When will ERPNext support Microsoft Modern Authentication?

fouadq · October 17, 2022, 6:40am

Hi all,

After researching this topic for the last few months, and after working with Microsoft team personally on this issue, I found out that ERNext does not support Modern Authentication to allow ERPNext to connect to Office 365 emails and be able to send and receive emails. (Details are here: How modern authentication works for Office 2013 and Office 2016 client apps - Microsoft 365 Enterprise | Microsoft Learn)

Does anyone know if there is any plans for ERPNext to support this in the near future?

Appreciate your help.

Thanks
Fouad

revant_one · October 17, 2022, 7:12am

“Modern Authentication” as a spec is available as “Connected App”

https://frappeframework.com/docs/v14/user/en/guides/app-development/connected-app

Add Connected App: where you store the OAuth 2 client details.
Generate Token Cache: where active token is stored.
Use whitelisted functions and methods from connected_app.py and token_cache.py to generate, refresh and fetch the active token.

Once you have the token it can be used where applicable.

Connected app and Token cache can be used to in combination with frappe/oauth.py at develop · frappe/frappe · GitHub and frappe/email_account.py at develop · frappe/frappe · GitHub

I can see that access_token and refresh_token is stored on EmailAccount which can be removed and “Connected App” can be used.

fishter · October 20, 2022, 12:25pm

Microsoft have just turned off Basic Authentication on my Office365 instance.

How can I (using ERPNext’s hosted service on ERPNext v13.40) get email working again?

If the answer is not as simple as “click a button and follow the steps” then ERPNext cannot claim to be a mature product.

The answer above from u/revant_one is, I’m sure, a technically excellent answer, but it’s not something I can fully understand, or implement on the hosted service.

avc · October 20, 2022, 6:52pm

Hi:

You can revert to classic authentication (IMAP Basic Auth):

Exchange Admin Center , Help, Type in “Basic Auth”: Run diagnosis

Then: Enable IMAP

This will let you use basic auth until next January.

fishter · October 21, 2022, 7:03am

And after January…

Is there a roadmap for this feature? (I’m really looking for an answer from a dev on this )

fouadq · October 21, 2022, 11:43am

@fishter, from what I’ve been through the last few months, I’m afraid there isn’t an easy process for this. It’s apparently not supported out of the box yet. The only solution I haven’t tried is the one suggested by @revant_one, but this requires a developer, and I’m not one!

@avc, it won’t always work that easily (if it worked for you, then great), as I had to spend months with Microsoft support team to enable IMAP and basic auth for my org.

This is the reason for my post, I’m hoping this will trigger @rmehta and the team to work on it. Many organizations use O365 nowadays, and this is such a crucial feature. I love the platform with all what it has to offer, but if doesn’t work for me, I’ll have to (sadly) use another system and stop recommending ERPNext.

FHenry · October 21, 2022, 8:55pm

Hello @fouadq

May you should consider alternative mail service. For exemple hosting your own mail software (postfix,dovecot,etc…) and go for NextCloud as Collaborative workplace

I agree it’s not an easy part, but many service provider can offer you the same service base on less closed software.

The fact that Frappe do not provide Office 365 native connector is a sign that we should change for other more open source alternative, always to keep your independence. It will avoid problem, like now, when they decide to change without any consultation and consent from users the technical service access

avc · October 22, 2022, 9:47am

For most organizations, hosting your own mail service could be an insane nightmare …

I really understand this changes on Microsoft 365 auth system … there would be many security reasons to avoid basic auth connections. And this changes have been announced time ago. Google made something like this too.

I think that framework support for Microsoft 365 services is needed. So … Frappe maintainers probably have other many things in todo list, I completely understand it. … While develop this feature and integrate it properly seems is not easy task (IMHO)… What about to sponsor this? This is other way to contribute back.

We would are willing to. I think is doable if other people are willing too.
Regards.

gideonsimpliq · November 2, 2022, 6:18pm

I raised the same request over here:
Email authentication Oauth M365 / Exchange Online - ERPNext / User Forum - ERPNext Forum