A new authentication type “OAuth 2.0” has been added to the IMAP, POP, and SMTP Settings section on the Email Settings window.
Note: All OAuth2.0 setting information used in Stat is obtained from their respective providers, such as Microsoft, and Gmail, the Azure portal, Active Directory, and Office365 Administrators.
If the “OAuth2.0” option is selected, then the OAuth details button will be enabled as shown in the above screenshot. The Password field will be disabled for the Settings section if the “OAuth2.0” option is selected.
Clicking on the “OAuth2.0 Detail” button, the user can enter details as shown in the snapshot below.
Please obtain these details from the respective service provider.
Please note: Stat Administrator should get the below details from OAuth server Administrator/Email Administrator.
| Resource Provider | Please mention the resource provider. For example, it can be Google or Microsoft, etc. |
| Prompt | Permissible Values: none, consent, select_account. It could be optional for any of the resource providers. |
| Client ID | This is generated by the resource provider. To use OAuth 2.0 we need an OAuth 2.0 client ID, which our application uses when requesting an OAuth 2.0 access token. |
| Client Secret | This is generated by the resource provider. It is a secret used by the OAuth Client to Authenticate to the Authorization Server. |
| Authorization EndPoint URL | The URL where authorization to use OAuth 2.0 is started. |
| Token EndPoint URL | The URL where the requests for refresh tokens are sent. STAT will periodically update the tokens as they have an expiry. |
| Redirect URL | The Redirect URL is saved on the provider side. Once the Test Connect is clicked, the user authorizes an application. The authorization server will redirect the user back to the STAT application with an authorization code. |
| Scope | The list of OAuth 2.0 scopes required for the authorization. Space is the delimiter. |
| Additional Information | Any additional information to be added |
After saving the data the user will click on test connect and the process will continue to generate an authorization code. A browser shall open up with an email login page and you will be asked for your credentials. Once the authentication is successful then it will generate the auth code.
If the user gives the correct input then the authorization code will be generated and sent to STAT Central Agent for verification then the user will be able to get a successful connection message.
After a successful connection to SMTP Server, we can test sending emails.
After a successful connection to the POP Server, we can test receiving emails using the POP server.
After a successful connection to IMAP Server, we can test receiving emails using the IMAP server.
The list of ports to be remained open.
The server will connect to one of these available ports. Please make sure one of these ports is available on the server where the Central agent is running.
8888,8889,8890,8891,8892
An alternate way to test connect through the web client
Once the data is saved for the server, please do a Test Connect from the web client. Here are the steps to apply OAuth2.0 settings for the Gmail server:
● In Win client, Go to Maintenance>Email Settings
● Select OAuth2 in the Authentication type.
● Click the OAuth2 details button and fill in all relevant details of the server.
● Click apply and ok
● Enter details in server, user, port, and security settings.
● Click Apply
● Go to web client >Test Connect>E-mail server-> Email Test
● Do a Test Connect to the respective server connection.
● If Test Connect is successful, it will generate the token which will be used for connecting with the server while sending/receiving mails.
Open Web application->Test connect->Email server and select the IMAPS, POP3S, or SMTP server which needs to be tested and click on ‘Test Selected’ to check if IMAPS is working.
Flow Diagram for OAuth 2.0
IMAP, POP, and SMTP Notification for Refresh Token Expire -
OAuth 2.0 uses access tokens and refresh tokens. Access tokens have a short lifetime as compared to refresh tokens. Once access tokens expire, a refresh token is used to renew the access token without asking the user to log in again. Refresh tokens usually have a more extended validity period, depending on the configuration of the OAuth2.0 server. The refresh token can expire for one of the following reasons: -
- Refresh Token Expiration (Refresh token has passed the validity period)
- Credential expiration or change in user credentials
- Client key and secret expiration / Change in client key and secret key
- The user has revoked application access.
When the refresh token expires notification/mail will be sent to Admin for that particular service domain to re-connect. The Email will be sent once per day until the admin user re-establishes the connection on the Email settings windows for the IMAP, SMTP, and POP servers. Currently, the email is sent to all the users who have access to the Email settings window to reconnect if the refresh token has expired.
In Case when SMTP Refresh Token Expires then the Email cannot be sent because the SMTP transmits electronic mail over the internet, so without SMTP we cannot send Emails.
For that reason, STAT is notifying the User through the Notification Popup below-
The highlighted text is the service domain name.
The Alert Popup behavior/ functionality is –
1. The Alert Popup will appear when the user login into the STAT Window Client once a day.
2. This Alert Popup will contain the Refresh Token Expire detail for all the Service Domains.
3. Popup will ask users to either Acknowledge or Snooze the Alert.
4. In case of User snoozes it then this Alert will pop up the next day when the user logs into STAT again.
5. If the user Acknowledges it then this Alert will not appear the next time when users login in the next day.
6. The Popup will appear every day at the time of STAT Login until the user Acknowledge it.
.png)
