OAuth2 authentication: from 2021 the protocol becomes mandatory

[Update]: Microsoft officially disables simple authentication, the full article at this: link

In 2021, Microsoft and Google will end support for authentication via username and password for IMAP and POP3 services, making it necessary to use the OAUTH 2.0 protocol for downloading mail. However, support for the SMTP protocol is not currently expected to end.

The end of support initially scheduled for June 2020, in light of the recent events related to COVID-19, has been extended to 2021 to give companies more time to comply with the new protocol.

OAuth 2.0: what is it

OAuth 2.0 simply abbreviated to OAuth2 is the second version of the OAuth protocol. It is a standard protocol designed to work with the HTTP protocol and which has the following objectives:

  • authorize third party software (such as ((OTRS)) Community edition) without having to transmit username and password
  • authorize third-party software to access only certain information, approved by the user

Authorization takes place by means of a token, issued by a mediator server offered by the chosen provider, which the third-party application can use to use the necessary service.

This allows you to manage the communication between the application and the provider without using the user’s password. The latter is required only at the time of generating the token and, the form in which to insert it, is offered in a protected manner by the mediator server, making transactions safer.

The end user can revoke the permissions given to the third-party application at any time through the management console of their account.

oauth 2.0 logo

The mandatory switch to OAuth2

To ensure better security in their mail services, Google and Microsoft are carrying out a massive migration to OAUTH 2.0, forcing all third-party applications that use IMAP and POP3 protocols to adapt to this system.

According to what was communicated by both Microsoft and Google at the moment there are no certain dates for the passage, which will most likely be communicated in the coming months, the certain thing is that unless last-minute changes are made, the obligation to adapt to the OAuth protocol will be triggered. over the course of 2021.

OAuth2: the ((OTRS)) Community edition add-on

((OTRS)) Community edition does not provide a system to allow the download of e-mails via the OAUTH 2.0 protocol, making it soon impossible to open tickets via e-mail for all users who use Cloud services from Microsoft or Google. To overcome this problem, we at Rexpondo have developed the  REXOAuth2 plugin to be able to adapt your platform and be able to continue using tickets via email. To use the plugin, the platform administrator will have to generate access data on the Google or Microsoft administration console in order to identify their application on the mediator server. Furthermore, if integration with other providers is necessary, the Rexpondo team can also support you in these phases.
REXOAuth2 is already available free of charge for all users who have activated our Rexpondo cloud service by choosing the cloud installation of ((OTRS)) Community edition.

What you can do with REXOAuth2

REXOAuth2 allows you to use the OAuth 2.0 protocol to authorize e-mail download services and most of the services offered by providers such as SSO (Single Sign On) authentication with external provider accounts.

Do you need further information?