What is OAuth and why is it important?
OAuth is a standard for authentication, created as a response to the flaws present in Basic Authentication. Before we discuss the importance of OAuth, we need to review the problems with Basic Authentication that need to be solved. Basic Authentication works over HTTP by including a header with encoded credentials in each request. Since the credentials are encoded and not encrypted, they can be decoded by anyone listening to the request. Essentially the credentials are sent in clear text over HTTP. This issue can be alleviated by using SSL to encrypt the connection (HTTPS) but this would still be vulnerable to Man-in-the-Middle attacks. There is also the ongoing issue of credentials being sent in every request. Since the credentials are identical between requests, a single compromised request is enough to compromise the connection. These are problems that OAuth was designed to solve, along with improvements in the form of tokenized authentication.
OAuth works by using a token provider that distributes cryptographically signed tokens to end users, allowing the user to connect to any service configured to trust the token provider. This solves the issue of unsecure connections by using encrypted tokens and also solves the issue with re-used credentials, as each user session will generate a unique token. OAuth also allows the token provider to be connected with multiple services, permitting a user to sign into multiple services with a single set of credentials. This is commonly called Single Sign-On (SSO).
Why does this matter for Odoo?
As security improves it is important for less secure methods of communication to be replaced with newer, more secure methods. For Microsoft authentication this meant phasing out Basic Authentication. Basic Authentication was disabled in October 2022 and was replaced with OAuth. If you need to connect to Outlook to send and receive emails OAuth will be required. Here are the steps required to connect Outlook to Odoo using OAuth.
Setting up Outlook
Creating an Azure Application to provide OAuth keys
- First register a new App in Azure
- Setup the App
Name: Any name will work
Supported account types: Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Micrsoft accounts (e.g. Skype, Xbox)
Redirect URI: https://your_odoo_database_url.com/microsoft_outlook/confirm
- Save the App Client ID. Then click Add a certificate or secret
- Fill in the secret description and set an expiration date (a new secret will need to be created after the expiration)
- Save the Secret Value. Be sure to save the Value not the ID
- Go to API Permissions and add the permissions "IMAP.AccessAsUser.All" and "SMTP.Send"
- At this point the Azure App is configured. First; if your database is < v16 then you will need to install the microsoft_outlook module
- Next log in to your Odoo database and go to General Settings
- Enter the Client ID and the Secret Value that were saved from Azure
- Next is to configure an Outgoing and Incoming email server in Odoo. Ensure that you are in developer mode in Odoo. Under Settings go to: Technical->Outgoing Mail Servers and click create
- Enter a Description and select Outlook under Connection Information
- You will not need a password to connect with OAuth. Instead click Connect your Microsoft Account
- A Microsoft window will open allowing you to login to confirm the connection. Once you are logged in, the connection is complete for this mail server.
- Don't forget to configure an incoming mail server. Under Settings go to: Technical->Incoming Mail Servers and click create. The steps are the same as the Outgoing Mail Server setup.
This completes the setup for your Outlook mailbox in Odoo. You can rest easy knowing that your connection will be more secure thanks to OAuth!
Thanks for reading - feel free to contact us here if you have any questions or would like to learn more about Odoo.
- OERP Team