Hi:
To get connection between Frappe mail system and Microsoft365 mail services (formerly known as Office365) you will need:
Patience / faith
1. Requirements.
Update Frappe to v14.23.0 and above or v13.55.0 and above. Best option is most recent version, because some minor fixes are included.
You will need a frappe site running under https (or localhost on dev environments).
M365 account and admin privileges to manage OAuth
2. Microsoft 365 side:
On Azure AD admin you will need to create an App Registration, and configure here permissions, secrets, etc … Please, note that this kind of configuration could affect your data security.
2.a. App registration.
2.a.1 Access to your Azure Admin Portal
2.a.2 Use App registrations options
2.a.3 Create new registration. Don’t worry about URI redirects, we will configure it further.
2.a.4 Add permissions to the app registration. You will need IMAP.AccessAsUser.All and SMTP.Send from Microsoft Graph and IMAP.AccessAsApp from Office365 Exchange on line
After that, select each permission required and grant admin consent for them.
2.a.5 Copy the app client ID, is needed to configure Frappe side.
2.a.6 Create your secrets (keys). Copy the secret value (not the secret ID) (after this step this value will be not showed again). We will use this data further.
2.a.7 Get the OpenID configuration endpoint, we will need this in following steps.
On Frappe Side
2.b.1 Create a connected app (yoursite.com/app/connected-app) .
2.b.2 Copy the value of OpenID Configuration obtained before (2.a.7), and use “Get OpenID Configuration” button. this will get the endpoints urls. Now, fill Client ID (2.a.5) and secret value (2.a.6)
2.b.3 Add this scopes
https://outlook.office365.com/.default
offline_access
2.b.4 Copy the value “Redirect URI”
2.b.5 Use the Redirect URI value (2.b.4) and back to Registration App on M365 side, to add this url to authentication
2.b.6 Back on Frappe side connected app, use "Connect to “yourconnectedapp” button
Important: Use button “Connect” once logged on Frappe with the “final” user (not Administrator). At this point M365 will ask you for authorization.
2.b.7 Create an email account on Frappe and assign it to the “final” user.
Configure this way …
Important: Use button “Authorize API access” once logged on Frappe with the “final” user (not Administrator) .
Hope this helps!
(Note: This post will be edited with other contributions, probably there are a lot of scenarios and different configuration posibilities. Please, let me know if you find any wrong information)
OAuth for M365 is working thanks to the efforts of @revant_one, @ritwik, @ankush and others.