Introduction
To provide modern authentication approach (Microsoft Graph API) as Microsoft plans to disable basic authentication as per this advisory Basic Authentication and Exchange Online – September 2021 Update - Microsoft Tech Community, and it may impact mail sending flow in ICI.
Once Microsoft disables basic authentication, users need to change basic authentication configuration to avoid disruption in mail sending functionality. A new config key “Platform.Email.ProviderConfiguration” is added to capture the MailKit and Microsoft Graph API configuration for sending mail.
Prerequisites
As a part of this feature, users need to add a key to capture the configuration required for Mailkit and Microsoft Graph API approach.
1. Microsoft Graph API implementation in the case of O365/Exchange Online -
For email authentication, the Microsoft Authentication Library (MSAL) defines two types of clients: public and confidential. ICI falls under confidential client apps like Web App, Web API, and Daemon services.
Below is the list of configurations required for this approach
- Client ID: The application (client) ID that the Azure Portal-App registration page has assigned to the app.
- Tenant ID
- Redirect URI: The redirect URI of the app where authentication responses can be sent and received by the app.
- Client Secret: The client secret that was generated for the app in the Azure portal.
- User Email (that will act as an "Email From" to send emails) with an Office 365 subscription.
2. MailKit implementation-
For the customers who need STARTTLS as a default option to send mail, they need to configure SecureSocketOptions, where default value is STARTTLS. This value can be changed as per requirement with the following configurations.
SecureSocketOptions : This option will include integer value which will correspond to its respective socket option.
- EmailUserName
- EmailPassword
- EmailFromAddress
- EmailServerName
- EmailServerPort
- EmailOverride
- EmailFromAddress
- UseDefaultEmailFromAddress
Configuration
A new key “Platform.Email.ProviderConfiguration” will capture respective configurations for MailKit and Microsoft Microsoft Graph API provider. The default value for this key will be empty string.
The existing key “Core.Tasks.SendEmail.EmailServerType” will be continued to send mail for SMTP and EWS, even after Microsoft disables basic authentication along with other providers. Once the new key value is set, it will take precedence over the existing key and user will be able to send mail via MailKit and Microsoft Graph API.
Adding new key –
{
"Id": "8BCDF64C-51F2-4509-B244-82A726E42CE6",
"IsEncrypted": false,
"OverrideType": "Overridable",
"ValueType": "System.String, mscorlib, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089",
"Value": "",
"Description": "This key is to manage mail sending functionality in valid JSON format",
"DefaultValue": null,
"IsReadOnly": false,
"ErrorMessageDescription": null,
"Name": "Platform.Email.ProviderConfiguration"
}
Value of the key when Microsoft Graph API is the provider -
"Value": "
{
"provider": "GRAPH",
"configuration": {
"TenantId": Tenant Id to be provided by user,
"ClientId": Client Id to be provided by user,
"ClientSecret": Client Secret to be provided by the user,
"EmailId": email address to be provided,
"Name": Username to be provided by user,
"EmailOverride ": to be provided by user (not mandatory and can be “None” or email address)
}
}
Note -
- With this approach email will be sent from Email-Id mentioned in the configuration of GRAPH provider only. This Email-Id is a part of same Azure tenant with Outlook E5 License (or any Outlook license having mailbox access).
- Following keys will be considered from new key “Platform.Email.ProviderConfiguration” and not from the existing json file
- Value of the key when Malkit is the provider -
"Value": "
{
"provider": "MAILKIT",
"configuration": {
"SecureSocketOptions": 3,
"EmailUserName": "apikey",
"EmailFromAddress": "test@icertis.com",
"EmailServer.Port": "2525",
"EmailServer": "smtp.sendgrid.net",
"EmailPassword": "qDrDRn1JUDAvpySINUWDM/898xqkyg9J3OCoSoXA+UDytH",
"EmailOverride": test@icertis.com,
"UseDefaultEmailFromAddress": true,
}
}
Detailed explanation of keys present in configuration of MailKit
Once this configuration is set then the email provider will be MailKit, and user can send mail with the help of this configuration. Existing functionalities like the creation of notification with subscription, sending or receiving mail will have no change and will continue to work as it is.
- Core.Tasks.SendEmail.EmailServerType
- EmailServer
- EmailServer.Port
- EmailUserName
- EmailPassword
- EmailOverride
- EmailFromAddress
- UseDefaultEmailFromAddress