Emails with OAuth

Available from version 2.7.7 and 3.0.2 only!!!

From iTop 3.0.2, you get another type of Mailbox to connect to Gmail and Azure using OAuth2.

To allow iTop to send email notification through a mail server using OAuth authentication, such as Microsoft Azure or Google Gmail, you must

  1. create a new iTop OAuth client object to put in place this connection,
  2. and change a few entries in the Configuration file

iTop OAuth client

Get from Provider

You must first get the following information from you mail provider

  • login: which is in general your email address. It must be unique, you cannot create 2 OAuth clients with the same login.
  • client id: a long string of characters
  • client secret: another long string of characters
For this, check their web site: Microsoft - IMAP, POP & SMTP Google - IMAP for Gmail
For Microsoft Azure for now you must have a multi tenant application.

Configure iTop

Under the menu Configuration / OAuth client, create a new OAuth client object, .

Choose first if it is for Azure ou Gmail

OAuth client Usage of the field
Login Your email address. If you have 2 OAuth clients with the same login, only one can have the flag Used for SMTP to “Yes”
Status Computed status: no access token / Access token generated
Provider Hardcoded based on the type of OAuth client chosen
Redirect url This url must be entered in OAuth2 configuration on the provider side, to authorize interactions between applications
Client id a long string of characters provided by your OAuth2 provider
Client secret another long string of characters provided as well by your OAuth2 provider
Used scope Explicit which scope definition will be used. It's Simple by default and Advanced as soon as the field Advanced scope contains something
Scope Select predefined scopes, which will be translated according to the OAuth class (provider)
If you need other scopes, then use the Advanced mode instead
Advanced scope When predefined scopes are not applicable/sufficient. Should be used with care by experts.
As soon as you enter something here it takes precedence on the Scope selection which is then ignored.
Used for SMTP At least one OAuth client must have this flag to “Yes”, if you want iTop to use it for sending mails (see configuration below)

Once you have created it, you need to click on the action Generate Access Token

Advanced configuration

You may want to specify advanced urls, which aren't using the standard

Also the same information must be provided for Azure and Gmail, they use different connection protocols behind, which is why we have different class of object. In the future, other providers may come up with another OAuth implementation and a new iTop class will have to be developed for it.

Email sending

Once you have created one or multiple OAuth clients, if one of those clients is having a login which matches the Configuration parameter email_transport_smtp.username, then when opening it, you see that it is the one used by iTop for sending emails

Then it is displayed with a grren color in the list

And a banner above the object indicate that this is the connection used to send emails from iTop

Test it

When opening the Test utility, you see immediately which transport method is used and then which login

And you can test your OAuth connection for sending emails

If you need to use also that OAuth connection to scan the mailbox for ticket creation, see the configuration required in the extension: Mail to ticket automation

Gmail settings

For Gmail, you must do some stuff on your gmail account

First click here:

Then on “See all settings”: Then choose tab “Forwarding and POP/IMAP”: And set this configuration:

Troubleshooting

Set the Debug mode for OAuth in the Configuration file

Configuration
'log_level_min' => ['OAuth' => 'Debug'],
latest/admin/oauth.txt · Last modified: 2023/07/21 10:19 (external edit)
Back to top
Contact us