Module OAuth
| OAuth | |
|---|---|
| Numero/ID of module | |
| User doc. of module | This page |
| Developer doc. of module | |
Introduction
The OAUth module is a technical module that allow you to create and manage OAuth2 connections with an external system. Alone this module is useless. But once you have created OAuth2 connections, you can reuse them in some other modules, for example:
- for SMTP email sending
- for the IMAP EMail collector
- for some external modules
- for the Google SSO Login authentication (see Authentication,_SSO_and_SSL#googleoauth)
Installation
This module is included with the Dolibarr distribution, so there is no need to install it.
Setup
Creation of the OAuth entry
This is the first step. You must create an entry and choose the permission the according to the purpose the OAuth entry will be used for. This is some examples of value you can use according to OAuth provider and goal of the entry. Try to create 1 entry for each different purpose.
For SMTP access
This is example of setup if you plan to use the OAuth token to send emails.
For Google
Client ID / Secret ID: See chapter External documentation.
Scope: Choose the scope gmail_full
For Microsoft Office365
Client ID / Secret ID: See chapter External documentation.
Tenant: The ID of the tenant provided by Microsoft. Example: 123456ab-1234-5678-abdc-12345678abcd
Scope: Choose the scope: offline_access + outlook.office365.com/SMTP.Send. Scope email can also be added but seems not mandatory. Don't forget to also allow this permissions in Azure setup
It if fails, choose: outlook.office.com/.default
For IMAP access
This is example of setup if you plan to use the OAuth token to read your email box with the email collector.
For Google
Client ID / Secret ID: See chapter External documentation.
Scope: Choose the scope gmail_full
For Microsoft Office365
Client ID / Secret ID: See chapter External documentation.
Tenant: The ID of the tenant provided by Microsoft. Example: 123456ab-1234-5678-abdc-12345678abcd
Scope: Choose the scope: offline_access + outlook.office365.com/IMAP.AccessAsUser.All. Scope email can also be added but seems not mandatory. Don't forget to also allow this permissions in Azure setup
It if fails, choose: outlook.office.com/.default
For SSO Login
This is example of setup if you plan to use the OAuth provider to login. Note that for this purpose, creating the OAuth entry is enough, no need to generate the token.
For Google
Name of the entry: "Login" (The text "Login" with L uppercase. You must use this entry string for SSO Login. No other name is possible).
Client ID / Secret ID: See chapter External documentation.
Scope: Choose the scope openid and email
You must also modify you dolibarr conf file to use SSO Login with Google OAuth. See page Authentication,_SSO_and_SSL.
For Microsoft Office365
Not yet available ! Will probably be ...
Client ID / Secret ID: See chapter External documentation.
Tenant: The ID of the tenant provided by Microsoft. Example: 123456ab-1234-5678-abdc-12345678abcd
Scope: Choose the scope openid and email
Generation of the token
Note: If the goal if the OAuth entry is to be used for SSO Login, you don't need to generate the token.
Once your OAuth entry has been created, you can switch on the second tab to generate and get your OAuth token. This token will then be used by the other modules or features (for example, to send email using SMTP or to read emails using IMAP).
External documentation
This is some documentation on how to setup your external system to allow an OAuth2 connection. This may help you to find how to get your Client ID and Secret ID to create your OAuth entry in Dolibarr.
For Microsoft
See https://afterlogic.com/mailbee-net/docs/OAuth2Office365NonInteractive.html and https://learn.microsoft.com/fr-fr/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth
Tutorial to register an application and create a secret ID:
A thread in forum is also available related to use of OAuth2 for SMTP and IMAP: https://www.dolibarr.org/forum/t/oauth-office-365-and-email-collector/23437