Replies: 10 comments 6 replies
-
Yes. Microsoft uses exactly the same mechanism as Google, just with different params. The key setup script provided with PHPMailer handles Microsoft already, so read the code and use that. |
Beta Was this translation helpful? Give feedback.
-
Note firstly that Steve Maguire’s ‘provider’ Stevenmaguire\OAuth2\Client\Provider\Microsoft was apparently written for Windows Live Mail (see for example the WLM scopes in get_oauth_token.php) and has had little maintenance since then. Jan Hajek’s thenetworg/oauth2-azure is still under active development and works well with PHPMailer. We use it on all our websites. You will almost certainly run into the traps that MSFT have unintentionally left for the unwary, and they seem to have made things difficult for the developer; perhaps they just wanted to get everyone using MSAL and Graph! It is worth noting, that – unlike Google – MSFT now revoke refresh tokens after 90 days maximum and client secrets after 2 years maximum. Neither PHPMailer nor League oauth2-client provide refresh token refreshment, even though a new refresh token is optionally available from the endpoint when each access token is acquired. Note finally that the more elegant way to authorise a backend service such as PHPMailer is with client credentials grants rather then the more general authorization_code grants. In June, MSFT announced client_credentials grant support for IMAP and POP but not SMTP. I queried this with MSFT and Steve Taylor of the Exchange team confirmed to me that this is still work in progress. Adding PHPMailer support for client credentials grants involves a minor update to the OAuth.php only; TheLeague’s oauth2-client already supports it. |
Beta Was this translation helpful? Give feedback.
-
So, I have tried some of the sample code, and receive |
Beta Was this translation helpful? Give feedback.
-
I think I found a work around in the OAuth
public function __construct($options) I pass the useremail/username and the token . |
Beta Was this translation helpful? Give feedback.
-
When using XOUTH2 and the token, is it the same token you get for the entire APP that was built in Azure? If so do we need to add in the tenet information? This appears that it should be pretty easy, but I can't get the auth process to work |
Beta Was this translation helpful? Give feedback.
-
Ducking why you want to authorize with an existing access token instead of letting a ‘provider’ plus TheLeague’s OAuth2 code do it for you using a refresh token, it is worth confirming that your ‘good’ access token really is good. It will help if you could provide the decoded token (if the token is still 64-based, debase with e.g. base64decode.org, followed by a token decode with e.g. jwt.ms or jwt.io) with anything sensitive redacted. If the ‘aud’ field is 00000003-0000-0000-c000-000000000000 (i.e. Graph) instead of https://outlook.office.com/ authorization will fail. You also need an ‘scp’ of SMTP.Send. |
Beta Was this translation helpful? Give feedback.
-
Another dump question - Looking at the stevenmaguire](https://github.com/stevenmaguire) The redirectUri is that something on my local machine that I need to have for a token or something like office.outlook.com/SMTP.Send |
Beta Was this translation helpful? Give feedback.
-
For provider, use Jan Hajek’s Azure. If not: Then:
Then
The redirectURI must be EXACTLY the same as the redirectURI you specify to AAD when setting up the app, similar to that shown in get_oauth_token.php in the PHPMailer code example. It is the URL of your PHP script that MSFT's authorization server returns to with an authorization code and is usually the same script that called the authorization server. Note finally that your SMTP server should be: 'smtp.office365.com' |
Beta Was this translation helpful? Give feedback.
-
I would like to thank everyone for input and help. I would like to close this out, I wasn't able to get this working and looking at the permissions from the decoded Token, I just don't don't see it available. I will look at other options like Microsoft Graph Thank you all again for the help |
Beta Was this translation helpful? Give feedback.
-
Anyone looking for solutions for Azure, please take a look at this. |
Beta Was this translation helpful? Give feedback.
-
I've seen a few posts that discuss Google's OAuth, is their something for Microsoft? I already have a process to get email, but the sending processing is a little crazy. I like PHPMailer's easy interface and if I can just change a few lines of code it would be a but easier than trying to re-create all of my emailing pages.
Beta Was this translation helpful? Give feedback.
All reactions