Configuring email provider with OAuth2 authentication

Note

OAuth 2.0 (Open Authorization) is a protocol designed to enable an application to access services provided by other applications on behalf of a user.

OAuth2 authentication involves three parts:

1. Service provider: the application that hosts the service to be used. In our case, this is an SMTP server hosted by an application external to RAC/M Identity (for example, Microsoft 365 or GMail).
2. Service user: Application that wants to use the provider's service. In our case, this is RAC/M Identity.
3. Authorized user: This is a user authorized to use the provider's service, and who will be impersonated by the application wishing to use this service.

Implementing OAuth2 authentication with the email server requires some steps to take place in the application providing the service and others to take place in the RAC/M Identity configuration file.

Configuring the service provider

The configuration required to enable OAuth2 authentication with the email server differs from one service provider to another. Consult the provider's documentation to get the correct parameters.

Configuring RAC/M Identity

The configuration is done in the config.properties file.

Configuration Key	Description
mail.auth.protocol	Set to oauth2 to use OAuth2 authentication.
mail.server.host	The hostname of the SMTP server.
mail.server.port	The port of the SMTP server.
mail.server.starttls.enable	Whether to use STARTTLS to secure the SMTP connection.
mail.server.user	The username to use for authentication.
mail.oauth2.token.url	The URL to get the OAuth2 token.
mail.oauth2.client.id	The client ID of the OAuth2 application.
mail.oauth2.client.secret	The client secret of the OAuth2 application.
mail.oauth2.scopes	The scopes to use for the OAuth2 authentication.
mail.option.sender	The email address to use as the sender of the emails. The provider may impose restrictions on the sender address.

INFO

See the Common parameters section for more information on the other parameters.