[Tutorial] Connecting Frappe/ERPNext to Microsoft 365 mail services OAuth

ophl55 · August 23, 2023, 9:41am

@avc Thanks for the hint. It worked out to authenticate with a user that has only the role “Global Admin”.

I now receive the error 535 5.7.3 Authentication unsuccessful while trying to enable outgoing email for a shared mailbox.

Traceback (most recent call last):
  File "apps/frappe/frappe/email/smtp.py", line 111, in session
    Oauth(_session, self.email_account, self.login, self.access_token).connect()
  File "apps/frappe/frappe/email/oauth.py", line 48, in connect
    self._connect_smtp()
  File "apps/frappe/frappe/email/oauth.py", line 75, in _connect_smtp
    self._conn.auth(self._mechanism, lambda x: self._auth_string, initial_response_ok=False)
  File "/usr/local/lib/python3.10/smtplib.py", line 662, in auth
    raise SMTPAuthenticationError(code, resp)
smtplib.SMTPAuthenticationError: (535, b'5.7.3 Authentication unsuccessful [FR0P281CA0179.DEUP281.PROD.OUTLOOK.COM 2023-08-23T09:34:01.401Z 08DBA2DDBD7BF410]')

UPDATE:

This error could be resolved by following the procedure described by @rmeyer in [Tutorial] Connecting Frappe/ERPNext to Microsoft 365 mail services OAuth - #6 by rmeyer

avc · August 23, 2023, 9:55am

Hi @ophl55:

Maybe should activate SMTP for your mailbox.

ophl55 · August 23, 2023, 9:57am

Yes, SMTP is enabled for single mailboxes as decribed earlier in this post.

Thanks for your help. Now it is working as expected.

mindcry · October 4, 2023, 10:30am

Hi @avc,

thanks for the tutorial. It took some time to get it working, but now i can send E-Mails via MS365 and oauth. But it only works for personal accounts. I would like to additionally add an account like jobs@example.org and allow several users to send via this e-mail. I created a new user for jobs@ and authorized this email for this user. But other users can’t see this email-account. With smtp and basic-auth this was possible.

Can anyone give me a hint how to setup e-mail accounts with oath for shared mailboxes/emails?

Regards

Kevin

avc · October 4, 2023, 11:00am

Hi @mindcry:

I think it’s related to “Send on behalf” permission

Check this, please:

Hope this helps.

mindcry · October 4, 2023, 12:02pm

Hi @avc,

thanks. Your tip helped me fixing the issue. It works now

Do you have an idea how long the authorisation lasts? Do we have to frequently reauthorize by clicking on “Authorize API Access”?

Regards

Kevin

sumeet_sharma · October 5, 2023, 4:13am

In my case the redirect uri shows http instead of https due to which it shows error AADSTS50011: The redirect URI ‘http://********/api/method/frappe.integrations.doctype.connected_app.connected_app.callback/ef8fae62a1’ specified in the request does not match the redirect URIs configured for the application ‘3d52677d-a705-471e-8265-915c78ad871e’. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal.

Please help me it really urgent

avc · October 5, 2023, 7:26am

Hi @sumeet_sharma sumeet:

Are you pointing to the right M365 registration app?

sumeet_sharma · October 5, 2023, 7:27am

Yes, I am doing it correctly

sumeet_sharma · October 5, 2023, 7:28am

The issue is with the Connected App where the redirect URI is showing http instead of https.

sumeet_sharma · October 5, 2023, 7:28am

avc · October 5, 2023, 12:41pm

Hi @sumeet_sharma:

Maybe connected app was created before install ssl certificate?
Check your host name in site_config.json, maybe is not https …

Create connected app again or change redirect_uri value directly on db, something like this:

update `tabConnected App`
set redirect_uri="https://yourredirecturi ..." where name="yourappname"

(be careful)

Hope this helps.

sumeet_sharma · October 6, 2023, 6:33am

In host name site_config.json, its https:// only

avc · October 6, 2023, 6:42am

Ok, set host_name as “https://yoursite.com” and try to create connected app again. redirect_uri gets host_name from site_config

sumeet_sharma · October 6, 2023, 12:09pm

I have done everything now its working but while clicking on authorize API Access, it says the page cannot be displayed or refuse to connect.

sumeet_sharma · October 9, 2023, 5:44am

While clicking on Authorize API Access it displays

Thomas_Stocco · December 29, 2023, 9:14pm

I am bogged down at this section in ERP where I need to get an OPENID configuration. Where is this with the cloud base software?

jroyDC · March 6, 2024, 6:18pm

Looking for a little assistance.
I managed to get all the steps done up to 2.b.7 (Create An Email Account), but when creating the Email Account, I don’t get the option to “Authorize API Access” button, it’s simply not there.
Am I doing something wrong that would cause the API Button to not appear?

avc · March 6, 2024, 6:24pm

Hi @jroyDC:

Link to connected app and user, save and button must be shown …

Hope this helps.

kevco97 · April 15, 2024, 6:19pm

Hello @avc,

i disable SMTP Auth within mailflow setting but get these error?
What can i do to fix these issue? If i only enable IMAP within mail account settings for specific User i don´t get any error.

Regards
Kevin