Wiki source code of OAuth
Last modified by Aurelie Bertrand on 2025/11/14 11:59
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | {{toc/}} | ||
| 2 | |||
| 3 | ---- | ||
| 4 | |||
| 5 | SMTP authentication via OAuth for sending email involves using the OAuth 2.0 protocol to secure access to the Google (smtp.gmail.com) or Microsoft SMTP server without the need to use a traditional password. | ||
| 6 | So instead of your email address and password, an OAuth access token is used to authenticate you to the SMTP server. | ||
| 7 | |||
| 8 | To configure OAuth, you need to retrieve your client credentials. | ||
| 9 | |||
| 10 | Once OAuth authentication has been configured, you can use it to configure your [[email server>>doc:Digdash.deployment.configuration.configuration_guide.email.WebHome]]. | ||
| 11 | |||
| 12 | = Obtaining client identifiers{{id name="client"/}} = | ||
| 13 | |||
| 14 | OAuth authentication is available for Google and Microsoft. | ||
| 15 | Find out how to retrieve your client credentials below. | ||
| 16 | |||
| 17 | == Google OAuth == | ||
| 18 | |||
| 19 | (% class="box infomessage" %) | ||
| 20 | ((( | ||
| 21 | ℹ For more information, see the documentation [[Using OAuth 2.0 for Web server applications>>https://developers.google.com/identity/protocols/oauth2/web-server?hl=fr]]. | ||
| 22 | ))) | ||
| 23 | |||
| 24 | In the case of Google, proceed as follows: | ||
| 25 | |||
| 26 | 1. Sign in to [[Google Console Cloud>>https://console.cloud.google.com/]] and create a new project. | ||
| 27 | 1. Open the project and go to **API & Services > oAuth Consent Screen** to configure the project. | ||
| 28 | 1. Then go to the **Clients** page from the navigation menu. | ||
| 29 | 1. Click **Create Client**. | ||
| 30 | 1. On the **Create an OAuth Client ID** page, complete the required fields: | ||
| 31 | 1*. In the **Application type** field, select **Web application**. | ||
| 32 | 1*. Enter a client name. | ||
| 33 | 1*. In the **Allowed forwarding URI** section, click **Add URI **and enter the URI in the form: | ||
| 34 | //http:~/~/localhost:8080/ddenterpriseapi/v2/oauth/redirect// | ||
| 35 | 1. Click **Create**. | ||
| 36 | ➡ The OAuth client is created. This gives you the client's identifier and secret code. | ||
| 37 | 1. Copy them so that you have them for the DigDash configuration. | ||
| 38 | |||
| 39 | == Microsoft OAuth == | ||
| 40 | |||
| 41 | (% class="box infomessage" %) | ||
| 42 | ((( | ||
| 43 | ℹ For more information, see the documentation [[OAuth 2.0 and OpenID Connect with Microsoft identity platform>>https://learn.microsoft.com/fr-fr/entra/identity-platform/v2-oauth2-client-creds-grant-flow]]. | ||
| 44 | ))) | ||
| 45 | |||
| 46 | In the case of Microsoft, proceed as follows: | ||
| 47 | |||
| 48 | 1. Connect to the [[Azure Portal>>https://portal.azure.com]]. | ||
| 49 | 1. In the navigation menu, go to **Microsoft Entra ID**//(or Azure Active Directory//). | ||
| 50 | 1. Click on **Application Registrations** and then on **New Registration** to create a new application. | ||
| 51 | 1. Fill in the required fields: | ||
| 52 | 1*. **Name**: enter a name to identify your application (e.g. ddenterpriseapi). | ||
| 53 | 1*. **Supported account types**: choose who will be able to connect: | ||
| 54 | 1**. Accounts in this directory only//(single tenant//) | ||
| 55 | 1**. Accounts in all directories//(multi-tenant//) | ||
| 56 | 1**. Personal Microsoft accounts | ||
| 57 | 1*. **Redirection URI**: add the authorised redirection URI, for example: | ||
| 58 | //http:~/~/localhost:8080/ddenterpriseapi/v2/oauth/redirect// | ||
| 59 | 1. Confirm by clicking **Save**. | ||
| 60 | 1. Once the application has been registered, retrieve your identifiers: | ||
| 61 | 1*. **Application ID (client)**:** corresponds **to Client ID. | ||
| 62 | 1*. **Directory ID (tenant)**:** corresponds **to the Microsoft tenant. | ||
| 63 | 1. In the left-hand menu, open **Certificates and secrets**, then click on **New client secret**. | ||
| 64 | 1*. Give a description, choose a validity period, then click OK. | ||
| 65 | 1*. Copy the generated secret immediately (it will not be displayed afterwards). | ||
| 66 | 1*. This secret corresponds to the **Client Secret**. | ||
| 67 | 1. ((( | ||
| 68 | In **API Permissions**, configure the permissions required for your application (e.g. User.Read, Mail.Read). | ||
| 69 | Some permissions may require **administrator consent**. | ||
| 70 | ))) | ||
| 71 | |||
| 72 | = Configure OAuth authentication = | ||
| 73 | |||
| 74 | Once you have retrieved your credentials, you can configure OAuth authentication. To do this | ||
| 75 | |||
| 76 | 1. Go to the **Configuration > Server Parameters > Additional Paramaters> OAuth** page. | ||
| 77 | 1. Select the **OAuth Provider**:** Google **or** Microsoft**. | ||
| 78 | 1. In the case of Microsoft, fill in the **Tenant **field with the directory ID (tenant) retrieved earlier. | ||
| 79 | 1. The URL fields are filled in by default and greyed out. | ||
| 80 | 1. Enter the **Client ID** and **Client Secret** obtained previously. | ||
| 81 | 1. In the **Authorized redirect URI** field, enter the URI in the form: | ||
| 82 | //http:~/~/localhost:8080/ddenterpriseapi/v2/oauth/redirect// | ||
| 83 | 1. The **Refresh token** field will be filled in automatically once OAuth has been used for the email server. | ||
| 84 | 1. Click **Save**. | ||
| 85 | ➡ You can now use OAuth for your email server. | ||
| 86 | See the page [[Email server>>doc:Digdash.deployment.configuration.configuration_guide.email.WebHome]] page for more details. | ||
| 87 | [[image:OAuth_EN.png||alt="OAuth"]] |