0 votes

Is it possible to trigger a webserver call for OAuth2 authentication IMAP accounts? Basically I want to store credentials and on a timer (using a windows service) fire requests from a webserver to check an IMAP account. We currently do this with other authentication methods with basic username/passwords.

by (210 points)
I should add one of the main concerns I have is a methodology to update my access token. I see from your OAuth2 sample it talking about access token expiry. Is this something that can be refreshed purely without a GUI in an automated fashion?

1 Answer

+1 vote

You need to perform OAuth2 authentication (including user interaction) store token and refresh token. Use token to access IMAP. Use refresh token when token expires. Raise error and somehow ask user for intervention when access is revoked.

You can find details here:

https://www.limilabs.com/blog/oauth2-gmail-imap-web-applications

https://www.limilabs.com/blog/oauth2-gmail-imap-installed-applications

Your other option is to use service account for example for Gmail:

https://www.limilabs.com/blog/oauth2-gmail-imap-service-account

by (301k points)
Is there no way to handle OAuth 2.0 in an unattended manner? Without user intervention? Is there a way to connect to Exchange without using IMAP basic auth for this purpose?
The workflow requiring user intervention is not suitable for our workflow. We want to run email IMAP checks via a service running 24x7 and without continually unblocking it with user interaction.
1. Use service flow if those are accounts in google domain.

2. For other OAuth scenarios: after initial log-in you obtain 2 tokens from google: access and refresh token. You can use refresh token to create a new access token if it expires, without user intervention.

3. You can also generate an application password and not use OAuth2 at all:

https://security.google.com/settings/security/apppasswords

(2-Step-Verification must be enabled to access this feature)
Yes sorry looking for Microsoft Exchange solutions not Google. Are there options there?
For Office365/Exchange:
https://www.limilabs.com/blog/oauth2-office365-exchange-imap-pop3-smtp

I believe they state that "OAuth2 client credentials grant" is not supported for IMAP/POP3/SMTP.
So token + refresh token or application passwords are the only options.
Thank you. Thought that may be the case :(
Does this token (OAuth2 client credentials grant flow) work with IMAP?
Probably not. I think you would use the token with the Microsoft Graph API to access mail that way.
https://docs.microsoft.com/en-us/graph/api/resources/mail-api-overview?view=graph-rest-1.0
So much for the standard protocols....
...