Seeking Guidance on Transitioning to OAuth 2.0 Authentication

[darinko]

Dear Forum Members,

I have been searching for information on transitioning to OAuth 2.0 authentication, but unfortunately, I haven't found a definitive answer. We currently have Exchange hybrid accounts linked with our system, and I am wondering if it is possible to retain our existing email settings for the time being while testing OAuth 2.0 with a test account.

The primary goal is to ensure that our employees can continue sending emails to our standard "servicedesk" address, which will still route the emails to our OTRS system. Meanwhile, I would like to test OAuth 2.0 authentication using a test user account, without disrupting our daily operations.

If anyone has experience or knowledge in this area, I would greatly appreciate your insights and advice.

Thank you for your assistance!

[skullz]

A good start will here https://www.znuny.org/en/blog/modern-au ... -microsoft

[darinko]

Hi there,

Thank you for the instructions. My question is, if I follow all the steps, can I still use the authentication method in parallel with the new OAuth 2?

I appreciate your help.

[zzz]

Hey,

Yes, you can use basic auth and OAuth 2.0 accounts at the same time.

— Emin

[darinko]

Hi guys,

Following the steps from the Modern Authentication with Microsoft blog, I managed to set up the token. However, after 1 or 2 hours, the token expired. I'm not sure if that's okay or not. On the other hand, under the refresh token status, there is a message that the refresh token is valid without an expiry date. Is that correct?
The second problem that I have is that after trying to add a new postmaster email address, I have no option to choose the authentication type. I saw a similar problem here:viewtopic.php?f=62&t=43905&p=178095&hil ... pe#p178095
ut couldn't find any solution.

Do you have any idea maybe? How could I solve this problem?

Thanks in advance!

Best regards,
Darko

[root]

Hi,

Following the steps from the Modern Authentication with Microsoft blog, I managed to set up the token. However, after 1 or 2 hours, the token expired. I'm not sure if that's okay or not. On the other hand, under the refresh token status, there is a message that the refresh token is valid without an expiry date. Is that correct?

Yes, this is correct. Just disable the first notification for the token. As long as the refresh token is valid, you're good.

The second problem that I have is that after trying to add a new postmaster email address, I have no option to choose the authentication type. I saw a similar problem here:viewtopic.php?f=62&t=43905&p=178095&hil ... pe#p178095
ut couldn't find any solution.

Do you have any idea maybe? How could I solve this problem?

Looks like you have kept some old customer files in the system. Which files are inside of the folder Custom and which add-ons do you have installed?

- Roy

[darinko]

Hi Roy,

thanks for the quick response.

Good to know that the token is working correctly.

Regarding the files in the custom folder, I'm not able to check it now as I can't connect to the server at the moment. I will check it on Monday and let you know what I found there.

I have the following add-ons installed:

add-ons znuny.PNG

Thanks for your help!

Best regards,
Darko

[root]

Hi,

I've no idea how you've done it. But the add-on MailAccount-Oauth2 looks suspicious to me. Such a functioniality is built in, probably this is your problem. You should verify that all add-ons are required for Znuny LTS 6.5 and also designed for it.

- Roy

[darinko]

"Hi Roy,

Thank you for your help again. The update was performed by an external partner, and I'm not sure about the specifics of how they did it or what exactly they did. I'm going to check with them. Would you take a look at the custom folder anyway?

Regards,
Darko

[root]

"Hi Roy,

Thank you for your help again. The update was performed by an external partner, and I'm not sure about the specifics of how they did it or what exactly they did. I'm going to check with them. Would you take a look at the custom folder anyway?

Yes, It would check the folder and the system at all. Any issues showed when running an support assessment?

- Roy

[darinko]

Hi Roy,

here are the custom files:

custom files.PNG

Can I run the support assessment during work hours? A lot of colleagues are using the ticket system now, and I don't want to create any problems.


Thanks!


Regards,
Darko

[zzz]

Hello Darko,

We (Efflux) have initially developed the MailAccount-OAuth2 add-on for older versions of OTRS, Znuny and other forks. If you're using Znuny 6.5, you should delete that extensions, as it overwrites some core functions. But make sure that you create a back-up of your systems, your mail accounts and your current OAuth configuration that comes with the add-on.

— Emin