com</nowiki>) and go to Microsoft Entra ID.<br />
[[File:AzureMicrosoftEntraID.png|none|thumb|600x600px|/AzureMicrosoftEntraID.png|/AzureMicrosoftEntraID.png]]<br />
Add a new app registration to create client credentials.<br />
[[File:AzureAddAppRegistration.png|none|thumb|600x600px|/AzureAddAppRegistration.png|/AzureAddAppRegistration.png]]<br />
Register the application and maybe already fill in the redirect URI for Web based application type to path OAUTH2-CLIENT/auth.htm at the PBX.<br />
[[File:AzureRegisterAnApplication.png|none|thumb|600x600px|/AzureRegisterAnApplication.png|/AzureRegisterAnApplication.png]]<br />
App registration is complete. Client ID and tenant needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureApp.png|none|thumb|600x600px|/AzureApp.png|/AzureApp.png]]<br />
Create a client secret.<br />
[[File:AzureAddClientSecret.png|none|thumb|600x600px|/AzureAddClientSecret.png|/AzureAddClientSecret.png]]<br />
Copy the client secret. It also needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureCopyClientSecret.png|none|thumb|600x600px|/AzureCopyClientSecret.png|/AzureCopyClientSecret.png]]<br />
Add permissions located in APIs my organization uses.<br />
[[File:AzureAddApiPermissionMyOrganization.png|none|thumb|600x600px|/AzureAddApiPermissionMyOrganization.png|/AzureAddApiPermissionMyOrganization.png]]<br />
More precisely located in Office 365 Exchange Online.<br />
[[File:AzureAddApiPermissionExchange.png|none|thumb|600x600px|/AzureAddApiPermissionExchange.png|/AzureAddApiPermissionExchange.png]]<br />
And there in the application permissions.<br />
[[File:AzureAddApiExchangeApplication.png|none|thumb|600x600px|/AzureAddApiExchangeApplication.png|/AzureAddApiExchangeApplication.png]]<br />
Namely SMTP Mail.Send.<br />
[[File:AzureAddApiSendMailAsUser.png|none|thumb|600x600px|/AzureAddApiSendMailAsUser.png|/AzureAddApiSendMailAsUser.png]]<br />
Grant admin permission for Mail.Send.<br />
[[File:AzureGrantApiPermissions.png|none|thumb|600x600px|/AzureGrantApiPermissions.png|/AzureGrantApiPermissions.png]]<br />
API permissions are now granted.<br />
[[File:AzureApiPermissionsGranted.png|none|thumb|600x600px|/AzureApiPermissionsGranted.png|/AzureApiPermissionsGranted.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:AzureRedirectUris.png|none|thumb|600x600px|/AzureRedirectUris.png|/AzureRedirectUris.png]]<br />
Allow public client flows of OAuth2. Resource Owner Password Credentials Flow has the advantage that it doesn't need interactive authorization.<br />
[[File:AzureAllowPublicClientFlows.png|none|thumb|600x600px|/AzureAllowPublicClientFlows.png|/AzureAllowPublicClientFlows.png]]<br />
Log in to the Microsoft 365 admin center (https://admin.cloud.microsoft).<br />
[[File:MS365AdminCenter.png|none|thumb|600x600px|/MS365AdminCenter.png|/MS365AdminCenter.png]]<br />
Make sure that Microsoft 365 licenses are assigned to your user.<br />
[[File:MS365UserLicenses.png|none|thumb|600x600px|/MS365UserLicenses.png|/MS365UserLicenses.png]]<br />
Set your user active.<br />
[[File:MS365ActiveUsers.png|none|thumb|600x600px|/MS365ActiveUsers.png|/MS365ActiveUsers.png]]<br />
Locate the Mail tab of your user.<br />
[[File:MS365UserEMail.png|none|thumb|600x600px|/MS365UserEMail.png|/MS365UserEMail.png]]<br />
Allow authenticated SMTP.<br />
[[File:MS365AuthenticatedSMTP.png|none|thumb|600x600px|/MS365AuthenticatedSMTP.png|/MS365AuthenticatedSMTP.png]]<br />
Login to the Exchange admin center (<nowiki>https://admin.exchange.microsoft.com</nowiki>).<br />
[[File:ExchangeAdminCenter.png|none|thumb|600x600px|/ExchangeAdminCenter.png|/ExchangeAdminCenter.png]]<br />
Remove deactivation of the SMTP AUTH protocol.<br />
[[File:ExchangeRemoveDeavtivatedOAuth2.png|none|thumb|600x600px|/ExchangeRemoveDeavtivatedOAuth2.png|/ExchangeRemoveDeavtivatedOAuth2.png]]<br />
With this Microsoft setup the OAuth2 configuration for the resource owner password credentials flow can be filled in as follows. <br />
[[File:OAuth2ResourceOwnerPasswordCredentials.png|none|thumb|600x600px|/OAuth2ResourceOwnerPasswordCredentials.png|/OAuth2ResourceOwnerPasswordCredentials.png]]<br />
For interactive authorization this is the OAuth2 configuration. Authorize e-mail access one time and send a test mail to verify everything went well.<br />
[[File:OAuth2InteractiveAuthorization.png|none|thumb|600x600px|/OAuth2InteractiveAuthorization.png|/OAuth2InteractiveAuthorization.png]]<br />
<br />
== Gmail ==<br />
Login to the Google Cloud Console (https://console.cloud.google.com), select a project, New project.<br />
[[File:GoogleSelectProject.png|none|thumb|600x600px|/GoogleSelectProject.png|/GoogleSelectProject.png]]<br />
Create the project.<br />
[[File:GoogleCreateProject.png|none|thumb|600x600px|/GoogleCreateProject.png|/GoogleCreateProject.png]]<br />
Client credentials will be created in this project.<br />
[[File:GoogleProjectCreated.png|none|thumb|600x600px|/GoogleProjectCreated.png|/GoogleProjectCreated.png]]<br />
From the library specify the APIs needed to access.<br />
[[File:GoogleApisServicesFromLibrary.png|none|thumb|600x600px|/GoogleApisServicesFromLibrary.png|/GoogleApisServicesFromLibrary.png]]<br />
These are in the Gmail API.<br />
[[File:GoogleApisServicesApiLibrary.png|none|thumb|600x600px|/GoogleApisServicesApiLibrary.png|/GoogleApisServicesApiLibrary.png]]<br />
Choose the Gmail API and enable it.<br />
[[File:GoogleGmailApis.png|none|thumb|600x600px|/GoogleGmailApis.png|/GoogleGmailApis.png]]<br />
Credentials need to be created.<br />
[[File:GoogleGmailApiAdded.png|none|thumb|600x600px|/GoogleGmailApiAdded.png|/GoogleGmailApiAdded.png]]<br />
Invoke the help me choose wizard.<br />
[[File:GoogleCreateCredentialsHelpMeChoose.png|none|thumb|600x600px|/GoogleCreateCredentialsHelpMeChoose.png|/GoogleCreateCredentialsHelpMeChoose.png]]<br />
User data access is needed.<br />
[[File:GoogleCredentialsUserData.png|none|thumb|600x600px|/GoogleCredentialsUserData.png|/GoogleCredentialsUserData.png]]<br />
Configure the consent screen of the interactive authorization.<br />
[[File:GoogleOAuthConsentScreen.png|none|thumb|600x600px|/GoogleOAuthConsentScreen.png|/GoogleOAuthConsentScreen.png]]<br />
Specify the permissions that need to be authorized by the user.<br />
[[File:GoogleOAuthScopes.png|none|thumb|600x600px|/GoogleOAuthScopes.png|/GoogleOAuthScopes.png]]<br />
Its mail.google.com in general.<br />
[[File:GoogleScopeMailGoogleCom.png|none|thumb|600x600px|/GoogleScopeMailGoogleCom.png|/GoogleScopeMailGoogleCom.png]]<br />
And its to send email on the users behalf.<br />
[[File:GoogleScopeAuthGmailSend.png|none|thumb|600x600px|/GoogleScopeAuthGmailSend.png|/GoogleScopeAuthGmailSend.png]]<br />
These are the scopes needed.<br />
[[File:GoogleScopes.png|none|thumb|600x600px|/GoogleScopes.png|/GoogleScopes.png]]<br />
Ask client credentials for Web type application.<br />
[[File:GoogleOAuthClientID.png|none|thumb|600x600px|/GoogleOAuthClientID.png|/GoogleOAuthClientID.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:GoogleRedirectURIs.png|none|thumb|600x600px|/GoogleRedirectURIs.png|/GoogleRedirectURIs.png]]<br />
Download the credentials. This json file contains all information for OAuth2 configuration.<br />
[[File:GoogleClientCredentialsDownload.png|none|thumb|600x600px|/GoogleClientCredentialsDownload.png|/GoogleClientCredentialsDownload.png]]<br />
Customize the OAuth consent screen<br />
[[File:GoogleOAuthConsentScreenSettings.png|none|thumb|600x600px|/GoogleOAuthConsentScreenSettings.png|/GoogleOAuthConsentScreenSettings.png]]<br />
Start the customization wizard.<br />
[[File:GoogleConsentScreenWizard.png|none|thumb|600x600px|/GoogleConsentScreenWizard.png|/GoogleConsentScreenWizard.png]]<br />
Choose which users may authorize.<br />
[[File:GoogleAudienceExternal.png|none|thumb|600x600px|/GoogleAudienceExternal.png|/GoogleAudienceExternal.png]]<br />
Google workspace users may choose internal audience. Users not in Google workspace proceed with external.<br />
[[File:GoogleContactInformation.png|none|thumb|600x600px|/GoogleContactInformation.png|/GoogleContactInformation.png]]<br />
Add a test user.<br />
[[File:GoogleTestUserAdded.png|none|thumb|600x600px|/GoogleTestUserAdded.png|/GoogleTestUserAdded.png]]<br />
The OAuth2 parameters can be filled in with the information from the json file downloaded above.<br />
[[File:OAuth2InteractiveGmail.png|none|thumb|600x600px|/OAuth2InteractiveGmail.png|/OAuth2InteractiveGmail.png]]<br />
<br />
== Generic ==<br />
<br />
1<br />
<br />
2<br />
<br />
3</div>Tmohttps://wiki.innovaphone.com/index.php?title=Howto16r1:Configure_OAuth2_E-Mail&diff=78143Howto16r1:Configure OAuth2 E-Mail2025-10-03T07:50:22Z<p>Tmo: </p>
<hr />
<div>{{FIXME|reason=This product is in the beta phase and is not yet finished}}<br />
<br />
innovaphone PBX and apps can be configured to send E-Mails for various subjects and purposes. Major E-Mail providers intent to discontinue the username/password authentication schemes in favour of OAuth2. PBX and Apps version 16r1 does support OAuth2 authentication for SMTP. Here is a step by step guide how to set up OAuth2 support in Microsoft 365 through the Azure Portal and how to set it up on a Google Gmail account in the Google Cloud Console.<br />
<br />
== Microsoft 365 ==<br />
Log in to Microsoft Azure Portal (<nowiki>https://portal.azure.com</nowiki>) and go to Microsoft Entra ID.<br />
[[File:AzureMicrosoftEntraID.png|none|thumb|600x600px|/AzureMicrosoftEntraID.png|/AzureMicrosoftEntraID.png]]<br />
Add a new app registration to create client credentials.<br />
[[File:AzureAddAppRegistration.png|none|thumb|600x600px|/AzureAddAppRegistration.png|/AzureAddAppRegistration.png]]<br />
Register the application and maybe already fill in the redirect URI for Web based application type to path OAUTH2-CLIENT/auth.htm at the PBX.<br />
[[File:AzureRegisterAnApplication.png|none|thumb|600x600px|/AzureRegisterAnApplication.png|/AzureRegisterAnApplication.png]]<br />
App registration is complete. Client ID and tenant needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureApp.png|none|thumb|600x600px|/AzureApp.png|/AzureApp.png]]<br />
Create a client secret.<br />
[[File:AzureAddClientSecret.png|none|thumb|600x600px|/AzureAddClientSecret.png|/AzureAddClientSecret.png]]<br />
Copy the client secret. It also needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureCopyClientSecret.png|none|thumb|600x600px|/AzureCopyClientSecret.png|/AzureCopyClientSecret.png]]<br />
Add permissions located in APIs my organization uses.<br />
[[File:AzureAddApiPermissionMyOrganization.png|none|thumb|600x600px|/AzureAddApiPermissionMyOrganization.png|/AzureAddApiPermissionMyOrganization.png]]<br />
More precisely located in Office 365 Exchange Online.<br />
[[File:AzureAddApiPermissionExchange.png|none|thumb|600x600px|/AzureAddApiPermissionExchange.png|/AzureAddApiPermissionExchange.png]]<br />
And there in the application permissions.<br />
[[File:AzureAddApiExchangeApplication.png|none|thumb|600x600px|/AzureAddApiExchangeApplication.png|/AzureAddApiExchangeApplication.png]]<br />
Namely SMTP Mail.Send.<br />
[[File:AzureAddApiSendMailAsUser.png|none|thumb|600x600px|/AzureAddApiSendMailAsUser.png|/AzureAddApiSendMailAsUser.png]]<br />
Grant admin permission for Mail.Send.<br />
[[File:AzureGrantApiPermissions.png|none|thumb|600x600px|/AzureGrantApiPermissions.png|/AzureGrantApiPermissions.png]]<br />
API permissions are now granted.<br />
[[File:AzureApiPermissionsGranted.png|none|thumb|600x600px|/AzureApiPermissionsGranted.png|/AzureApiPermissionsGranted.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:AzureRedirectUris.png|none|thumb|600x600px|/AzureRedirectUris.png|/AzureRedirectUris.png]]<br />
Allow public client flows of OAuth2. Resource Owner Password Credentials Flow has the advantage that it doesn't need interactive authorization.<br />
[[File:AzureAllowPublicClientFlows.png|none|thumb|600x600px|/AzureAllowPublicClientFlows.png|/AzureAllowPublicClientFlows.png]]<br />
Log in to the Microsoft 365 admin center (https://admin.cloud.microsoft).<br />
[[File:MS365AdminCenter.png|none|thumb|600x600px|/MS365AdminCenter.png|/MS365AdminCenter.png]]<br />
Make sure that Microsoft 365 licenses are assigned to your user.<br />
[[File:MS365UserLicenses.png|none|thumb|600x600px|/MS365UserLicenses.png|/MS365UserLicenses.png]]<br />
Set your user active.<br />
[[File:MS365ActiveUsers.png|none|thumb|600x600px|/MS365ActiveUsers.png|/MS365ActiveUsers.png]]<br />
Locate the Mail tab of your user.<br />
[[File:MS365UserEMail.png|none|thumb|600x600px|/MS365UserEMail.png|/MS365UserEMail.png]]<br />
Allow authenticated SMTP.<br />
[[File:MS365AuthenticatedSMTP.png|none|thumb|600x600px|/MS365AuthenticatedSMTP.png|/MS365AuthenticatedSMTP.png]]<br />
Login to the Exchange admin center (<nowiki>https://admin.exchange.microsoft.com</nowiki>).<br />
[[File:ExchangeAdminCenter.png|none|thumb|600x600px|/ExchangeAdminCenter.png|/ExchangeAdminCenter.png]]<br />
Remove deactivation of the SMTP AUTH protocol.<br />
[[File:ExchangeRemoveDeavtivatedOAuth2.png|none|thumb|600x600px|/ExchangeRemoveDeavtivatedOAuth2.png|/ExchangeRemoveDeavtivatedOAuth2.png]]<br />
With this Microsoft setup the OAuth2 configuration for the resource owner password credentials flow can be filled in as follows. <br />
[[File:OAuth2ResourceOwnerPasswordCredentials.png|none|thumb|600x600px|/OAuth2ResourceOwnerPasswordCredentials.png|/OAuth2ResourceOwnerPasswordCredentials.png]]<br />
For interactive authorization this is the OAuth2 configuration. Authorize e-mail access one time and send a test mail to verify everything went well.<br />
[[File:OAuth2InteractiveAuthorization.png|none|thumb|600x600px|/OAuth2InteractiveAuthorization.png|/OAuth2InteractiveAuthorization.png]]<br />
<br />
== Gmail ==<br />
Login to the Google Cloud Console (https://console.cloud.google.com), select a project, New project.<br />
[[File:GoogleSelectProject.png|none|thumb|600x600px|/GoogleSelectProject.png|/GoogleSelectProject.png]]<br />
Create the project.<br />
[[File:GoogleCreateProject.png|none|thumb|600x600px|/GoogleCreateProject.png|/GoogleCreateProject.png]]<br />
Client credentials will be created in this project.<br />
[[File:GoogleProjectCreated.png|none|thumb|600x600px|/GoogleProjectCreated.png|/GoogleProjectCreated.png]]<br />
From the library specify the APIs needed to access.<br />
[[File:GoogleApisServicesFromLibrary.png|none|thumb|600x600px|/GoogleApisServicesFromLibrary.png|/GoogleApisServicesFromLibrary.png]]<br />
These are in the Gmail API.<br />
[[File:GoogleApisServicesApiLibrary.png|none|thumb|600x600px|/GoogleApisServicesApiLibrary.png|/GoogleApisServicesApiLibrary.png]]<br />
Choose the Gmail API and enable it.<br />
[[File:GoogleGmailApis.png|none|thumb|600x600px|/GoogleGmailApis.png|/GoogleGmailApis.png]]<br />
Credentials need to be created.<br />
[[File:GoogleGmailApiAdded.png|none|thumb|600x600px|/GoogleGmailApiAdded.png|/GoogleGmailApiAdded.png]]<br />
Invoke the help me choose wizard.<br />
[[File:GoogleCreateCredentialsHelpMeChoose.png|none|thumb|600x600px|/GoogleCreateCredentialsHelpMeChoose.png|/GoogleCreateCredentialsHelpMeChoose.png]]<br />
User data access is needed.<br />
[[File:GoogleCredentialsUserData.png|none|thumb|600x600px|/GoogleCredentialsUserData.png|/GoogleCredentialsUserData.png]]<br />
Configure the consent screen of the interactive authorization.<br />
[[File:GoogleOAuthConsentScreen.png|none|thumb|600x600px|/GoogleOAuthConsentScreen.png|/GoogleOAuthConsentScreen.png]]<br />
Specify the permissions that need to be authorized by the user.<br />
[[File:GoogleOAuthScopes.png|none|thumb|600x600px|/GoogleOAuthScopes.png|/GoogleOAuthScopes.png]]<br />
Its mail.google.com in general.<br />
[[File:GoogleScopeMailGoogleCom.png|none|thumb|600x600px|/GoogleScopeMailGoogleCom.png|/GoogleScopeMailGoogleCom.png]]<br />
And its to send email on the users behalf.<br />
[[File:GoogleScopeAuthGmailSend.png|none|thumb|600x600px|/GoogleScopeAuthGmailSend.png|/GoogleScopeAuthGmailSend.png]]<br />
These are the scopes needed.<br />
[[File:GoogleScopes.png|none|thumb|600x600px|/GoogleScopes.png|/GoogleScopes.png]]<br />
Ask client credentials for Web type application.<br />
[[File:GoogleOAuthClientID.png|none|thumb|600x600px|/GoogleOAuthClientID.png|/GoogleOAuthClientID.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:GoogleRedirectURIs.png|none|thumb|600x600px|/GoogleRedirectURIs.png|/GoogleRedirectURIs.png]]<br />
Download the credentials. This json file contains all information for OAuth2 configuration.<br />
[[File:GoogleClientCredentialsDownload.png|none|thumb|600x600px|/GoogleClientCredentialsDownload.png|/GoogleClientCredentialsDownload.png]]<br />
Customize the OAuth consent screen<br />
[[File:GoogleOAuthConsentScreenSettings.png|none|thumb|600x600px|/GoogleOAuthConsentScreenSettings.png|/GoogleOAuthConsentScreenSettings.png]]<br />
Start the customization wizard.<br />
[[File:GoogleConsentScreenWizard.png|none|thumb|600x600px|/GoogleConsentScreenWizard.png|/GoogleConsentScreenWizard.png]]<br />
Choose which users may authorize.<br />
[[File:GoogleAudienceExternal.png|none|thumb|600x600px|/GoogleAudienceExternal.png|/GoogleAudienceExternal.png]]<br />
Google workspace users may choose internal audience. Users not in Google workspace proceed with external.<br />
[[File:GoogleContactInformation.png|none|thumb|600x600px|/GoogleContactInformation.png|/GoogleContactInformation.png]]<br />
Add a test user.<br />
[[File:GoogleTestUserAdded.png|none|thumb|600x600px|/GoogleTestUserAdded.png|/GoogleTestUserAdded.png]]<br />
The OAuth2 parameters can be filled in with the information from the json file downloaded above.<br />
[[File:OAuth2InteractiveGmail.png|none|thumb|600x600px|/OAuth2InteractiveGmail.png|/OAuth2InteractiveGmail.png]]<br />
8</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:OAuth2InteractiveGmail.png&diff=78142File:OAuth2InteractiveGmail.png2025-10-03T07:37:23Z<p>Tmo: Tmo uploaded a new version of File:OAuth2InteractiveGmail.png</p>
<hr />
<div>OAuth2 interactive Gmail</div>Tmohttps://wiki.innovaphone.com/index.php?title=Howto16r1:Configure_OAuth2_E-Mail&diff=78141Howto16r1:Configure OAuth2 E-Mail2025-10-03T07:33:52Z<p>Tmo: </p>
<hr />
<div>{{FIXME|reason=This product is in the beta phase and is not yet finished}}<br />
<br />
innovaphone PBX and apps can be configured to send E-Mails for various subjects and purposes. Major E-Mail providers intent to discontinue the username/password authentication schemes in favour of OAuth2. PBX and Apps version 16r1 does support OAuth2 authentication for SMTP. Here is a step by step guide how to set up OAuth2 support in Microsoft 365 through the Azure Portal and how to set it up on a Google Gmail account in the Google Cloud Console.<br />
<br />
== Microsoft 365 ==<br />
Log in to Microsoft Azure Portal (<nowiki>https://portal.azure.com</nowiki>) and go to Microsoft Entra ID.<br />
[[File:AzureMicrosoftEntraID.png|none|thumb|600x600px|/AzureMicrosoftEntraID.png|/AzureMicrosoftEntraID.png]]<br />
Add a new app registration to create client credentials.<br />
[[File:AzureAddAppRegistration.png|none|thumb|600x600px|/AzureAddAppRegistration.png|/AzureAddAppRegistration.png]]<br />
Register the application and maybe already fill in the redirect URI for Web based application type to path OAUTH2-CLIENT/auth.htm at the PBX.<br />
[[File:AzureRegisterAnApplication.png|none|thumb|600x600px|/AzureRegisterAnApplication.png|/AzureRegisterAnApplication.png]]<br />
App registration is complete. Client ID and tenant needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureApp.png|none|thumb|600x600px|/AzureApp.png|/AzureApp.png]]<br />
Create a client secret.<br />
[[File:AzureAddClientSecret.png|none|thumb|600x600px|/AzureAddClientSecret.png|/AzureAddClientSecret.png]]<br />
Copy the client secret. It also needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureCopyClientSecret.png|none|thumb|600x600px|/AzureCopyClientSecret.png|/AzureCopyClientSecret.png]]<br />
Add permissions located in APIs my organization uses.<br />
[[File:AzureAddApiPermissionMyOrganization.png|none|thumb|600x600px|/AzureAddApiPermissionMyOrganization.png|/AzureAddApiPermissionMyOrganization.png]]<br />
More precisely located in Office 365 Exchange Online.<br />
[[File:AzureAddApiPermissionExchange.png|none|thumb|600x600px|/AzureAddApiPermissionExchange.png|/AzureAddApiPermissionExchange.png]]<br />
And there in the application permissions.<br />
[[File:AzureAddApiExchangeApplication.png|none|thumb|600x600px|/AzureAddApiExchangeApplication.png|/AzureAddApiExchangeApplication.png]]<br />
Namely SMTP Mail.Send.<br />
[[File:AzureAddApiSendMailAsUser.png|none|thumb|600x600px|/AzureAddApiSendMailAsUser.png|/AzureAddApiSendMailAsUser.png]]<br />
Grant admin permission for Mail.Send.<br />
[[File:AzureGrantApiPermissions.png|none|thumb|600x600px|/AzureGrantApiPermissions.png|/AzureGrantApiPermissions.png]]<br />
API permissions are now granted.<br />
[[File:AzureApiPermissionsGranted.png|none|thumb|600x600px|/AzureApiPermissionsGranted.png|/AzureApiPermissionsGranted.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:AzureRedirectUris.png|none|thumb|600x600px|/AzureRedirectUris.png|/AzureRedirectUris.png]]<br />
Allow public client flows of OAuth2. Resource Owner Password Credentials Flow has the advantage that it doesn't need interactive authorization.<br />
[[File:AzureAllowPublicClientFlows.png|none|thumb|600x600px|/AzureAllowPublicClientFlows.png|/AzureAllowPublicClientFlows.png]]<br />
Log in to the Microsoft 365 admin center (https://admin.cloud.microsoft).<br />
[[File:MS365AdminCenter.png|none|thumb|600x600px|/MS365AdminCenter.png|/MS365AdminCenter.png]]<br />
Make sure that Microsoft 365 licenses are assigned to your user.<br />
[[File:MS365UserLicenses.png|none|thumb|600x600px|/MS365UserLicenses.png|/MS365UserLicenses.png]]<br />
Set your user active.<br />
[[File:MS365ActiveUsers.png|none|thumb|600x600px|/MS365ActiveUsers.png|/MS365ActiveUsers.png]]<br />
Locate the Mail tab of your user.<br />
[[File:MS365UserEMail.png|none|thumb|600x600px|/MS365UserEMail.png|/MS365UserEMail.png]]<br />
Allow authenticated SMTP.<br />
[[File:MS365AuthenticatedSMTP.png|none|thumb|600x600px|/MS365AuthenticatedSMTP.png|/MS365AuthenticatedSMTP.png]]<br />
Login to the Exchange admin center (<nowiki>https://admin.exchange.microsoft.com</nowiki>).<br />
[[File:ExchangeAdminCenter.png|none|thumb|600x600px|/ExchangeAdminCenter.png|/ExchangeAdminCenter.png]]<br />
Remove deactivation of the SMTP AUTH protocol.<br />
[[File:ExchangeRemoveDeavtivatedOAuth2.png|none|thumb|600x600px|/ExchangeRemoveDeavtivatedOAuth2.png|/ExchangeRemoveDeavtivatedOAuth2.png]]<br />
With this Microsoft setup the OAuth2 configuration for the resource owner password credentials flow can be filled in as follows. <br />
[[File:OAuth2ResourceOwnerPasswordCredentials.png|none|thumb|600x600px|/OAuth2ResourceOwnerPasswordCredentials.png|/OAuth2ResourceOwnerPasswordCredentials.png]]<br />
For interactive authorization this is the OAuth2 configuration. Authorize e-mail access one time and send a test mail to verify everything went well.<br />
[[File:OAuth2InteractiveAuthorization.png|none|thumb|600x600px|/OAuth2InteractiveAuthorization.png|/OAuth2InteractiveAuthorization.png]]<br />
<br />
== Gmail ==<br />
Login to the Google Cloud Console (https://console.cloud.google.com), select a project, New project.<br />
[[File:GoogleSelectProject.png|none|thumb|600x600px|/GoogleSelectProject.png|/GoogleSelectProject.png]]<br />
Create the project.<br />
[[File:GoogleCreateProject.png|none|thumb|600x600px|/GoogleCreateProject.png|/GoogleCreateProject.png]]<br />
Client credentials will be created in this project.<br />
[[File:GoogleProjectCreated.png|none|thumb|600x600px|/GoogleProjectCreated.png|/GoogleProjectCreated.png]]<br />
From the library specify the APIs needed to access.<br />
[[File:GoogleApisServicesFromLibrary.png|none|thumb|600x600px|/GoogleApisServicesFromLibrary.png]]<br />
These are in the Gmail API.<br />
[[File:GoogleApisServicesApiLibrary.png|none|thumb|600x600px|/GoogleApisServicesApiLibrary.png|/GoogleApisServicesApiLibrary.png]]<br />
Choose the Gmail API and enable it.<br />
[[File:GoogleGmailApis.png|none|thumb|600x600px|/GoogleGmailApis.png|/GoogleGmailApis.png]]<br />
Credentials need to be created.<br />
[[File:GoogleGmailApiAdded.png|none|thumb|600x600px|/GoogleGmailApiAdded.png|/GoogleGmailApiAdded.png]]<br />
Invoke the help me choose wizard.<br />
[[File:GoogleCreateCredentialsHelpMeChoose.png|none|thumb|600x600px|/GoogleCreateCredentialsHelpMeChoose.png|/GoogleCreateCredentialsHelpMeChoose.png]]<br />
User data access is needed.<br />
[[File:GoogleCredentialsUserData.png|none|thumb|600x600px|/GoogleCredentialsUserData.png|/GoogleCredentialsUserData.png]]<br />
Configure the consent screen of the interactive authorization.<br />
[[File:GoogleOAuthConsentScreen.png|none|thumb|600x600px|/GoogleOAuthConsentScreen.png|/GoogleOAuthConsentScreen.png]]<br />
Specify the permissions that need to be authorized by the user.<br />
[[File:GoogleOAuthScopes.png|none|thumb|600x600px|/GoogleOAuthScopes.png|/GoogleOAuthScopes.png]]<br />
Its mail.google.com in general.<br />
[[File:GoogleScopeMailGoogleCom.png|none|thumb|600x600px|/GoogleScopeMailGoogleCom.png|/GoogleScopeMailGoogleCom.png]]<br />
And its to send email on the users behalf.<br />
[[File:GoogleScopeAuthGmailSend.png|none|thumb|600x600px|/GoogleScopeAuthGmailSend.png|/GoogleScopeAuthGmailSend.png]]<br />
These are the scopes needed.<br />
[[File:GoogleScopes.png|none|thumb|600x600px|/GoogleScopes.png|/GoogleScopes.png]]<br />
Ask client credentials for Web type application.<br />
[[File:GoogleOAuthClientID.png|none|thumb|600x600px|/GoogleOAuthClientID.png|/GoogleOAuthClientID.png]]<br />
9<br />
[[File:GoogleRedirectURIs.png|none|thumb|600x600px|/GoogleRedirectURIs.png|/GoogleRedirectURIs.png]]<br />
1<br />
[[File:GoogleClientCredentialsDownload.png|none|thumb|600x600px|/GoogleClientCredentialsDownload.png|/GoogleClientCredentialsDownload.png]]<br />
2<br />
[[File:GoogleOAuthConsentScreenSettings.png|none|thumb|600x600px|/GoogleOAuthConsentScreenSettings.png|/GoogleOAuthConsentScreenSettings.png]]<br />
3<br />
[[File:GoogleConsentScreenWizard.png|none|thumb|600x600px|/GoogleConsentScreenWizard.png|/GoogleConsentScreenWizard.png]]<br />
4<br />
[[File:GoogleAudienceExternal.png|none|thumb|600x600px|/GoogleAudienceExternal.png|/GoogleAudienceExternal.png]]<br />
5<br />
[[File:GoogleContactInformation.png|none|thumb|600x600px|/GoogleContactInformation.png|/GoogleContactInformation.png]]<br />
6<br />
[[File:GoogleTestUserAdded.png|none|thumb|600x600px|/GoogleTestUserAdded.png|/GoogleTestUserAdded.png]]<br />
7<br />
[[File:OAuth2InteractiveGmail.png|none|thumb|600x600px|/OAuth2InteractiveGmail.png|/OAuth2InteractiveGmail.png]]<br />
8</div>Tmohttps://wiki.innovaphone.com/index.php?title=Howto16r1:Configure_OAuth2_E-Mail&diff=78140Howto16r1:Configure OAuth2 E-Mail2025-10-03T06:05:55Z<p>Tmo: </p>
<hr />
<div>{{FIXME|reason=This product is in the beta phase and is not yet finished}}<br />
<br />
innovaphone PBX and apps can be configured to send E-Mails for various subjects and purposes. Major E-Mail providers intent to discontinue the username/password authentication schemes in favour of OAuth2. PBX and Apps version 16r1 does support OAuth2 authentication for SMTP. Here is a step by step guide how to set up OAuth2 support in Microsoft 365 through the Azure Portal and how to set it up on a Google Gmail account in the Google Cloud Console.<br />
<br />
== Microsoft 365 ==<br />
Log in to Microsoft Azure Portal (<nowiki>https://portal.azure.com</nowiki>) and go to Microsoft Entra ID.<br />
[[File:AzureMicrosoftEntraID.png|none|thumb|600x600px|/AzureMicrosoftEntraID.png|/AzureMicrosoftEntraID.png]]<br />
Add a new app registration to create client credentials.<br />
[[File:AzureAddAppRegistration.png|none|thumb|600x600px|/AzureAddAppRegistration.png|/AzureAddAppRegistration.png]]<br />
Register the application and maybe already fill in the redirect URI for Web based application type to path OAUTH2-CLIENT/auth.htm at the PBX.<br />
[[File:AzureRegisterAnApplication.png|none|thumb|600x600px|/AzureRegisterAnApplication.png|/AzureRegisterAnApplication.png]]<br />
App registration is complete. Client ID and tenant needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureApp.png|none|thumb|600x600px|/AzureApp.png|/AzureApp.png]]<br />
Create a client secret.<br />
[[File:AzureAddClientSecret.png|none|thumb|600x600px|/AzureAddClientSecret.png|/AzureAddClientSecret.png]]<br />
Copy the client secret. It also needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureCopyClientSecret.png|none|thumb|600x600px|/AzureCopyClientSecret.png|/AzureCopyClientSecret.png]]<br />
Add permissions located in APIs my organization uses.<br />
[[File:AzureAddApiPermissionMyOrganization.png|none|thumb|600x600px|/AzureAddApiPermissionMyOrganization.png|/AzureAddApiPermissionMyOrganization.png]]<br />
More precisely located in Office 365 Exchange Online.<br />
[[File:AzureAddApiPermissionExchange.png|none|thumb|600x600px|/AzureAddApiPermissionExchange.png|/AzureAddApiPermissionExchange.png]]<br />
And there in the application permissions.<br />
[[File:AzureAddApiExchangeApplication.png|none|thumb|600x600px|/AzureAddApiExchangeApplication.png|/AzureAddApiExchangeApplication.png]]<br />
Namely SMTP Mail.Send.<br />
[[File:AzureAddApiSendMailAsUser.png|none|thumb|600x600px|/AzureAddApiSendMailAsUser.png|/AzureAddApiSendMailAsUser.png]]<br />
Grant admin permission for Mail.Send.<br />
[[File:AzureGrantApiPermissions.png|none|thumb|600x600px|/AzureGrantApiPermissions.png|/AzureGrantApiPermissions.png]]<br />
API permissions are now granted.<br />
[[File:AzureApiPermissionsGranted.png|none|thumb|600x600px|/AzureApiPermissionsGranted.png|/AzureApiPermissionsGranted.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:AzureRedirectUris.png|none|thumb|600x600px|/AzureRedirectUris.png|/AzureRedirectUris.png]]<br />
Allow public client flows of OAuth2. Resource Owner Password Credentials Flow has the advantage that it doesn't need interactive authorization.<br />
[[File:AzureAllowPublicClientFlows.png|none|thumb|600x600px|/AzureAllowPublicClientFlows.png|/AzureAllowPublicClientFlows.png]]<br />
Log in to the Microsoft 365 admin center (https://admin.cloud.microsoft).<br />
[[File:MS365AdminCenter.png|none|thumb|600x600px|/MS365AdminCenter.png|/MS365AdminCenter.png]]<br />
Make sure that Microsoft 365 licenses are assigned to your user.<br />
[[File:MS365UserLicenses.png|none|thumb|600x600px|/MS365UserLicenses.png|/MS365UserLicenses.png]]<br />
Set your user active.<br />
[[File:MS365ActiveUsers.png|none|thumb|600x600px|/MS365ActiveUsers.png|/MS365ActiveUsers.png]]<br />
Locate the Mail tab of your user.<br />
[[File:MS365UserEMail.png|none|thumb|600x600px|/MS365UserEMail.png|/MS365UserEMail.png]]<br />
Allow authenticated SMTP.<br />
[[File:MS365AuthenticatedSMTP.png|none|thumb|600x600px|/MS365AuthenticatedSMTP.png|/MS365AuthenticatedSMTP.png]]<br />
Login to the Exchange admin center (<nowiki>https://admin.exchange.microsoft.com</nowiki>).<br />
[[File:ExchangeAdminCenter.png|none|thumb|600x600px|/ExchangeAdminCenter.png|/ExchangeAdminCenter.png]]<br />
Remove deactivation of the SMTP AUTH protocol.<br />
[[File:ExchangeRemoveDeavtivatedOAuth2.png|none|thumb|600x600px|/ExchangeRemoveDeavtivatedOAuth2.png|/ExchangeRemoveDeavtivatedOAuth2.png]]<br />
With this Microsoft setup the OAuth2 configuration for the resource owner password credentials flow can be filled in as follows. <br />
[[File:OAuth2ResourceOwnerPasswordCredentials.png|none|thumb|600x600px|/OAuth2ResourceOwnerPasswordCredentials.png|/OAuth2ResourceOwnerPasswordCredentials.png]]<br />
For interactive authorization this is the OAuth2 configuration. Authorize e-mail access one time and send a test mail to verify everything went well.<br />
[[File:OAuth2InteractiveAuthorization.png|none|thumb|600x600px|/OAuth2InteractiveAuthorization.png|/OAuth2InteractiveAuthorization.png]]<br />
<br />
== Gmail ==<br />
Login to the Google Cloud Console (https://console.cloud.google.com), select a project, New project.<br />
[[File:GoogleSelectProject.png|none|thumb|600x600px|/GoogleSelectProject.png|/GoogleSelectProject.png]]<br />
Create the project.<br />
[[File:GoogleCreateProject.png|none|thumb|600x600px|/GoogleCreateProject.png|/GoogleCreateProject.png]]<br />
Client credentials will be created in this project.<br />
[[File:GoogleProjectCreated.png|none|thumb|600x600px|/GoogleProjectCreated.png|/GoogleProjectCreated.png]]<br />
From the library specify the APIs needed to access.<br />
[[File:GoogleApisServicesFromLibrary.png|none|thumb|600x600px]]<br />
These are in the Gmail API.<br />
[[File:GoogleApisServicesApiLibrary.png|none|thumb|600x600px|/GoogleApisServicesApiLibrary.png|/GoogleApisServicesApiLibrary.png]]<br />
Choose the Gmail API and enable it.<br />
[[File:GoogleGmailApis.png|none|thumb|600x600px|/GoogleGmailApis.png|/GoogleGmailApis.png]]<br />
Credentials need to be created.<br />
[[File:GoogleGmailApiAdded.png|none|thumb|600x600px|/GoogleGmailApiAdded.png|/GoogleGmailApiAdded.png]]<br />
Invoke the help me choose wizard.<br />
[[File:GoogleCreateCredentialsHelpMeChoose.png|none|thumb|600x600px|/GoogleCreateCredentialsHelpMeChoose.png|/GoogleCreateCredentialsHelpMeChoose.png]]<br />
Access is needed with interactive authorization and user data access.<br />
[[File:GoogleCredentialsUserData.png|none|thumb|600x600px|/GoogleCredentialsUserData.png|/GoogleCredentialsUserData.png]]<br />
3<br />
[[File:GoogleOAuthConsentScreen.png|none|thumb|600x600px|/GoogleOAuthConsentScreen.png|/GoogleOAuthConsentScreen.png]]<br />
4<br />
[[File:GoogleOAuthScopes.png|none|thumb|600x600px|/GoogleOAuthScopes.png|/GoogleOAuthScopes.png]]<br />
5<br />
[[File:GoogleScopeMailGoogleCom.png|none|thumb|600x600px|/GoogleScopeMailGoogleCom.png|/GoogleScopeMailGoogleCom.png]]<br />
6<br />
[[File:GoogleScopeAuthGmailSend.png|none|thumb|600x600px|/GoogleScopeAuthGmailSend.png|/GoogleScopeAuthGmailSend.png]]<br />
7<br />
[[File:GoogleScopes.png|none|thumb|600x600px|/GoogleScopes.png|/GoogleScopes.png]]<br />
8<br />
[[File:GoogleOAuthClientID.png|none|thumb|600x600px|/GoogleOAuthClientID.png|/GoogleOAuthClientID.png]]<br />
9<br />
[[File:GoogleRedirectURIs.png|none|thumb|600x600px|/GoogleRedirectURIs.png|/GoogleRedirectURIs.png]]<br />
1<br />
[[File:GoogleClientCredentialsDownload.png|none|thumb|600x600px|/GoogleClientCredentialsDownload.png|/GoogleClientCredentialsDownload.png]]<br />
2<br />
[[File:GoogleOAuthConsentScreenSettings.png|none|thumb|600x600px|/GoogleOAuthConsentScreenSettings.png|/GoogleOAuthConsentScreenSettings.png]]<br />
3<br />
[[File:GoogleConsentScreenWizard.png|none|thumb|600x600px|/GoogleConsentScreenWizard.png|/GoogleConsentScreenWizard.png]]<br />
4<br />
[[File:GoogleAudienceExternal.png|none|thumb|600x600px|/GoogleAudienceExternal.png|/GoogleAudienceExternal.png]]<br />
5<br />
[[File:GoogleContactInformation.png|none|thumb|600x600px|/GoogleContactInformation.png|/GoogleContactInformation.png]]<br />
6<br />
[[File:GoogleTestUserAdded.png|none|thumb|600x600px|/GoogleTestUserAdded.png|/GoogleTestUserAdded.png]]<br />
7<br />
[[File:OAuth2InteractiveGmail.png|none|thumb|600x600px|/OAuth2InteractiveGmail.png|/OAuth2InteractiveGmail.png]]<br />
8</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:GoogleApisServicesFromLibrary.png&diff=78139File:GoogleApisServicesFromLibrary.png2025-10-03T06:01:09Z<p>Tmo: </p>
<hr />
<div>APIs services from library</div>Tmohttps://wiki.innovaphone.com/index.php?title=Howto16r1:Configure_OAuth2_E-Mail&diff=78123Howto16r1:Configure OAuth2 E-Mail2025-10-02T21:08:38Z<p>Tmo: </p>
<hr />
<div>{{FIXME|reason=This product is in the beta phase and is not yet finished}}<br />
<br />
innovaphone PBX and apps can be configured to send E-Mails for various subjects and purposes. Major E-Mail providers intent to discontinue the username/password authentication schemes in favour of OAuth2. PBX and Apps version 16r1 does support OAuth2 authentication for SMTP. Here is a step by step guide how to set up OAuth2 support in Microsoft 365 through the Azure Portal and how to set it up on a Google Gmail account in the Google Cloud Console.<br />
<br />
== Microsoft 365 ==<br />
Log in to Microsoft Azure Portal (<nowiki>https://portal.azure.com</nowiki>) and go to Microsoft Entra ID.<br />
[[File:AzureMicrosoftEntraID.png|none|thumb|600x600px|/AzureMicrosoftEntraID.png|/AzureMicrosoftEntraID.png]]<br />
Add a new app registration to create client credentials.<br />
[[File:AzureAddAppRegistration.png|none|thumb|600x600px|/AzureAddAppRegistration.png|/AzureAddAppRegistration.png]]<br />
Register the application and maybe already fill in the redirect URI for Web based application type to path OAUTH2-CLIENT/auth.htm at the PBX.<br />
[[File:AzureRegisterAnApplication.png|none|thumb|600x600px|/AzureRegisterAnApplication.png|/AzureRegisterAnApplication.png]]<br />
App registration is complete. Client ID and tenant needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureApp.png|none|thumb|600x600px|/AzureApp.png|/AzureApp.png]]<br />
Create a client secret.<br />
[[File:AzureAddClientSecret.png|none|thumb|600x600px|/AzureAddClientSecret.png|/AzureAddClientSecret.png]]<br />
Copy the client secret. It also needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureCopyClientSecret.png|none|thumb|600x600px|/AzureCopyClientSecret.png|/AzureCopyClientSecret.png]]<br />
Add permissions located in APIs my organization uses.<br />
[[File:AzureAddApiPermissionMyOrganization.png|none|thumb|600x600px|/AzureAddApiPermissionMyOrganization.png|/AzureAddApiPermissionMyOrganization.png]]<br />
More precisely located in Office 365 Exchange Online.<br />
[[File:AzureAddApiPermissionExchange.png|none|thumb|600x600px|/AzureAddApiPermissionExchange.png|/AzureAddApiPermissionExchange.png]]<br />
And there in the application permissions.<br />
[[File:AzureAddApiExchangeApplication.png|none|thumb|600x600px|/AzureAddApiExchangeApplication.png|/AzureAddApiExchangeApplication.png]]<br />
Namely SMTP Mail.Send.<br />
[[File:AzureAddApiSendMailAsUser.png|none|thumb|600x600px|/AzureAddApiSendMailAsUser.png|/AzureAddApiSendMailAsUser.png]]<br />
Grant admin permission for Mail.Send.<br />
[[File:AzureGrantApiPermissions.png|none|thumb|600x600px|/AzureGrantApiPermissions.png|/AzureGrantApiPermissions.png]]<br />
API permissions are now granted.<br />
[[File:AzureApiPermissionsGranted.png|none|thumb|600x600px|/AzureApiPermissionsGranted.png|/AzureApiPermissionsGranted.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:AzureRedirectUris.png|none|thumb|600x600px|/AzureRedirectUris.png|/AzureRedirectUris.png]]<br />
Allow public client flows of OAuth2. Resource Owner Password Credentials Flow has the advantage that it doesn't need interactive authorization.<br />
[[File:AzureAllowPublicClientFlows.png|none|thumb|600x600px|/AzureAllowPublicClientFlows.png|/AzureAllowPublicClientFlows.png]]<br />
Log in to the Microsoft 365 admin center (https://admin.cloud.microsoft).<br />
[[File:MS365AdminCenter.png|none|thumb|600x600px|/MS365AdminCenter.png|/MS365AdminCenter.png]]<br />
Make sure that Microsoft 365 licenses are assigned to your user.<br />
[[File:MS365UserLicenses.png|none|thumb|600x600px|/MS365UserLicenses.png|/MS365UserLicenses.png]]<br />
Set your user active.<br />
[[File:MS365ActiveUsers.png|none|thumb|600x600px|/MS365ActiveUsers.png|/MS365ActiveUsers.png]]<br />
Locate the Mail tab of your user.<br />
[[File:MS365UserEMail.png|none|thumb|600x600px|/MS365UserEMail.png|/MS365UserEMail.png]]<br />
Allow authenticated SMTP.<br />
[[File:MS365AuthenticatedSMTP.png|none|thumb|600x600px|/MS365AuthenticatedSMTP.png|/MS365AuthenticatedSMTP.png]]<br />
Login to the Exchange admin center (<nowiki>https://admin.exchange.microsoft.com</nowiki>).<br />
[[File:ExchangeAdminCenter.png|none|thumb|600x600px|/ExchangeAdminCenter.png|/ExchangeAdminCenter.png]]<br />
Remove deactivation of the SMTP AUTH protocol.<br />
[[File:ExchangeRemoveDeavtivatedOAuth2.png|none|thumb|600x600px|/ExchangeRemoveDeavtivatedOAuth2.png|/ExchangeRemoveDeavtivatedOAuth2.png]]<br />
With this Microsoft setup the OAuth2 configuration for the resource owner password credentials flow can be filled in as follows. <br />
[[File:OAuth2ResourceOwnerPasswordCredentials.png|none|thumb|600x600px|/OAuth2ResourceOwnerPasswordCredentials.png|/OAuth2ResourceOwnerPasswordCredentials.png]]<br />
For interactive authorization this is the OAuth2 configuration. Authorize e-mail access one time and send a test mail to verify everything went well.<br />
[[File:OAuth2InteractiveAuthorization.png|none|thumb|600x600px|/OAuth2InteractiveAuthorization.png|/OAuth2InteractiveAuthorization.png]]<br />
<br />
== Gmail ==<br />
1<br />
[[File:GoogleSelectProject.png|none|thumb|600x600px|/GoogleSelectProject.png]]<br />
2<br />
[[File:GoogleCreateProject.png|none|thumb|600x600px|/GoogleCreateProject.png]]<br />
3<br />
[[File:GoogleProjectCreated.png|none|thumb|600x600px|/GoogleProjectCreated.png]]<br />
4<br />
[[File:GoogleEnabledApisServices.png|none|thumb|600x600px|/GoogleEnabledApisServices.png]]<br />
5<br />
[[File:GoogleApisServicesLibrary.png|none|thumb|600x600px|/GoogleApisServicesLibrary.png]]<br />
6<br />
[[File:GoogleApisServicesApiLibrary.png|none|thumb|600x600px|/GoogleApisServicesApiLibrary.png]]<br />
7<br />
[[File:GoogleGmailApis.png|none|thumb|600x600px|/GoogleGmailApis.png]]<br />
8<br />
[[File:GoogleAddGmailApi.png|none|thumb|600x600px|/GoogleAddGmailApi.png]]<br />
9<br />
[[File:GoogleGmailApiAdded.png|none|thumb|600x600px|/GoogleGmailApiAdded.png]]<br />
1<br />
[[File:GoogleCreateCredentialsHelpMeChoose.png|none|thumb|600x600px|/GoogleCreateCredentialsHelpMeChoose.png]]<br />
2<br />
[[File:GoogleCredentialsUserData.png|none|thumb|600x600px|/GoogleCredentialsUserData.png]]<br />
3<br />
[[File:GoogleOAuthConsentScreen.png|none|thumb|600x600px|/GoogleOAuthConsentScreen.png]]<br />
4<br />
[[File:GoogleOAuthScopes.png|none|thumb|600x600px|/GoogleOAuthScopes.png]]<br />
5<br />
[[File:GoogleScopeMailGoogleCom.png|none|thumb|600x600px|/GoogleScopeMailGoogleCom.png]]<br />
6<br />
[[File:GoogleScopeAuthGmailSend.png|none|thumb|600x600px|/GoogleScopeAuthGmailSend.png]]<br />
7<br />
[[File:GoogleScopes.png|none|thumb|600x600px|/GoogleScopes.png]]<br />
8<br />
[[File:GoogleOAuthClientID.png|none|thumb|600x600px|/GoogleOAuthClientID.png]]<br />
9<br />
[[File:GoogleRedirectURIs.png|none|thumb|600x600px|/GoogleRedirectURIs.png]]<br />
1<br />
[[File:GoogleClientCredentialsDownload.png|none|thumb|600x600px|/GoogleClientCredentialsDownload.png]]<br />
2<br />
[[File:GoogleOAuthConsentScreenSettings.png|none|thumb|600x600px|/GoogleOAuthConsentScreenSettings.png]]<br />
3<br />
[[File:GoogleConsentScreenWizard.png|none|thumb|600x600px|/GoogleConsentScreenWizard.png]]<br />
4<br />
[[File:GoogleAudienceExternal.png|none|thumb|600x600px|/GoogleAudienceExternal.png]]<br />
5<br />
[[File:GoogleContactInformation.png|none|thumb|600x600px|/GoogleContactInformation.png]]<br />
6<br />
[[File:GoogleTestUserAdded.png|none|thumb|600x600px|/GoogleTestUserAdded.png]]<br />
7<br />
[[File:OAuth2InteractiveGmail.png|none|thumb|600x600px|/OAuth2InteractiveGmail.png]]<br />
8</div>Tmohttps://wiki.innovaphone.com/index.php?title=Howto16r1:Configure_OAuth2_E-Mail&diff=78122Howto16r1:Configure OAuth2 E-Mail2025-10-02T21:07:47Z<p>Tmo: </p>
<hr />
<div>{{FIXME|reason=This product is in the beta phase and is not yet finished}}<br />
[[File:OAuth2InteractiveGmail.png|none|thumb|600x600px]]<br />
innovaphone PBX and apps can be configured to send E-Mails for various subjects and purposes. Major E-Mail providers intent to discontinue the username/password authentication schemes in favour of OAuth2. PBX and Apps version 16r1 does support OAuth2 authentication for SMTP. Here is a step by step guide how to set up OAuth2 support in Microsoft 365 through the Azure Portal and how to set it up on a Google Gmail account in the Google Cloud Console.<br />
<br />
== Microsoft 365 ==<br />
Log in to Microsoft Azure Portal (<nowiki>https://portal.azure.com</nowiki>) and go to Microsoft Entra ID.<br />
[[File:AzureMicrosoftEntraID.png|none|thumb|600x600px|/AzureMicrosoftEntraID.png|/AzureMicrosoftEntraID.png]]<br />
Add a new app registration to create client credentials.<br />
[[File:AzureAddAppRegistration.png|none|thumb|600x600px|/AzureAddAppRegistration.png|/AzureAddAppRegistration.png]]<br />
Register the application and maybe already fill in the redirect URI for Web based application type to path OAUTH2-CLIENT/auth.htm at the PBX.<br />
[[File:AzureRegisterAnApplication.png|none|thumb|600x600px|/AzureRegisterAnApplication.png|/AzureRegisterAnApplication.png]]<br />
App registration is complete. Client ID and tenant needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureApp.png|none|thumb|600x600px|/AzureApp.png|/AzureApp.png]]<br />
Create a client secret.<br />
[[File:AzureAddClientSecret.png|none|thumb|600x600px|/AzureAddClientSecret.png|/AzureAddClientSecret.png]]<br />
Copy the client secret. It also needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureCopyClientSecret.png|none|thumb|600x600px|/AzureCopyClientSecret.png|/AzureCopyClientSecret.png]]<br />
Add permissions located in APIs my organization uses.<br />
[[File:AzureAddApiPermissionMyOrganization.png|none|thumb|600x600px|/AzureAddApiPermissionMyOrganization.png|/AzureAddApiPermissionMyOrganization.png]]<br />
More precisely located in Office 365 Exchange Online.<br />
[[File:AzureAddApiPermissionExchange.png|none|thumb|600x600px|/AzureAddApiPermissionExchange.png|/AzureAddApiPermissionExchange.png]]<br />
And there in the application permissions.<br />
[[File:AzureAddApiExchangeApplication.png|none|thumb|600x600px|/AzureAddApiExchangeApplication.png|/AzureAddApiExchangeApplication.png]]<br />
Namely SMTP Mail.Send.<br />
[[File:AzureAddApiSendMailAsUser.png|none|thumb|600x600px|/AzureAddApiSendMailAsUser.png|/AzureAddApiSendMailAsUser.png]]<br />
Grant admin permission for Mail.Send.<br />
[[File:AzureGrantApiPermissions.png|none|thumb|600x600px|/AzureGrantApiPermissions.png|/AzureGrantApiPermissions.png]]<br />
API permissions are now granted.<br />
[[File:AzureApiPermissionsGranted.png|none|thumb|600x600px|/AzureApiPermissionsGranted.png|/AzureApiPermissionsGranted.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:AzureRedirectUris.png|none|thumb|600x600px|/AzureRedirectUris.png|/AzureRedirectUris.png]]<br />
Allow public client flows of OAuth2. Resource Owner Password Credentials Flow has the advantage that it doesn't need interactive authorization.<br />
[[File:AzureAllowPublicClientFlows.png|none|thumb|600x600px|/AzureAllowPublicClientFlows.png|/AzureAllowPublicClientFlows.png]]<br />
Log in to the Microsoft 365 admin center (https://admin.cloud.microsoft).<br />
[[File:MS365AdminCenter.png|none|thumb|600x600px|/MS365AdminCenter.png|/MS365AdminCenter.png]]<br />
Make sure that Microsoft 365 licenses are assigned to your user.<br />
[[File:MS365UserLicenses.png|none|thumb|600x600px|/MS365UserLicenses.png|/MS365UserLicenses.png]]<br />
Set your user active.<br />
[[File:MS365ActiveUsers.png|none|thumb|600x600px|/MS365ActiveUsers.png|/MS365ActiveUsers.png]]<br />
Locate the Mail tab of your user.<br />
[[File:MS365UserEMail.png|none|thumb|600x600px|/MS365UserEMail.png|/MS365UserEMail.png]]<br />
Allow authenticated SMTP.<br />
[[File:MS365AuthenticatedSMTP.png|none|thumb|600x600px|/MS365AuthenticatedSMTP.png|/MS365AuthenticatedSMTP.png]]<br />
Login to the Exchange admin center (<nowiki>https://admin.exchange.microsoft.com</nowiki>).<br />
[[File:ExchangeAdminCenter.png|none|thumb|600x600px|/ExchangeAdminCenter.png|/ExchangeAdminCenter.png]]<br />
Remove deactivation of the SMTP AUTH protocol.<br />
[[File:ExchangeRemoveDeavtivatedOAuth2.png|none|thumb|600x600px|/ExchangeRemoveDeavtivatedOAuth2.png|/ExchangeRemoveDeavtivatedOAuth2.png]]<br />
With this Microsoft setup the OAuth2 configuration for the resource owner password credentials flow can be filled in as follows. <br />
[[File:OAuth2ResourceOwnerPasswordCredentials.png|none|thumb|600x600px|/OAuth2ResourceOwnerPasswordCredentials.png|/OAuth2ResourceOwnerPasswordCredentials.png]]<br />
For interactive authorization this is the OAuth2 configuration. Authorize e-mail access one time and send a test mail to verify everything went well.<br />
[[File:OAuth2InteractiveAuthorization.png|none|thumb|600x600px|/OAuth2InteractiveAuthorization.png|/OAuth2InteractiveAuthorization.png]]<br />
<br />
== Gmail ==<br />
1<br />
[[File:GoogleSelectProject.png|none|thumb|600x600px|/GoogleSelectProject.png]]<br />
2<br />
[[File:GoogleCreateProject.png|none|thumb|600x600px|/GoogleCreateProject.png]]<br />
3<br />
[[File:GoogleProjectCreated.png|none|thumb|600x600px|/GoogleProjectCreated.png]]<br />
4<br />
[[File:GoogleEnabledApisServices.png|none|thumb|600x600px|/GoogleEnabledApisServices.png]]<br />
5<br />
[[File:GoogleApisServicesLibrary.png|none|thumb|600x600px|/GoogleApisServicesLibrary.png]]<br />
6<br />
[[File:GoogleApisServicesApiLibrary.png|none|thumb|600x600px|/GoogleApisServicesApiLibrary.png]]<br />
7<br />
[[File:GoogleGmailApis.png|none|thumb|600x600px|/GoogleGmailApis.png]]<br />
8<br />
[[File:GoogleAddGmailApi.png|none|thumb|600x600px|/GoogleAddGmailApi.png]]<br />
9<br />
[[File:GoogleGmailApiAdded.png|none|thumb|600x600px|/GoogleGmailApiAdded.png]]<br />
1<br />
[[File:GoogleCreateCredentialsHelpMeChoose.png|none|thumb|600x600px|/GoogleCreateCredentialsHelpMeChoose.png]]<br />
2<br />
[[File:GoogleCredentialsUserData.png|none|thumb|600x600px|/GoogleCredentialsUserData.png]]<br />
3<br />
[[File:GoogleOAuthConsentScreen.png|none|thumb|600x600px|/GoogleOAuthConsentScreen.png]]<br />
4<br />
[[File:GoogleOAuthScopes.png|none|thumb|600x600px|/GoogleOAuthScopes.png]]<br />
5<br />
[[File:GoogleScopeMailGoogleCom.png|none|thumb|600x600px|/GoogleScopeMailGoogleCom.png]]<br />
6<br />
[[File:GoogleScopeAuthGmailSend.png|none|thumb|600x600px|/GoogleScopeAuthGmailSend.png]]<br />
7<br />
[[File:GoogleScopes.png|none|thumb|600x600px|/GoogleScopes.png]]<br />
8<br />
[[File:GoogleOAuthClientID.png|none|thumb|600x600px|/GoogleOAuthClientID.png]]<br />
9<br />
[[File:GoogleRedirectURIs.png|none|thumb|600x600px|/GoogleRedirectURIs.png]]<br />
1<br />
[[File:GoogleClientCredentialsDownload.png|none|thumb|600x600px|/GoogleClientCredentialsDownload.png]]<br />
2<br />
[[File:GoogleOAuthConsentScreenSettings.png|none|thumb|600x600px|/GoogleOAuthConsentScreenSettings.png]]<br />
3<br />
[[File:GoogleConsentScreenWizard.png|none|thumb|600x600px|/GoogleConsentScreenWizard.png]]<br />
4<br />
[[File:GoogleAudienceExternal.png|none|thumb|600x600px|/GoogleAudienceExternal.png]]<br />
5<br />
[[File:GoogleContactInformation.png|none|thumb|600x600px|/GoogleContactInformation.png]]<br />
6<br />
[[File:GoogleTestUserAdded.png|none|thumb|600x600px|/GoogleTestUserAdded.png]]<br />
7<br />
<br />
8</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:OAuth2InteractiveGmail.png&diff=78121File:OAuth2InteractiveGmail.png2025-10-02T21:07:27Z<p>Tmo: </p>
<hr />
<div>OAuth2 interactive Gmail</div>Tmohttps://wiki.innovaphone.com/index.php?title=Howto16r1:Configure_OAuth2_E-Mail&diff=78114Howto16r1:Configure OAuth2 E-Mail2025-10-02T21:01:38Z<p>Tmo: </p>
<hr />
<div>{{FIXME|reason=This product is in the beta phase and is not yet finished}}<br />
<br />
innovaphone PBX and apps can be configured to send E-Mails for various subjects and purposes. Major E-Mail providers intent to discontinue the username/password authentication schemes in favour of OAuth2. PBX and Apps version 16r1 does support OAuth2 authentication for SMTP. Here is a step by step guide how to set up OAuth2 support in Microsoft 365 through the Azure Portal and how to set it up on a Google Gmail account in the Google Cloud Console.<br />
<br />
== Microsoft 365 ==<br />
Log in to Microsoft Azure Portal (<nowiki>https://portal.azure.com</nowiki>) and go to Microsoft Entra ID.<br />
[[File:AzureMicrosoftEntraID.png|none|thumb|600x600px|/AzureMicrosoftEntraID.png|/AzureMicrosoftEntraID.png]]<br />
Add a new app registration to create client credentials.<br />
[[File:AzureAddAppRegistration.png|none|thumb|600x600px|/AzureAddAppRegistration.png|/AzureAddAppRegistration.png]]<br />
Register the application and maybe already fill in the redirect URI for Web based application type to path OAUTH2-CLIENT/auth.htm at the PBX.<br />
[[File:AzureRegisterAnApplication.png|none|thumb|600x600px|/AzureRegisterAnApplication.png|/AzureRegisterAnApplication.png]]<br />
App registration is complete. Client ID and tenant needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureApp.png|none|thumb|600x600px|/AzureApp.png|/AzureApp.png]]<br />
Create a client secret.<br />
[[File:AzureAddClientSecret.png|none|thumb|600x600px|/AzureAddClientSecret.png|/AzureAddClientSecret.png]]<br />
Copy the client secret. It also needs to be configured at the PBX and every app that will be sending e-mails.<br />
[[File:AzureCopyClientSecret.png|none|thumb|600x600px|/AzureCopyClientSecret.png|/AzureCopyClientSecret.png]]<br />
Add permissions located in APIs my organization uses.<br />
[[File:AzureAddApiPermissionMyOrganization.png|none|thumb|600x600px|/AzureAddApiPermissionMyOrganization.png|/AzureAddApiPermissionMyOrganization.png]]<br />
More precisely located in Office 365 Exchange Online.<br />
[[File:AzureAddApiPermissionExchange.png|none|thumb|600x600px|/AzureAddApiPermissionExchange.png|/AzureAddApiPermissionExchange.png]]<br />
And there in the application permissions.<br />
[[File:AzureAddApiExchangeApplication.png|none|thumb|600x600px|/AzureAddApiExchangeApplication.png|/AzureAddApiExchangeApplication.png]]<br />
Namely SMTP Mail.Send.<br />
[[File:AzureAddApiSendMailAsUser.png|none|thumb|600x600px|/AzureAddApiSendMailAsUser.png|/AzureAddApiSendMailAsUser.png]]<br />
Grant admin permission for Mail.Send.<br />
[[File:AzureGrantApiPermissions.png|none|thumb|600x600px|/AzureGrantApiPermissions.png|/AzureGrantApiPermissions.png]]<br />
API permissions are now granted.<br />
[[File:AzureApiPermissionsGranted.png|none|thumb|600x600px|/AzureApiPermissionsGranted.png|/AzureApiPermissionsGranted.png]]<br />
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.<br />
[[File:AzureRedirectUris.png|none|thumb|600x600px|/AzureRedirectUris.png|/AzureRedirectUris.png]]<br />
Allow public client flows of OAuth2. Resource Owner Password Credentials Flow has the advantage that it doesn't need interactive authorization.<br />
[[File:AzureAllowPublicClientFlows.png|none|thumb|600x600px|/AzureAllowPublicClientFlows.png|/AzureAllowPublicClientFlows.png]]<br />
Log in to the Microsoft 365 admin center (https://admin.cloud.microsoft).<br />
[[File:MS365AdminCenter.png|none|thumb|600x600px|/MS365AdminCenter.png|/MS365AdminCenter.png]]<br />
Make sure that Microsoft 365 licenses are assigned to your user.<br />
[[File:MS365UserLicenses.png|none|thumb|600x600px|/MS365UserLicenses.png|/MS365UserLicenses.png]]<br />
Set your user active.<br />
[[File:MS365ActiveUsers.png|none|thumb|600x600px|/MS365ActiveUsers.png|/MS365ActiveUsers.png]]<br />
Locate the Mail tab of your user.<br />
[[File:MS365UserEMail.png|none|thumb|600x600px|/MS365UserEMail.png|/MS365UserEMail.png]]<br />
Allow authenticated SMTP.<br />
[[File:MS365AuthenticatedSMTP.png|none|thumb|600x600px|/MS365AuthenticatedSMTP.png|/MS365AuthenticatedSMTP.png]]<br />
Login to the Exchange admin center (<nowiki>https://admin.exchange.microsoft.com</nowiki>).<br />
[[File:ExchangeAdminCenter.png|none|thumb|600x600px|/ExchangeAdminCenter.png|/ExchangeAdminCenter.png]]<br />
Remove deactivation of the SMTP AUTH protocol.<br />
[[File:ExchangeRemoveDeavtivatedOAuth2.png|none|thumb|600x600px|/ExchangeRemoveDeavtivatedOAuth2.png|/ExchangeRemoveDeavtivatedOAuth2.png]]<br />
With this Microsoft setup the OAuth2 configuration for the resource owner password credentials flow can be filled in as follows. <br />
[[File:OAuth2ResourceOwnerPasswordCredentials.png|none|thumb|600x600px|/OAuth2ResourceOwnerPasswordCredentials.png|/OAuth2ResourceOwnerPasswordCredentials.png]]<br />
For interactive authorization this is the OAuth2 configuration. Authorize e-mail access one time and send a test mail to verify everything went well.<br />
[[File:OAuth2InteractiveAuthorization.png|none|thumb|600x600px|/OAuth2InteractiveAuthorization.png|/OAuth2InteractiveAuthorization.png]]<br />
<br />
== Gmail ==<br />
1<br />
[[File:GoogleSelectProject.png|none|thumb|600x600px]]<br />
2<br />
[[File:GoogleCreateProject.png|none|thumb|600x600px]]<br />
3<br />
[[File:GoogleProjectCreated.png|none|thumb|600x600px]]<br />
4<br />
[[File:GoogleEnabledApisServices.png|none|thumb|600x600px]]<br />
5<br />
[[File:GoogleApisServicesLibrary.png|none|thumb|600x600px]]<br />
6<br />
[[File:GoogleApisServicesApiLibrary.png|none|thumb|600x600px]]<br />
7<br />
[[File:GoogleGmailApis.png|none|thumb|600x600px]]<br />
8<br />
[[File:GoogleAddGmailApi.png|none|thumb|600x600px]]<br />
9<br />
[[File:GoogleGmailApiAdded.png|none|thumb|600x600px]]<br />
1<br />
[[File:GoogleCreateCredentialsHelpMeChoose.png|none|thumb|600x600px]]<br />
2<br />
[[File:GoogleCredentialsUserData.png|none|thumb|600x600px]]<br />
3<br />
[[File:GoogleOAuthConsentScreen.png|none|thumb|600x600px]]<br />
4<br />
[[File:GoogleOAuthScopes.png|none|thumb|600x600px]]<br />
5<br />
[[File:GoogleScopeMailGoogleCom.png|none|thumb|600x600px]]<br />
6<br />
[[File:GoogleScopeAuthGmailSend.png|none|thumb|600x600px]]<br />
7<br />
[[File:GoogleScopes.png|none|thumb|600x600px]]<br />
8<br />
[[File:GoogleOAuthClientID.png|none|thumb|600x600px]]<br />
9<br />
[[File:GoogleRedirectURIs.png|none|thumb|600x600px]]<br />
1<br />
[[File:GoogleClientCredentialsDownload.png|none|thumb|600x600px]]<br />
2<br />
[[File:GoogleOAuthConsentScreenSettings.png|none|thumb|600x600px]]<br />
3<br />
[[File:GoogleConsentScreenWizard.png|none|thumb|600x600px]]<br />
4<br />
[[File:GoogleAudienceExternal.png|none|thumb|600x600px]]<br />
5<br />
[[File:GoogleContactInformation.png|none|thumb|600x600px]]<br />
6<br />
[[File:GoogleTestUserAdded.png|none|thumb|600x600px]]<br />
7<br />
<br />
8</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:GoogleTestUserAdded.png&diff=78113File:GoogleTestUserAdded.png2025-10-02T21:01:07Z<p>Tmo: </p>
<hr />
<div>Test user added</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:GoogleContactInformation.png&diff=78111File:GoogleContactInformation.png2025-10-02T21:00:38Z<p>Tmo: </p>
<hr />
<div>Contact information</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:GoogleAudienceExternal.png&diff=78110File:GoogleAudienceExternal.png2025-10-02T21:00:08Z<p>Tmo: </p>
<hr />
<div>Audience external</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:GoogleConsentScreenWizard.png&diff=78108File:GoogleConsentScreenWizard.png2025-10-02T20:59:35Z<p>Tmo: </p>
<hr />
<div>Consent screen wizard</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:GoogleOAuthConsentScreenSettings.png&diff=78105File:GoogleOAuthConsentScreenSettings.png2025-10-02T20:58:32Z<p>Tmo: </p>
<hr />
<div>OAuth consent screen settings</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:GoogleClientCredentialsDownload.png&diff=78103File:GoogleClientCredentialsDownload.png2025-10-02T20:57:52Z<p>Tmo: </p>
<hr />
<div>Client credentials download</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:GoogleRedirectURIs.png&diff=78100File:GoogleRedirectURIs.png2025-10-02T20:57:15Z<p>Tmo: </p>
<hr />
<div>Redirect URIs</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:GoogleOAuthClientID.png&diff=78098File:GoogleOAuthClientID.png2025-10-02T20:56:44Z<p>Tmo: </p>
<hr />
<div>OAuth Client ID</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:GoogleScopes.png&diff=78097File:GoogleScopes.png2025-10-02T20:56:03Z<p>Tmo: </p>
<hr />
<div>Scopes</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:GoogleScopeAuthGmailSend.png&diff=78095File:GoogleScopeAuthGmailSend.png2025-10-02T20:55:37Z<p>Tmo: </p>
<hr />
<div>Scope auth gmail.send</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:GoogleScopeMailGoogleCom.png&diff=78092File:GoogleScopeMailGoogleCom.png2025-10-02T20:54:30Z<p>Tmo: </p>
<hr />
<div>Scope mail.google.com</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:GoogleOAuthScopes.png&diff=78091File:GoogleOAuthScopes.png2025-10-02T20:53:45Z<p>Tmo: </p>
<hr />
<div>OAuth scopes</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:GoogleOAuthConsentScreen.png&diff=78089File:GoogleOAuthConsentScreen.png2025-10-02T20:53:16Z<p>Tmo: </p>
<hr />
<div>OAuth consent screen</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:GoogleCredentialsUserData.png&diff=78088File:GoogleCredentialsUserData.png2025-10-02T20:52:38Z<p>Tmo: </p>
<hr />
<div>Credentials user data</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:GoogleCreateCredentialsHelpMeChoose.png&diff=78086File:GoogleCreateCredentialsHelpMeChoose.png2025-10-02T20:52:04Z<p>Tmo: </p>
<hr />
<div>Create credentials, help me choose</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:GoogleGmailApiAdded.png&diff=78085File:GoogleGmailApiAdded.png2025-10-02T20:51:10Z<p>Tmo: </p>
<hr />
<div>Gmail API added</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:GoogleAddGmailApi.png&diff=78084File:GoogleAddGmailApi.png2025-10-02T20:50:36Z<p>Tmo: </p>
<hr />
<div>Add Gmail API</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:GoogleGmailApis.png&diff=78083File:GoogleGmailApis.png2025-10-02T20:50:04Z<p>Tmo: </p>
<hr />
<div>Gmail APIs</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:GoogleApisServicesApiLibrary.png&diff=78082File:GoogleApisServicesApiLibrary.png2025-10-02T20:49:29Z<p>Tmo: </p>
<hr />
<div>APIs Services API Library</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:GoogleApisServicesLibrary.png&diff=78081File:GoogleApisServicesLibrary.png2025-10-02T20:48:34Z<p>Tmo: </p>
<hr />
<div>Apis Services Library</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:GoogleEnabledApisServices.png&diff=78080File:GoogleEnabledApisServices.png2025-10-02T20:47:54Z<p>Tmo: </p>
<hr />
<div>Enabled APIs & Services</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:GoogleProjectCreated.png&diff=78079File:GoogleProjectCreated.png2025-10-02T20:47:10Z<p>Tmo: </p>
<hr />
<div>Project created</div>Tmohttps://wiki.innovaphone.com/index.php?title=File:GoogleCreateProject.png&diff=78078File:GoogleCreateProject.png2025-10-02T20:46:31Z<p>Tmo: </p>
<hr />
<div>Create project</div>Tmo