[Tutorial] Connecting Frappe/ERPNext to Microsoft 365 mail services OAuth

HI @kevco97:

Check credentials and make sure SMTP AUTH is enabled for your tenant in M365 (Exchange) admin panel.

Hello @avc,

it´s enabled.

image

Regards
Kevin

Check if this mailbox (user) has smtp enabled too (email apps on user config)
image

@avc,

yes i have check.

Fixed that was the issue i was logged in on the MS365 Website with different User :smiley:

Thank you for your help.

Regards
Kevin

1 Like

Hello @rmeyer,

i have try but with some Sharedmailboxes i get these error.
What can i do?
With Personal Mailboxes everything is fine. Is it true that i need a license for shared mailboxes and SMTP Auth?
image

Regards
Kevin

I don’t know, sorry. Best check with Microsoft, I guess.

@rmeyer thank you for reply. I have fixed the issue.

Sharedmailboxes OAuth/SMTP Auth work without a license if i select the connected User and enter his e-mail to the alternative e-mail ID checkbox.
This User must have a valid MS365 license.

If the E-Mail Account is created within ERPNext the you should click on the Authorizie API Access Button and login to MS365 Account with the alternative E-Mail ID (not the Sharedmailbox Account).

The alternative E-Mail ID User should have permissions to access the Sharemailbox. Check your EAC Settings.

Then it´s possible to send E-Mail with Sharedmailbox.

Regards
Kevin

1 Like

Can any one help me to integrate Microsoft 365 mail services OAuth
i tried for 3 days but i didnt reach my goal
i will be thankful if anyone helps me to do it

I have made it far enough that the Microsoft 365 account sends mail out correctly, however I am still not receiving emails into the system. I’m not sure if there is a place to look for the incoming mail error logs, but I have added the scope IMAP, and authenticated correctly with Oauth.

Any ideas where I can narrow down why incoming mail isn’t showing? I like the idea of having contacts added automatically.

@oneadvent

You must configure this within E-Mail Account Settings.

If anyone reply to your offer or something like that it should be arrive within ERPNext.
It would be better if you configure the E-Mail Address within your customer.

Hi @avc,

Thanks for the tutorial.

When trying to add the application permission for Office365 Exchange Online, I cannot find it. When Googling, it apparently is because I haven’t got an Entra P2 / AAD P2 subscription. But that increases the per-user cost by 2x. This should be doable without having to upgrade to AAD P2, right?

Getting stuck here :frowning:

Also, when ignoring the above and then following all the steps, I get the following error when connecting the email account with the user:

AUTHENTICATE command error: BAD [b"[CLIENTBUG] syntax: expecting ‘p’, found ‘x’"]

Does that have to do with it, or is this something else?

Thanks for the help. Would love to receive guidance here.

Edit: after double-checking the email account settings (TLS/IMAP checkboxes). It seems like it works.

Tried the same steps you defined but there is a server error and more over there is some imap4.lib.error

From the connected app method i got this error:
Traceback (most recent call last):
File “apps/frappe/frappe/app.py”, line 114, in application
response = frappe.api.handle(request)
File “apps/frappe/frappe/api/init.py”, line 49, in handle
data = endpoint(**arguments)
File “apps/frappe/frappe/api/v1.py”, line 36, in handle_rpc_call
return frappe.handler.handle()
File “apps/frappe/frappe/handler.py”, line 49, in handle
data = execute_cmd(cmd)
File “apps/frappe/frappe/handler.py”, line 85, in execute_cmd
return frappe.call(method, **frappe.form_dict)
File “apps/frappe/frappe/init.py”, line 1768, in call
return fn(*args, **newargs)
File “apps/frappe/frappe/utils/typing_validations.py”, line 31, in wrapper
return func(*args, **kwargs)
File “apps/frappe/frappe/integrations/doctype/connected_app/connected_app.py”, line 172, in callback
frappe.throw(_(“Invalid state.”))
File “apps/frappe/frappe/init.py”, line 645, in throw
msgprint(
File “apps/frappe/frappe/init.py”, line 610, in msgprint
_raise_exception()
File “apps/frappe/frappe/init.py”, line 561, in _raise_exception
raise exc
frappe.exceptions.ValidationError: Invalid state.

Guide me whats the issue with it.

Hi,

thank you for the comprehensive instruction.
Unfortunatley I did not get it working, although I think it might be not Frappe related. But I need a second opionion for clarification. :wink:

When I am logged in as Administrator and navigate to E-Mail-Account and click on API Authorize button, I get the M365 Authentication presented. After that I get a Frappe window saying “The ressouce is not available”.

When I look into the Sign-In log of the M365 application: it says the login was successfull.

But what resource is meant here and how do I troubleshoot that?

I would be thankfull for any idea!

Best regards,
Marcus

you are trying to authorize api access with an admin user who is not registered the email setup. I got the same error at least when hitting the authorize api access button. solved by using an account connected to the setup to authorize, not admin user.

+20 1111817748
contact me on whatsapp i have the solution

Hey everyone, been having these problems as well. Managed to get a “no-reply” email working with M365, however my problem is that after a while (between 2h and 24h) it seems that the email account “loses” access to the API authorization, and I need to do the “Authorize API Access” loop again, otherwise it does not send out emails from Frappe. Any one has an idea about this?

Hi @PedroJACorreia:

Seems refresh token is not being generated …

Check your connected app doctype.

See this docs too:
https://frappeframework.com/docs/user/en/microsoft-email-oauth#service-principal-authentication

Hope this helps.

Hi avc, thanks for the quick reply.

Is there a way to force the token generation? Mine is being generated, but the problem persists; once I “Authorize API Access” in the email account menu for my no-reply account, it works just fine. But after a certain amount of time (1-2 hours) it seems to lose connection to M365 and asks for the “Authorize API Access” again. Doing it again makes it work again for a short time, then rinse and repeat.

image

I don’t have the “Authenticate as Service Princpal” checkbox as the documentation suggests. Is there something I’m missing?

image