[Update]: Microsoft officially disables simple authentication, the full article at this: link
In 2021, Microsoft and Google will end support for authentication via username and password for IMAP and POP3 services, making it necessary to use the OAUTH 2.0 protocol for downloading mail. However, support for the SMTP protocol is not currently expected to end.
The end of support initially scheduled for June 2020, in light of the recent events related to COVID-19, has been extended to 2021 to give companies more time to comply with the new protocol.
OAuth 2.0: what is it
OAuth 2.0 simply abbreviated to OAuth2 is the second version of the OAuth protocol. It is a standard protocol designed to work with the HTTP protocol and which has the following objectives:
- authorize third party software (such as ((OTRS)) Community edition) without having to transmit username and password
- authorize third-party software to access only certain information, approved by the user
Authorization takes place by means of a token, issued by a mediator server offered by the chosen provider, which the third-party application can use to use the necessary service.
This allows you to manage the communication between the application and the provider without using the user’s password. The latter is required only at the time of generating the token and, the form in which to insert it, is offered in a protected manner by the mediator server, making transactions safer.
The end user can revoke the permissions given to the third-party application at any time through the management console of their account.
The mandatory switch to OAuth2
To ensure better security in their mail services, Google and Microsoft are carrying out a massive migration to OAUTH 2.0, forcing all third-party applications that use IMAP and POP3 protocols to adapt to this system.
According to what was communicated by both Microsoft and Google at the moment there are no certain dates for the passage, which will most likely be communicated in the coming months, the certain thing is that unless last-minute changes are made, the obligation to adapt to the OAuth protocol will be triggered. over the course of 2021.
OAuth2: the ((OTRS)) Community edition add-on
What you can do with REXOAuth2
REXOAuth2 allows you to use the OAuth 2.0 protocol to authorize e-mail download services and most of the services offered by providers such as SSO (Single Sign On) authentication with external provider accounts.