[Tutorial] Connecting Frappe/ERPNext to Microsoft 365 mail services OAuth

But for that I need to disable security defaults that is not possible.
and it’s mandatory to enable SMTP AUTH ?

Hi:

You can enable SMTP AUTH for specific mailbox

@avc Thank you for the help now it’s working

2 Likes

First of all: Thanks for the straight forward turorial!

I followed the guide but I’m still receiving an error when I try to enable Outgoing Mails.
On saving the Email Account I receive the following error message:

image

Here the Traceback:

Traceback (most recent call last):
  File "apps/frappe/frappe/email/smtp.py", line 111, in session
    Oauth(_session, self.email_account, self.login, self.access_token).connect()
  File "apps/frappe/frappe/email/oauth.py", line 48, in connect
    self._connect_smtp()
  File "apps/frappe/frappe/email/oauth.py", line 75, in _connect_smtp
    self._conn.auth(self._mechanism, lambda x: self._auth_string, initial_response_ok=False)
  File "/usr/local/lib/python3.10/smtplib.py", line 662, in auth
    raise SMTPAuthenticationError(code, resp)
smtplib.SMTPAuthenticationError: (451, b'4.7.0 Temporary server error. Please try again later. PRX5 

Do you have any ideas what might be the cause of that error?

I’ve never faced this error, but …

Take a look here.

@avc Thanks for the hint. It worked out to authenticate with a user that has only the role “Global Admin”.

I now receive the error 535 5.7.3 Authentication unsuccessful while trying to enable outgoing email for a shared mailbox.

Traceback (most recent call last):
  File "apps/frappe/frappe/email/smtp.py", line 111, in session
    Oauth(_session, self.email_account, self.login, self.access_token).connect()
  File "apps/frappe/frappe/email/oauth.py", line 48, in connect
    self._connect_smtp()
  File "apps/frappe/frappe/email/oauth.py", line 75, in _connect_smtp
    self._conn.auth(self._mechanism, lambda x: self._auth_string, initial_response_ok=False)
  File "/usr/local/lib/python3.10/smtplib.py", line 662, in auth
    raise SMTPAuthenticationError(code, resp)
smtplib.SMTPAuthenticationError: (535, b'5.7.3 Authentication unsuccessful [FR0P281CA0179.DEUP281.PROD.OUTLOOK.COM 2023-08-23T09:34:01.401Z 08DBA2DDBD7BF410]')

UPDATE:

This error could be resolved by following the procedure described by @rmeyer in [Tutorial] Connecting Frappe/ERPNext to Microsoft 365 mail services OAuth - #6 by rmeyer

1 Like

Hi @ophl55:

Maybe should activate SMTP for your mailbox.

Yes, SMTP is enabled for single mailboxes as decribed earlier in this post.

Thanks for your help. Now it is working as expected. :slight_smile:

1 Like

Hi @avc,

thanks for the tutorial. It took some time to get it working, but now i can send E-Mails via MS365 and oauth. But it only works for personal accounts. I would like to additionally add an account like jobs@example.org and allow several users to send via this e-mail. I created a new user for jobs@ and authorized this email for this user. But other users can’t see this email-account. With smtp and basic-auth this was possible.

Can anyone give me a hint how to setup e-mail accounts with oath for shared mailboxes/emails?

Regards

Kevin

Hi @mindcry:

I think it’s related to “Send on behalf” permission

Check this, please:

Hope this helps.

1 Like

Hi @avc,

thanks. Your tip helped me fixing the issue. It works now :wink:

Do you have an idea how long the authorisation lasts? Do we have to frequently reauthorize by clicking on “Authorize API Access”?

Regards

Kevin

In my case the redirect uri shows http instead of https due to which it shows error AADSTS50011: The redirect URI ‘http://********/api/method/frappe.integrations.doctype.connected_app.connected_app.callback/ef8fae62a1’ specified in the request does not match the redirect URIs configured for the application ‘3d52677d-a705-471e-8265-915c78ad871e’. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal.

Please help me it really urgent

Hi @sumeet_sharma sumeet:

Are you pointing to the right M365 registration app?

Yes, I am doing it correctly

The issue is with the Connected App where the redirect URI is showing http instead of https.

Hi @sumeet_sharma:

Maybe connected app was created before install ssl certificate?
Check your host name in site_config.json, maybe is not https …

Create connected app again or change redirect_uri value directly on db, something like this:

update `tabConnected App`
set redirect_uri="https://yourredirecturi ..." where name="yourappname"

(be careful)

Hope this helps.

In host name site_config.json, its https:// only

Ok, set host_name as “https://yoursite.com” and try to create connected app again. redirect_uri gets host_name from site_config

I have done everything now its working but while clicking on authorize API Access, it says the page cannot be displayed or refuse to connect.