[Tutorial] Connecting Frappe/ERPNext to Microsoft 365 mail services OAuth

Khushal · August 10, 2023, 8:44am

But for that I need to disable security defaults that is not possible.
and it’s mandatory to enable SMTP AUTH ?

avc · August 10, 2023, 10:05am

Hi:

You can enable SMTP AUTH for specific mailbox

Khushal · August 17, 2023, 9:24am

@avc Thank you for the help now it’s working

ophl55 · August 22, 2023, 1:11pm

First of all: Thanks for the straight forward turorial!

I followed the guide but I’m still receiving an error when I try to enable Outgoing Mails.
On saving the Email Account I receive the following error message:

Here the Traceback:

Traceback (most recent call last):
  File "apps/frappe/frappe/email/smtp.py", line 111, in session
    Oauth(_session, self.email_account, self.login, self.access_token).connect()
  File "apps/frappe/frappe/email/oauth.py", line 48, in connect
    self._connect_smtp()
  File "apps/frappe/frappe/email/oauth.py", line 75, in _connect_smtp
    self._conn.auth(self._mechanism, lambda x: self._auth_string, initial_response_ok=False)
  File "/usr/local/lib/python3.10/smtplib.py", line 662, in auth
    raise SMTPAuthenticationError(code, resp)
smtplib.SMTPAuthenticationError: (451, b'4.7.0 Temporary server error. Please try again later. PRX5

Do you have any ideas what might be the cause of that error?

avc · August 22, 2023, 3:36pm

I’ve never faced this error, but …

Take a look here.

ophl55 · August 23, 2023, 9:41am

@avc Thanks for the hint. It worked out to authenticate with a user that has only the role “Global Admin”.

I now receive the error 535 5.7.3 Authentication unsuccessful while trying to enable outgoing email for a shared mailbox.

Traceback (most recent call last):
  File "apps/frappe/frappe/email/smtp.py", line 111, in session
    Oauth(_session, self.email_account, self.login, self.access_token).connect()
  File "apps/frappe/frappe/email/oauth.py", line 48, in connect
    self._connect_smtp()
  File "apps/frappe/frappe/email/oauth.py", line 75, in _connect_smtp
    self._conn.auth(self._mechanism, lambda x: self._auth_string, initial_response_ok=False)
  File "/usr/local/lib/python3.10/smtplib.py", line 662, in auth
    raise SMTPAuthenticationError(code, resp)
smtplib.SMTPAuthenticationError: (535, b'5.7.3 Authentication unsuccessful [FR0P281CA0179.DEUP281.PROD.OUTLOOK.COM 2023-08-23T09:34:01.401Z 08DBA2DDBD7BF410]')

UPDATE:

This error could be resolved by following the procedure described by @rmeyer in [Tutorial] Connecting Frappe/ERPNext to Microsoft 365 mail services OAuth - #6 by rmeyer

avc · August 23, 2023, 9:55am

Hi @ophl55:

Maybe should activate SMTP for your mailbox.

ophl55 · August 23, 2023, 9:57am

Yes, SMTP is enabled for single mailboxes as decribed earlier in this post.

Thanks for your help. Now it is working as expected.

mindcry · October 4, 2023, 10:30am

Hi @avc,

thanks for the tutorial. It took some time to get it working, but now i can send E-Mails via MS365 and oauth. But it only works for personal accounts. I would like to additionally add an account like jobs@example.org and allow several users to send via this e-mail. I created a new user for jobs@ and authorized this email for this user. But other users can’t see this email-account. With smtp and basic-auth this was possible.

Can anyone give me a hint how to setup e-mail accounts with oath for shared mailboxes/emails?

Regards

Kevin

avc · October 4, 2023, 11:00am

Hi @mindcry:

I think it’s related to “Send on behalf” permission

Check this, please:

Hope this helps.

mindcry · October 4, 2023, 12:02pm

Hi @avc,

thanks. Your tip helped me fixing the issue. It works now

Do you have an idea how long the authorisation lasts? Do we have to frequently reauthorize by clicking on “Authorize API Access”?

Regards

Kevin

sumeet_sharma · October 5, 2023, 4:13am

In my case the redirect uri shows http instead of https due to which it shows error AADSTS50011: The redirect URI ‘http://********/api/method/frappe.integrations.doctype.connected_app.connected_app.callback/ef8fae62a1’ specified in the request does not match the redirect URIs configured for the application ‘3d52677d-a705-471e-8265-915c78ad871e’. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal.

Please help me it really urgent

avc · October 5, 2023, 7:26am

Hi @sumeet_sharma sumeet:

Are you pointing to the right M365 registration app?

sumeet_sharma · October 5, 2023, 7:27am

Yes, I am doing it correctly

sumeet_sharma · October 5, 2023, 7:28am

The issue is with the Connected App where the redirect URI is showing http instead of https.

sumeet_sharma · October 5, 2023, 7:28am

avc · October 5, 2023, 12:41pm

Hi @sumeet_sharma:

Maybe connected app was created before install ssl certificate?
Check your host name in site_config.json, maybe is not https …

Create connected app again or change redirect_uri value directly on db, something like this:

update `tabConnected App`
set redirect_uri="https://yourredirecturi ..." where name="yourappname"

(be careful)

Hope this helps.

sumeet_sharma · October 6, 2023, 6:33am

In host name site_config.json, its https:// only

avc · October 6, 2023, 6:42am

Ok, set host_name as “https://yoursite.com” and try to create connected app again. redirect_uri gets host_name from site_config

sumeet_sharma · October 6, 2023, 12:09pm

I have done everything now its working but while clicking on authorize API Access, it says the page cannot be displayed or refuse to connect.