Emails with OAuth
Available from version 2.7.7 only!!!
From iTop 2.7.7, you get another type of Mailbox to connect to
Gmail and Azure using OAuth2.
To allow iTop to send email notification through a mail server using OAuth authentication, such as Microsoft Azure or Google Gmail, you must
create a new iTop
OAuth clientobject to put in place this connection,
and change a few entries in the Configuration file
iTop OAuth client
Get from Provider
You must first get the following information from you mail provider
login: which is in general your email address. It must be unique, you cannot create 2 OAuth clients with the same login.
client id: a long string of characters
client secret: another long string of characters
|For this, check their web site:||Microsoft - IMAP, POP & SMTP||Google - IMAP for Gmail|
Under the menu Configuration / OAuth client, create a
OAuth client object, .
Choose first if it is for Azure ou Gmail
|OAuth client||Usage of the field|
|Login||Your email address. If you have 2 OAuth
clients with the same login, only one can have the
|Provider||Hardcoded based on the type of OAuth client chosen|
|Redirect url||This url must be entered in OAuth2 configuration on the provider side, to authorize interactions between applications|
|Client id||a long string of characters provided by your OAuth2 provider|
|Client secret||another long string of characters provided as well by your OAuth2 provider|
|Used scope||Explicit which scope definition will be used. It's
|Scope||Select predefined scopes, which will be translated
according to the OAuth class (provider)
If you need other scopes, then use the
|Advanced scope||When predefined scopes are not
applicable/sufficient. Should be used with care by experts.
As soon as you enter something here it takes precedence on the
|Used for SMTP||At least one OAuth client must have this flag to “Yes”, if you want iTop to use it for sending mails (see configuration below)|
Once you have created it, you need to click on the action Generate Access Token
You may want to specify advanced urls, which aren't using the standard
Also the same information must be provided for Azure and Gmail, they use different connection protocols behind, which is why we have different class of object. In the future, other providers may come up with another OAuth implementation and a new iTop class will have to be developed for it.
Once you have created one or multiple OAuth clients, if one of
those clients is having a login which matches the Configuration
email_transport_smtp.username, then when
opening it, you see that it is the one used by iTop for sending
Then it is displayed with a grren color in the list
And a banner above the object indicate that this is the connection used to send emails from iTop
When opening the Test utility, you see immediately which transport method is used and then which login
And you can test your OAuth connection for sending emails
If you need to use also that OAuth connection to scan the mailbox for ticket creation, see the configuration required in the extension: Mail to ticket automation
For Gmail, you must do some stuff on your gmail account
Then on “See all settings”: Then choose tab “Forwarding and POP/IMAP”: And set this configuration:
Set the Debug mode for OAuth in the Configuration file
'log_level_min' => ['OAuth' => 'Debug'],