Wiki source code of OAuth
Last modified by Aurelie Bertrand on 2025/11/14 11:59
Hide last authors
| author | version | line-number | content |
|---|---|---|---|
 |
32.1 | 1 | {{toc/}} |
| 2 | |||
| 3 | ---- | ||
| 4 | |||
| |
36.1 | 5 | SMTP authentication via OAuth for sending email involves using the OAuth 2.0 protocol to secure access to the Google (smtp.gmail.com) or Microsoft SMTP server without the need to use a traditional password. |
| 6 | So instead of your email address and password, an OAuth access token is used to authenticate you to the SMTP server. | ||
| |
1.1 | 7 | |
| |
36.1 | 8 | To configure OAuth, you need to retrieve your client credentials. |
| |
22.2 | 9 | |
| |
36.1 | 10 | Once OAuth authentication has been configured, you can use it to configure your [[email server>>doc:Digdash.deployment.configuration.configuration_guide.email.WebHome]]. |
| |
22.2 | 11 | |
| |
36.1 | 12 | = Obtaining client identifiers{{id name="client"/}} = |
| |
1.1 | 13 | |
| |
36.1 | 14 | OAuth authentication is available for Google and Microsoft. |
| 15 | Find out how to retrieve your client credentials below. | ||
| |
22.2 | 16 | |
| |
19.1 | 17 | == Google OAuth == |
| 18 | |||
| |
1.2 | 19 | (% class="box infomessage" %) |
| 20 | ((( | ||
| |
36.1 | 21 | ℹ For more information, see the documentation [[Using OAuth 2.0 for Web server applications>>https://developers.google.com/identity/protocols/oauth2/web-server?hl=fr]]. |
| |
1.2 | 22 | ))) |
| 23 | |||
| |
36.1 | 24 | In the case of Google, proceed as follows: |
| |
30.1 | 25 | |
| |
36.1 | 26 | 1. Sign in to [[Google Console Cloud>>https://console.cloud.google.com/]] and create a new project. |
| 27 | 1. Open the project and go to **API & Services > oAuth Consent Screen** to configure the project. | ||
| 28 | 1. Then go to the **Clients** page from the navigation menu. | ||
| 29 | 1. Click **Create Client**. | ||
| 30 | 1. On the **Create an OAuth Client ID** page, complete the required fields: | ||
| 31 | 1*. In the **Application type** field, select **Web application**. | ||
| 32 | 1*. Enter a client name. | ||
| 33 | 1*. In the **Allowed forwarding URI** section, click **Add URI **and enter the URI in the form: | ||
| |
13.1 | 34 | //http:~/~/localhost:8080/ddenterpriseapi/v2/oauth/redirect// |
| |
36.1 | 35 | 1. Click **Create**. |
| 36 | ➡ The OAuth client is created. This gives you the client's identifier and secret code. | ||
| 37 | 1. Copy them so that you have them for the DigDash configuration. | ||
| |
6.2 | 38 | |
| |
20.1 | 39 | == Microsoft OAuth == |
| 40 | |||
| |
21.1 | 41 | (% class="box infomessage" %) |
| 42 | ((( | ||
| |
36.1 | 43 | ℹ For more information, see the documentation [[OAuth 2.0 and OpenID Connect with Microsoft identity platform>>https://learn.microsoft.com/fr-fr/entra/identity-platform/v2-oauth2-client-creds-grant-flow]]. |
| |
21.1 | 44 | ))) |
| |
20.1 | 45 | |
| |
36.1 | 46 | In the case of Microsoft, proceed as follows: |
| |
31.1 | 47 | |
| |
36.1 | 48 | 1. Connect to the [[Azure Portal>>https://portal.azure.com]]. |
| 49 | 1. In the navigation menu, go to **Microsoft Entra ID**//(or Azure Active Directory//). | ||
| 50 | 1. Click on **Application Registrations** and then on **New Registration** to create a new application. | ||
| 51 | 1. Fill in the required fields: | ||
| 52 | 1*. **Name**: enter a name to identify your application (e.g. ddenterpriseapi). | ||
| 53 | 1*. **Supported account types**: choose who will be able to connect: | ||
| 54 | 1**. Accounts in this directory only//(single tenant//) | ||
| 55 | 1**. Accounts in all directories//(multi-tenant//) | ||
| 56 | 1**. Personal Microsoft accounts | ||
| 57 | 1*. **Redirection URI**: add the authorised redirection URI, for example: | ||
| |
21.2 | 58 | //http:~/~/localhost:8080/ddenterpriseapi/v2/oauth/redirect// |
| |
36.1 | 59 | 1. Confirm by clicking **Save**. |
| 60 | 1. Once the application has been registered, retrieve your identifiers: | ||
| 61 | 1*. **Application ID (client)**:** corresponds **to Client ID. | ||
| 62 | 1*. **Directory ID (tenant)**:** corresponds **to the Microsoft tenant. | ||
| 63 | 1. In the left-hand menu, open **Certificates and secrets**, then click on **New client secret**. | ||
| 64 | 1*. Give a description, choose a validity period, then click OK. | ||
| 65 | 1*. Copy the generated secret immediately (it will not be displayed afterwards). | ||
| 66 | 1*. This secret corresponds to the **Client Secret**. | ||
| |
20.1 | 67 | 1. ((( |
| |
36.1 | 68 | In **API Permissions**, configure the permissions required for your application (e.g. User.Read, Mail.Read). |
| 69 | Some permissions may require **administrator consent**. | ||
| |
20.1 | 70 | ))) |
| 71 | |||
| |
36.1 | 72 | = Configure OAuth authentication = |
| |
6.2 | 73 | |
| |
36.1 | 74 | Once you have retrieved your credentials, you can configure OAuth authentication. To do this |
| |
24.1 | 75 | |
| |
36.1 | 76 | 1. Go to the **Configuration > Server Parameters > Additional Paramaters> OAuth** page. |
| 77 | 1. Select the **OAuth Provider**:** Google **or** Microsoft**. | ||
| 78 | 1. In the case of Microsoft, fill in the **Tenant **field with the directory ID (tenant) retrieved earlier. | ||
| 79 | 1. The URL fields are filled in by default and greyed out. | ||
| 80 | 1. Enter the **Client ID** and **Client Secret** obtained previously. | ||
| 81 | 1. In the **Authorized redirect URI** field, enter the URI in the form: | ||
| |
14.1 | 82 | //http:~/~/localhost:8080/ddenterpriseapi/v2/oauth/redirect// |
| |
36.1 | 83 | 1. The **Refresh token** field will be filled in automatically once OAuth has been used for the email server. |
| 84 | 1. Click **Save**. | ||
| 85 | ➡ You can now use OAuth for your email server. | ||
| 86 | See the page [[Email server>>doc:Digdash.deployment.configuration.configuration_guide.email.WebHome]] page for more details. | ||
| 87 | [[image:OAuth_EN.png||alt="OAuth"]] |