Howto16r1:Configure OAuth2 E-Mail: Difference between revisions

From innovaphone wiki
Jump to navigation Jump to search
← Older editNewer edit →
VisualWikitext
No edit summary
No edit summary
Line 59: Line 59:
[[File:GoogleProjectCreated.png|none|thumb|600x600px|/GoogleProjectCreated.png|/GoogleProjectCreated.png]]
[[File:GoogleProjectCreated.png|none|thumb|600x600px|/GoogleProjectCreated.png|/GoogleProjectCreated.png]]
From the library specify the APIs needed to access.
From the library specify the APIs needed to access.
[[File:GoogleApisServicesFromLibrary.png|none|thumb|600x600px]]
[[File:GoogleApisServicesFromLibrary.png|none|thumb|600x600px|/GoogleApisServicesFromLibrary.png]]
These are in the Gmail API.
These are in the Gmail API.
[[File:GoogleApisServicesApiLibrary.png|none|thumb|600x600px|/GoogleApisServicesApiLibrary.png|/GoogleApisServicesApiLibrary.png]]
[[File:GoogleApisServicesApiLibrary.png|none|thumb|600x600px|/GoogleApisServicesApiLibrary.png|/GoogleApisServicesApiLibrary.png]]
Line 68: Line 68:
Invoke the help me choose wizard.
Invoke the help me choose wizard.
[[File:GoogleCreateCredentialsHelpMeChoose.png|none|thumb|600x600px|/GoogleCreateCredentialsHelpMeChoose.png|/GoogleCreateCredentialsHelpMeChoose.png]]
[[File:GoogleCreateCredentialsHelpMeChoose.png|none|thumb|600x600px|/GoogleCreateCredentialsHelpMeChoose.png|/GoogleCreateCredentialsHelpMeChoose.png]]
Access is needed with interactive authorization and user data access.
User data access is needed.
[[File:GoogleCredentialsUserData.png|none|thumb|600x600px|/GoogleCredentialsUserData.png|/GoogleCredentialsUserData.png]]
[[File:GoogleCredentialsUserData.png|none|thumb|600x600px|/GoogleCredentialsUserData.png|/GoogleCredentialsUserData.png]]
3
Configure the consent screen of the interactive authorization.
[[File:GoogleOAuthConsentScreen.png|none|thumb|600x600px|/GoogleOAuthConsentScreen.png|/GoogleOAuthConsentScreen.png]]
[[File:GoogleOAuthConsentScreen.png|none|thumb|600x600px|/GoogleOAuthConsentScreen.png|/GoogleOAuthConsentScreen.png]]
4
Specify the permissions that need to be authorized by the user.
[[File:GoogleOAuthScopes.png|none|thumb|600x600px|/GoogleOAuthScopes.png|/GoogleOAuthScopes.png]]
[[File:GoogleOAuthScopes.png|none|thumb|600x600px|/GoogleOAuthScopes.png|/GoogleOAuthScopes.png]]
5
Its mail.google.com in general.
[[File:GoogleScopeMailGoogleCom.png|none|thumb|600x600px|/GoogleScopeMailGoogleCom.png|/GoogleScopeMailGoogleCom.png]]
[[File:GoogleScopeMailGoogleCom.png|none|thumb|600x600px|/GoogleScopeMailGoogleCom.png|/GoogleScopeMailGoogleCom.png]]
6
And its to send email on the users behalf.
[[File:GoogleScopeAuthGmailSend.png|none|thumb|600x600px|/GoogleScopeAuthGmailSend.png|/GoogleScopeAuthGmailSend.png]]
[[File:GoogleScopeAuthGmailSend.png|none|thumb|600x600px|/GoogleScopeAuthGmailSend.png|/GoogleScopeAuthGmailSend.png]]
7
These are the scopes needed.
[[File:GoogleScopes.png|none|thumb|600x600px|/GoogleScopes.png|/GoogleScopes.png]]
[[File:GoogleScopes.png|none|thumb|600x600px|/GoogleScopes.png|/GoogleScopes.png]]
8
Ask client credentials for Web type application.
[[File:GoogleOAuthClientID.png|none|thumb|600x600px|/GoogleOAuthClientID.png|/GoogleOAuthClientID.png]]
[[File:GoogleOAuthClientID.png|none|thumb|600x600px|/GoogleOAuthClientID.png|/GoogleOAuthClientID.png]]
9
9

Revision as of 08:33, 3 October 2025

FIXME: This product is in the beta phase and is not yet finished

innovaphone PBX and apps can be configured to send E-Mails for various subjects and purposes. Major E-Mail providers intent to discontinue the username/password authentication schemes in favour of OAuth2. PBX and Apps version 16r1 does support OAuth2 authentication for SMTP. Here is a step by step guide how to set up OAuth2 support in Microsoft 365 through the Azure Portal and how to set it up on a Google Gmail account in the Google Cloud Console.

Microsoft 365

Log in to Microsoft Azure Portal (https://portal.azure.com) and go to Microsoft Entra ID.

/AzureMicrosoftEntraID.png

Add a new app registration to create client credentials.

/AzureAddAppRegistration.png

Register the application and maybe already fill in the redirect URI for Web based application type to path OAUTH2-CLIENT/auth.htm at the PBX.

/AzureRegisterAnApplication.png

App registration is complete. Client ID and tenant needs to be configured at the PBX and every app that will be sending e-mails.

/AzureApp.png

Create a client secret.

/AzureAddClientSecret.png

Copy the client secret. It also needs to be configured at the PBX and every app that will be sending e-mails.

/AzureCopyClientSecret.png

Add permissions located in APIs my organization uses.

/AzureAddApiPermissionMyOrganization.png

More precisely located in Office 365 Exchange Online.

/AzureAddApiPermissionExchange.png

And there in the application permissions.

/AzureAddApiExchangeApplication.png

Namely SMTP Mail.Send.

/AzureAddApiSendMailAsUser.png

Grant admin permission for Mail.Send.

/AzureGrantApiPermissions.png

API permissions are now granted.

/AzureApiPermissionsGranted.png

Tell all redirect URIs that the PBX and the apps will be using during interactive authorization.

/AzureRedirectUris.png

Allow public client flows of OAuth2. Resource Owner Password Credentials Flow has the advantage that it doesn't need interactive authorization.

/AzureAllowPublicClientFlows.png

Log in to the Microsoft 365 admin center (https://admin.cloud.microsoft).

/MS365AdminCenter.png

Make sure that Microsoft 365 licenses are assigned to your user.

/MS365UserLicenses.png

Set your user active.

/MS365ActiveUsers.png

Locate the Mail tab of your user.

/MS365UserEMail.png

Allow authenticated SMTP.

/MS365AuthenticatedSMTP.png

Login to the Exchange admin center (https://admin.exchange.microsoft.com).

/ExchangeAdminCenter.png

Remove deactivation of the SMTP AUTH protocol.

/ExchangeRemoveDeavtivatedOAuth2.png

With this Microsoft setup the OAuth2 configuration for the resource owner password credentials flow can be filled in as follows.

/OAuth2ResourceOwnerPasswordCredentials.png

For interactive authorization this is the OAuth2 configuration. Authorize e-mail access one time and send a test mail to verify everything went well.

/OAuth2InteractiveAuthorization.png

Gmail

Login to the Google Cloud Console (https://console.cloud.google.com), select a project, New project.

/GoogleSelectProject.png

Create the project.

/GoogleCreateProject.png

Client credentials will be created in this project.

/GoogleProjectCreated.png

From the library specify the APIs needed to access.

/GoogleApisServicesFromLibrary.png

These are in the Gmail API.

/GoogleApisServicesApiLibrary.png

Choose the Gmail API and enable it.

/GoogleGmailApis.png

Credentials need to be created.

/GoogleGmailApiAdded.png

Invoke the help me choose wizard.

/GoogleCreateCredentialsHelpMeChoose.png

User data access is needed.

/GoogleCredentialsUserData.png

Configure the consent screen of the interactive authorization.

/GoogleOAuthConsentScreen.png

Specify the permissions that need to be authorized by the user.

/GoogleOAuthScopes.png

Its mail.google.com in general.

/GoogleScopeMailGoogleCom.png

And its to send email on the users behalf.

/GoogleScopeAuthGmailSend.png

These are the scopes needed.

/GoogleScopes.png

Ask client credentials for Web type application.

/GoogleOAuthClientID.png

9

/GoogleRedirectURIs.png

1

/GoogleClientCredentialsDownload.png

2

/GoogleOAuthConsentScreenSettings.png

3

/GoogleConsentScreenWizard.png

4

/GoogleAudienceExternal.png

5

/GoogleContactInformation.png

6

/GoogleTestUserAdded.png

7

/OAuth2InteractiveGmail.png

8

Retrieved from "https://wiki.innovaphone.com/index.php?title=Howto16r1:Configure_OAuth2_E-Mail&oldid=78141"