I had an application that checked an email address (cfmail tag) for expected information (in XML format), parsed that information, and then dumped it into a database. We were using basic authentication with O365. I believe their switch to OAuth has broken our system.
I am looking for resources,tutorials, and advice on how to implement an OAuth layer to our Lucee application that will allow us to check that email as before. I have spent some time Googling, but I am a little confused as to where to start.
It is possible to reenable basic authentication in O365 - https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-september/ba-p/3609437
However, this will only keep your application working until the end of 2022, when Microsoft will permanently disable Basic Authentication. We are also looking for a solution to accessing O365 email from Lucee.
Related
Sorry for a fuzzy newbie question but I didn't find a similar yet - maybe I'm just asking wrong..
I'm working on an open source Python application which reads and processes emails from given mailboxes using IMAP and SMTP (from various (self hosted) email providers, so a MS/Google specific implementation is not an option for me).
Currently I'm extending that application to support OAuth2 after Microsoft announced they will no longer support standard IMAP/SMTP authorization.
I found lot's of HowTos, tutorials and examples and managed to read/write mails using OAuth2 with GMail-servers now but I hope I just missed the recommended scenario for open source applications.
Currently I've set up a Google "Project" using tutorials I found in order to get ClientID and ClientSecret. Google told me it would cost me $15k to $75k to get my application verified, while Microsoft wants me to create an Azure/Identity Platform account and want's my telephone and credit card number in advance in order to bill me after 12 months.
Question: What am I supposed to provide with my application regarding OAuth2? I don't want to publish my ClientID/Secret do I? Does every user have to go through those registration procedures in order to access its mails using a command line script?
How to other open source mail-applications solve this issue? At least Thunderbird can authenticate with GMail (see https://www.supertechcrew.com/thunderbird-oauth2-gmail/) do they provide ClientID and -secret with the application?
Here is an old thread discussing the issue: https://groups.google.com/g/tb-planning/c/RRSPwp36bi0?pli=1
Disclaimer 2: I know this question sounds very obvious but I really didn't find a hint yet :)
I'm new to mautic. We have an java application that manages authentication of its users. It also support openid connect/ jwt/oauth flows. We are planning to use mautic as a separate server . How do I integrate my application with mautic? Seems like the mautic only support SAML for SSO. Does that mean our application now need to act as SAML IDP? Or is there a way to get mautic to support JWT/oauth/openid connect
Can you clarify why you need to authenticate users, will these all be people who will be working in the back-end of Mautic? Otherwise you won't need to use authentication for regular folk accessing resources or landing pages you create, they don't need to log in.
The developer documentation would be a good place to start for all things technical/development, which you can find here: https://developer.mautic.org/ - this includes information about authorisation and specifically OAuth which might be helpful: https://developer.mautic.org/#authorization.
You'll find some documentation on using the SAML function here if you're going that route: https://www.mautic.org/docs/en/authentication/saml.html
Happy to help if you get stuck!
I've been beating my head for hours on this request.
I have an on-premise installation of an Azure MultiFactor Authentication Server. I'm building a new ASP.Net MVC 5 application that will do an LDAP lookup for users in Active Directory (also on-premise) with no ADFS configured.
I've gone through the sdk for MFA Server and can easily enable SMS requests to be sent. I get the otp code from calling pf_auth.pf_authenticate(authParams, out otp, out callStatus, out errorId);
This works for test. But I need to direct this request to my on-site MFA Server. I can't find anything that tells me where I can set this value.
I know that if I login to a machine on that domain it automatically sends the SMS text to my phone and I can enter it into the next screen to complete a login (the default user portals set up with MFA). I would assume that this would possibly work when I call ValidateCredentials on my application's newly created PrincipalContext. But how do I submit the sms code without some sort of RequestId to synch up the communication.
I'm sorry if this doesn't make much sense. It's just all the examples I can find are for using MFA with a local ADFS. I only have Active Directory which is causing me to do the custom LDAP lookup.
Any help or direction is greatly appreciated.
OK, sorry for the delay in responding to this post. After getting no responses I moved on but have recently noticed that there have been 45+ views since my post and thought I should update for others who might be experiencing a similar issue.
Turns out that when using MFA on premise you can point multiple applications to a single MFA server, like Remote Access, VPN, etc.
However if you are attempting to setup a Web Application hosted on IIS you need to install a copy of the MFA server on the IIS server hosting the application.
When installing you can point to the existing MFA setup so that both machines are in the same configuration. This local install also adds a custom IIS Plugin that does the request interception and directs it through the MFA pipeline. If everything looks good the request is then forwarded to your web application like normal.
This is really pretty straight forward but the documentation for MFA setup was sorely lacking. Hopefully in the future there will be a decent sample app provided by Microsoft that demos this process using local MFA and not just the Azure hosted solution.
UPDATE: I failed to mention earlier that we want solution that will be flexible with authenticating users from within our databases or by asking other servers to tell us if the user is authenticated. It is also worth mentioning that these other servers are not under our control so we can't enforce a specific user model.
I had a long and hard read on OAuth and OpenID but they are both not a suitable solution for our situation and will make the process harder to the user. This is something that has been solved a thousand times, yet I cannot find the solution.
What we are looking for is a framework that can be used in a REST services server to authenticate users (no third-party clients involved) with their username and password.
The solution must not pass the username and password except the first time on login and use tokens for further authentication. Even though OAuth does use tokens, it is designed to allow third-party clients access to the service-providers resources. That is not the case here, the services are for our own application only, the only thing needed is user authentication.
What do you guys think is the most appropriate solution?
Configuration:
-Spring server that provides RESTful services with our thinking going towards using Spring Security with some user management and token management framework.
-iOS Device that will be making HTTPS calls to the server.
What we ultimately want is to have the device send a login request and receive a token if the login was successful, later on make requests using that token. Just like Facebook, excluding third-party involvement.
Is there something that is ready to be configured in our server? Or should we consider building our own token management, comparison and generation software?
Is using Spring-Security with an iOS application without involving storing cookies or redirecting to pages possible?
OpenStack offers as part of it's many projects related to open source cloud... the project Keystone. Which does this pretty much exactly what you want.
You might want to check it out here:
http://docs.openstack.org/developer/keystone/
I have been searching everywhere for a Java port of xoauth.py. As I really want to use the same authentication process in my java web app.
I have tried using the GoogleOAuthHelper to generate the token and secret but when I plugin them in to the google mail java sample, I get errors back saying invalid credentials.
If anyone can help I would be very appreciative. I have been stuck on this for sooo long now.
Have you tried the links on this page https://developers.google.com/google-apps/gmail/oauth_libraries
and
https://developers.google.com/google-apps/gmail/#oauth_access_to_imap_and_smtp
This is assuming that the service you want to access is gmail (since you tagged your question gmail). If you're looking to use a different service, (say Drive) then your starting point is the api console at https://code.google.com/apis/console