Howto16r1:Configure OAuth2 E-Mail: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
{{FIXME|reason=This product is in the beta phase and is not yet finished}} | {{FIXME|reason=This product is in the beta phase and is not yet finished}} | ||
[[File:OAuth2InteractiveGmail.png|none|thumb|600x600px]] | |||
innovaphone PBX and apps can be configured to send E-Mails for various subjects and purposes. Major E-Mail providers intent to discontinue the username/password authentication schemes in favour of OAuth2. PBX and Apps version 16r1 does support OAuth2 authentication for SMTP. Here is a step by step guide how to set up OAuth2 support in Microsoft 365 through the Azure Portal and how to set it up on a Google Gmail account in the Google Cloud Console. | innovaphone PBX and apps can be configured to send E-Mails for various subjects and purposes. Major E-Mail providers intent to discontinue the username/password authentication schemes in favour of OAuth2. PBX and Apps version 16r1 does support OAuth2 authentication for SMTP. Here is a step by step guide how to set up OAuth2 support in Microsoft 365 through the Azure Portal and how to set it up on a Google Gmail account in the Google Cloud Console. | ||
| Line 53: | Line 53: | ||
== Gmail == | == Gmail == | ||
1 | 1 | ||
[[File:GoogleSelectProject.png|none|thumb|600x600px]] | [[File:GoogleSelectProject.png|none|thumb|600x600px|/GoogleSelectProject.png]] | ||
2 | 2 | ||
[[File:GoogleCreateProject.png|none|thumb|600x600px]] | [[File:GoogleCreateProject.png|none|thumb|600x600px|/GoogleCreateProject.png]] | ||
3 | 3 | ||
[[File:GoogleProjectCreated.png|none|thumb|600x600px]] | [[File:GoogleProjectCreated.png|none|thumb|600x600px|/GoogleProjectCreated.png]] | ||
4 | 4 | ||
[[File:GoogleEnabledApisServices.png|none|thumb|600x600px]] | [[File:GoogleEnabledApisServices.png|none|thumb|600x600px|/GoogleEnabledApisServices.png]] | ||
5 | 5 | ||
[[File:GoogleApisServicesLibrary.png|none|thumb|600x600px]] | [[File:GoogleApisServicesLibrary.png|none|thumb|600x600px|/GoogleApisServicesLibrary.png]] | ||
6 | 6 | ||
[[File:GoogleApisServicesApiLibrary.png|none|thumb|600x600px]] | [[File:GoogleApisServicesApiLibrary.png|none|thumb|600x600px|/GoogleApisServicesApiLibrary.png]] | ||
7 | 7 | ||
[[File:GoogleGmailApis.png|none|thumb|600x600px]] | [[File:GoogleGmailApis.png|none|thumb|600x600px|/GoogleGmailApis.png]] | ||
8 | 8 | ||
[[File:GoogleAddGmailApi.png|none|thumb|600x600px]] | [[File:GoogleAddGmailApi.png|none|thumb|600x600px|/GoogleAddGmailApi.png]] | ||
9 | 9 | ||
[[File:GoogleGmailApiAdded.png|none|thumb|600x600px]] | [[File:GoogleGmailApiAdded.png|none|thumb|600x600px|/GoogleGmailApiAdded.png]] | ||
1 | 1 | ||
[[File:GoogleCreateCredentialsHelpMeChoose.png|none|thumb|600x600px]] | [[File:GoogleCreateCredentialsHelpMeChoose.png|none|thumb|600x600px|/GoogleCreateCredentialsHelpMeChoose.png]] | ||
2 | 2 | ||
[[File:GoogleCredentialsUserData.png|none|thumb|600x600px]] | [[File:GoogleCredentialsUserData.png|none|thumb|600x600px|/GoogleCredentialsUserData.png]] | ||
3 | 3 | ||
[[File:GoogleOAuthConsentScreen.png|none|thumb|600x600px]] | [[File:GoogleOAuthConsentScreen.png|none|thumb|600x600px|/GoogleOAuthConsentScreen.png]] | ||
4 | 4 | ||
[[File:GoogleOAuthScopes.png|none|thumb|600x600px]] | [[File:GoogleOAuthScopes.png|none|thumb|600x600px|/GoogleOAuthScopes.png]] | ||
5 | 5 | ||
[[File:GoogleScopeMailGoogleCom.png|none|thumb|600x600px]] | [[File:GoogleScopeMailGoogleCom.png|none|thumb|600x600px|/GoogleScopeMailGoogleCom.png]] | ||
6 | 6 | ||
[[File:GoogleScopeAuthGmailSend.png|none|thumb|600x600px]] | [[File:GoogleScopeAuthGmailSend.png|none|thumb|600x600px|/GoogleScopeAuthGmailSend.png]] | ||
7 | 7 | ||
[[File:GoogleScopes.png|none|thumb|600x600px]] | [[File:GoogleScopes.png|none|thumb|600x600px|/GoogleScopes.png]] | ||
8 | 8 | ||
[[File:GoogleOAuthClientID.png|none|thumb|600x600px]] | [[File:GoogleOAuthClientID.png|none|thumb|600x600px|/GoogleOAuthClientID.png]] | ||
9 | 9 | ||
[[File:GoogleRedirectURIs.png|none|thumb|600x600px]] | [[File:GoogleRedirectURIs.png|none|thumb|600x600px|/GoogleRedirectURIs.png]] | ||
1 | 1 | ||
[[File:GoogleClientCredentialsDownload.png|none|thumb|600x600px]] | [[File:GoogleClientCredentialsDownload.png|none|thumb|600x600px|/GoogleClientCredentialsDownload.png]] | ||
2 | 2 | ||
[[File:GoogleOAuthConsentScreenSettings.png|none|thumb|600x600px]] | [[File:GoogleOAuthConsentScreenSettings.png|none|thumb|600x600px|/GoogleOAuthConsentScreenSettings.png]] | ||
3 | 3 | ||
[[File:GoogleConsentScreenWizard.png|none|thumb|600x600px]] | [[File:GoogleConsentScreenWizard.png|none|thumb|600x600px|/GoogleConsentScreenWizard.png]] | ||
4 | 4 | ||
[[File:GoogleAudienceExternal.png|none|thumb|600x600px]] | [[File:GoogleAudienceExternal.png|none|thumb|600x600px|/GoogleAudienceExternal.png]] | ||
5 | 5 | ||
[[File:GoogleContactInformation.png|none|thumb|600x600px]] | [[File:GoogleContactInformation.png|none|thumb|600x600px|/GoogleContactInformation.png]] | ||
6 | 6 | ||
[[File:GoogleTestUserAdded.png|none|thumb|600x600px]] | [[File:GoogleTestUserAdded.png|none|thumb|600x600px|/GoogleTestUserAdded.png]] | ||
7 | 7 | ||
8 | 8 | ||
Revision as of 22:07, 2 October 2025
|
FIXME: This product is in the beta phase and is not yet finished |
innovaphone PBX and apps can be configured to send E-Mails for various subjects and purposes. Major E-Mail providers intent to discontinue the username/password authentication schemes in favour of OAuth2. PBX and Apps version 16r1 does support OAuth2 authentication for SMTP. Here is a step by step guide how to set up OAuth2 support in Microsoft 365 through the Azure Portal and how to set it up on a Google Gmail account in the Google Cloud Console.
Microsoft 365
Log in to Microsoft Azure Portal (https://portal.azure.com) and go to Microsoft Entra ID.
Add a new app registration to create client credentials.
Register the application and maybe already fill in the redirect URI for Web based application type to path OAUTH2-CLIENT/auth.htm at the PBX.
App registration is complete. Client ID and tenant needs to be configured at the PBX and every app that will be sending e-mails.
Create a client secret.
Copy the client secret. It also needs to be configured at the PBX and every app that will be sending e-mails.
Add permissions located in APIs my organization uses.
More precisely located in Office 365 Exchange Online.
And there in the application permissions.
Namely SMTP Mail.Send.
Grant admin permission for Mail.Send.
API permissions are now granted.
Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.
Allow public client flows of OAuth2. Resource Owner Password Credentials Flow has the advantage that it doesn't need interactive authorization.
Log in to the Microsoft 365 admin center (https://admin.cloud.microsoft).
Make sure that Microsoft 365 licenses are assigned to your user.
Set your user active.
Locate the Mail tab of your user.
Allow authenticated SMTP.
Login to the Exchange admin center (https://admin.exchange.microsoft.com).
Remove deactivation of the SMTP AUTH protocol.
With this Microsoft setup the OAuth2 configuration for the resource owner password credentials flow can be filled in as follows.
For interactive authorization this is the OAuth2 configuration. Authorize e-mail access one time and send a test mail to verify everything went well.
Gmail
1
2
3
4
5
6
7
8
9
1
2
3
4
5
6
7
8
9
1
2
3
4
5
6
7
8