Greetings,
we are a bunch of happy users of iTOP, but we are facing a problem: from October 2022, Microsoft is going to disable IMAP Auth, allowing only IMAP OAuth2 to be used to connect to a mailbox(1); actually is the same for SMTP either, but there are some ways to avoid that problem.
Is there any plan to implent OAuth in the near future?
BR,
Giorgio
Hello,
Yes indeed !
A prototype is currently under evaluation in one of our client infrastructure. The new extension version should be out this summer.
If you want to give it a try, the code isn't currently public, I'll ask if that can change.
Hello Pierre,
sure, I would be interested in that :D
BR,
Giorgio
Combodo internal ref : NĀ°2504
Same here :)
Probably relevant: https://wiki.php.net/todo/ext/imap/xoauth2
Last edit: Jeffrey Bostoen 2022-04-20
Hello,
Product team agreed to make the new module repo public !
You can try the future 3.6.0 version of the Mail To Ticket extension but cloning the following repo on their main branch head :
Feedbacks are welcome !
Hello Pierre,
thanks a lot!
So we need to download and install the last versions of the packages you mentioned above from github, right?
Giorgio
Yes, you'll need to clone each repo and copy those directories to /extensions in an iTop instance to install them as extension module.
Thank you very much!
Q: what is so specific about O365 (compared to Google)?
Not sure sorry :/
Some O365 URLs are hardcoded, and it relies on a specific library ( TheNetworg\OAuth2\Client\Provider\Azure )
I also noticed a hardcoded redirect URI to localhost
Interesting work! I also noticed the comment about a package which then mentions it's used instead of PHP's IMAP extension. Is the goal to move away altogether (also for regular IMAP connections) from the PHP IMAP extension? Is there a short analysis to share when it comes to performance or perhaps (still missing some support at this point?) compared to the PHP IMAP extension?
Last edit: Jeffrey Bostoen 2022-04-21
Hello Pierre!
Just found an error: in the composer.json is missing this dependency: "doctrine/dbal": "^2.12.1" in the O365 package
I have just created a PR in the repo ;)
Giorgio
AAAAAAAAAnd I'm stuck again, but this time I'm not able to understand the error:
This happens when I try to click the authorization button.
Attached the screenshot of the configuration, but it seems straight forward... And there is nowhere indicated the RedirectURI that I have to configure in Azure
I don't know if this is related to your error, but it might help other people with similar stack trace.
In the stack trace we can see that the module directories are "itop-o365-email-synchro-main" and "combodo-email-synchro-master", the "-main" and "-master" at the end should be there.
I assume that on the GitHub repo you hit the "Download" button on the home page, this downloads the source files for the current git branch and creates the zip file on the fly. When you unzip it, the folder is named "<repo_name>-<branch_name>", so when you unzip it, you need to remove the branch name from the folder, otherwise it might cause some troubles.
(When downloading from iTop Hub, things are already named correctly)</branch_name></repo_name>
So long story short, you need to rename the module directories and run the setup again:
- "itop-o365-email-synchro-main" => "itop-o365-email-synchro"
- "combodo-email-synchro-master" => "combodo-email-synchro"
- and probably the same thing for "combodo-cmdbchange-cleaner" and "itop-standard-email-synchro
"
Hope this helps,
Guillaume
EDIT: this is a.... (look at the picture!)
Ok, I feel stupid....
That was the case..... Fortunally not so stupid to have 2 problems for the same cause :D
The later one is still appearing with the same error.
Giorgio
Last edit: Giorgio Maggiolo 2022-04-21
Should we take the main/master branches?
In itop-o365-email-synchro, I notice there's at some point a query of MailInboxStandard with protocol 'imap_oauth', but I don't see this in top-standard-email-synchro or combodo-email-synchro?
Also another thing I'm wondering about in the logic: is the combination of server and login unique enough, or should the iTop mailbox object's ID be passed to the constructor of IMAPOAuthEmailSource? I realize having the token stored with the first found mailbox might suffice in most cases; but also: some users may for a variety of reasons have multiple mailbox records configured (status: active/inactive; specific settings such as inbox or target folders, ...). Might make more sense to store a token per mailbox configuration (even if pointing to the same mailbox?)
Last edit: Jeffrey Bostoen 2022-04-21
Last problem for the evening: the standard portal has broken (me sad)...
OK, resolved the problem of the wrong name of the folder, now I have tried to authenticate the client and....
Hello,
Sorry we don't have much answers right now : the "itop-o365-email-synchro" new module was made a while ago as a prototype, and the R&D team had too much to deal with 3.0.0 and 3.0.1 to integrate the new module :/
But one of our dev took a look, and we will discuss next week on adding OAuth both for SMTP (notifications) and POP/IMAP (Mail To Ticket extension).
We will keep you informed !
Thanks for the update Pierre!
Hope to get some feedback on the questions from 2022-04-21 as well :)
Hi Pierre,
could you please update the target version? And by the way, is there any update at all? :)
BR,
Giorgio
Hi Giorgio, sorry for the delay in responding,
We have completed a new prototype for OAuth authentication that supports Gmail/Azure for SMTP, IMAP, and POP3.
We're in the process of integrating it into the iTop 2.7 branch and releasing a new repository for the mail to ticket oauth module, and as soon as we have a usable product, we'll let you know (I can't really give you an estimate, but it'll most likely be in days rather than weeks).
Regards
Stephen
Hi Stephen,
thanks a lot! Is the new plugin also available for iTop 3.0?
BR,
Giorgio
Yes indeed!
We built our prototype on iTop 3.1 developement branch and overall it should be compatible with iTop 2.7, 3.0 and 3.1!
Stephen