On October 1st in 2022 Microsoft disables basic authentication in Exchange Online and Office 365. With Auron Software you won’t have to miss a single e-mail.
This change affects anyone that currently integrates with Office 365 using SMTP, POP3 or IMAP. It’s no longer possible to just specify a username and password to send or receive e-mail. Instead you’re recommended to use Modern Authentication (OAuth2).
Of course users of Auron Software won’t have to miss a single e-mail. You can already prepare for this.
How to prepare for OAuth2
In either case you’ll need a client ID. This client ID identifies your application with Microsoft. That way the Microsoft login page knows which application needs authentication.
Auron Software does not provide a generic client ID because client ID’s are vulnerable to spoofing attacks if they leak out. With a spoofing attack a hacker can pretend to be your application. That’s why it’s always much more secure to use your own client ID and to keep it a secret.
The next step is to make sure that SMTP, POP and IMAP is available on your Office365 account. Follow these instructions to make sure that they are.
For the Auron SMS Server
If you’re an Auron SMS Server customer the next step is to verify your software version. Auron Software supports OAuth2 from version 2022 onward if you have a professional or SMSC license.
You can verify this by starting the Auron SMS Server Manager and navigating to Help -> About.
If you’re not already on version 2022 you’ll have to upgrade. Before upgrading please read the release notes of version 2022 for an overview of the changes and the upgrade instructions.
In version 2022 you can navigate to the channel settings of your e-mail channels and change the authentication setting to ‘OAuth’. For either channel you’ll always find the OAuth Authorizer which helps you grant access to the e-mail channel using your client ID.
And that’s it. You should now be set and October 1st will pass without a hitch.
For the Auron E-mail Component
If you’re an Auron E-mail Component customer your component version should be 6.0 or higher with either a professional or distribution license. If you’re not on version 6.0 yet you’ll have to upgrade.
Before upgrading please read the release notes of version 6.0 for an overview of the changes and the upgrade instructions.
If you’re on version 6.0 you can make use of the new OAuth2 object. This object helps you authenticate with OAuth2 and helps you renew your bearer token.
Authenticate with OAuth2
Authenticating with OAuth2 is the process of navigating the user to the Microsoft login page and obtaining your bearer token and refresh token.
For this you’ll need to know which end-point URL’s and which scope values to configure. For Microsoft Office 365 we’ve documented those values here.
You’ll also need to know that Office 365 only allows desktop applications to use the ‘Device code flow’. The OAuth2 object only supports authentication for desktop applications.
Refreshing your bearer token
The OAuth2 object can help you with refreshing your bearer token. This works in the background and does not need any user interaction. You can use this in web-applications as well as desktop applications.
The E-mail component examples now include a lot of OAuth2 related working examples.
With these examples and the new OAuth2 object you’ll be able to upgrade your applications and have October 1st pass without a hitch!