Content
View differences
Updated by Hagen Mahnke 11 months ago
**As** an administrator a \[enter role of user\]
**I want to** configure OAuth client credentials \[enter objective\]
**so that** I can use the inbound email feature with IMAP servers that support the OAuth client credentials flow - for example Microsoft Exchange. \[enter desired result\]
The inbound emails feature is not usable with a Microsoft Exchange email server without this!
**Acceptance criteria**
* Auth method can be chosen from
* Basic Auth (username & password)
* OAuth
* When OAuth is chosen it's possible to either
* Custom:
* enter client\_id, client\_secret, token\_url and scope
* Use existing OpenID provider configuration
* choose from list of existing OpenID provider
* Bonus: Pre-fill known values when specific email servers are chosen
* When choosing OAuth the following options are shown
* Microsoft Exchange
* Use existing OpenID provider configuration
* Custom
* When choosing Microsoft Exchange, pre-fill
* token\_path (NOT URL) `/oauth2/v2.0/token`
* We'd need to make it obvious that the admin needs to set the full URL, maybe it's better not to pre-fill this at all.
* scope [`https://outlook.office.com/IMAP.AccessAsUser.All`](https://outlook.office.com/IMAP.AccessAsUser.All)
<br>
**Technical notes**
* Use [client credential flow](https://www.oauth.com/oauth2-servers/access-tokens/client-credentials/)
<br>
**Permissions and visibility considerations**
* When an existing OpenID provider _To whom is chose, we'll request a token from the OAuth Client chosen provider and inject the scope required for IMAP access
this feature visible?_
* Question: How do we store the correct scope to inject for this flow? The OpenID provider _When is configured with some scopes, but we'll need different scopes to get the emails via IMAP. Those scopes are it not (completely) standardised, so users will need to be able to set them.
**Permissions and visibility considerations**
* Administrators visible?_
**Translation considerations**
* Don't translate
* _Basic auth_
* _OAuth_
* _Client ID_
* Client secret
* Token URL
* Scope
_Key terms and phrases in the key languages_
**Out of scope**
* OAuth with authorization code flow for OAuth, as used by Gmail <br>
_Set the_ **To be informed/consulted teams** _field to include all teams necessary to be informed of the changes._
**I want to** configure OAuth client credentials
**so that** I can use the inbound email feature with IMAP servers that support the OAuth client credentials flow - for example Microsoft Exchange.
The inbound emails feature is not usable with a Microsoft Exchange email server without this!
**Acceptance criteria**
* Auth method can be chosen from
* Basic Auth (username & password)
* OAuth
* When OAuth is chosen it's possible to either
* Custom:
* enter client\_id, client\_secret, token\_url and scope
* Use existing OpenID provider configuration
* choose from list of existing OpenID provider
* Bonus: Pre-fill known values when specific email servers are chosen
* When choosing OAuth the following options are shown
* Microsoft Exchange
* Use existing OpenID provider configuration
* Custom
* When choosing Microsoft Exchange, pre-fill
* token\_path (NOT URL) `/oauth2/v2.0/token`
* We'd need to make it obvious that the admin needs to set the full URL, maybe it's better not to pre-fill this at all.
* scope [`https://outlook.office.com/IMAP.AccessAsUser.All`](https://outlook.office.com/IMAP.AccessAsUser.All)
* Use [client credential flow](https://www.oauth.com/oauth2-servers/access-tokens/client-credentials/)
**Permissions and visibility considerations**
**Permissions and visibility considerations**
* Administrators
**Translation considerations**
* Don't translate
* _Basic auth_
* _OAuth_
* _Client ID_
* Client secret
* Token URL
* Scope
* OAuth with authorization code flow for OAuth, as used by Gmail
_Set the_ **To be informed/consulted teams** _field to include all teams necessary to be informed of the changes._