Do you plan to support oauth2?

[boudinov]

This would be killer feature with the new Microsoft Security Defaults, where smpt auth is betting deprecated?

[304NotModified]

Is it supported in mailkit?

[304NotModified]

I guess something like this? https://github.com/jstedfast/MailKit/blob/master/GMailOAuth2.md#authenticating-with-the-oauth2-client-id-and-secret

What are the requirements? Should we use the Google.Apis.Auth also or the end user?

[304NotModified]

Closing this due to inactivity. Please let us know if this still an issue and please provide the requested info -
thanks!

[jlrouzies-mantu]

@304NotModified

This is a very old post, but I made a fork here with working implementation tested on Azure / Exchange Online

Feel free to try it, maybe it can be merged in the original code

[304NotModified]

@jlrouzies-mantu a cool!

I think the tests need some love (Assert.True(true) etc) 😅

[jlrouzies-mantu]

@jlrouzies-mantu a cool!

I think the tests need some love (Assert.True(true) etc) 😅

Well, not sure what else to try, we just need to make sure there is no exceptions (which would happen if you miss an information, or misconfigured your OAuth, mailbox, etc.). So I went with the simplest Assert if no exception

Testing the actual delivery in a mailbox would mean you have an actual public domain / email servers and more code that would try to find that email (GraphAPI, IMAP, POP ...), which seems overkill I think

[snakefoot]

I have some suggestions for API-names:

• ClientAuthId - Instead of ApplicationId
• ClientAuthSecret - Instead of SecretId
• ClientAuthTokenUrl - Instead of OAuthTokenUrl
• ClientAuthScope - Instead of OAuthScope
• CertificateFingerprint - Instead of SecretWindowsStoreCertificateThumbprint

[snakefoot]

Not a big fan of the Newtonsoft.Json-dependency. Found another approach here:

• https://intodot.net/sending-e-mails-through-gmail-with-oauth-in-net-with-mailkit/
• https://gist.github.com/vSzemkel/e1675b97af5577d76ee260bdfb8a415e

[snakefoot]

Maybe an idea could be to split the logic into 2 steps:

• First steps extends NLog MailKit-Target with SmtpAuthentication = SmtpAuthenticationMode.OAuth2 and new property Layout OAuth2Token.

Second step can then either be a wiki-page for how to resolve OAuth2-Token and assign into NLog GDC (Then one can assign OAuth2Token = "${gdc:authtoken}"). Alternative introduce new NLog LayoutRenderer called ClientAuthTokenLayoutRenderer with the following options:

• ClientAuthId - Instead of ApplicationId
• ClientAuthSecret - Instead of SecretId
• ClientAuthTokenUrl - Instead of OAuthTokenUrl
• ClientAuthScope - Instead of OAuthScope
• CertificateFingerprint - Instead of SecretWindowsStoreCertificateThumbprint

[snakefoot]

Created #227 as an example of Step 1. I guess Step 2 should provide links/examples for how to acquire OAuth-token for the different cloud-providers (Microsoft Azure / Google / Aws / etc.) and how to handle token-expiry.

[jlrouzies-mantu]

Sorry for late reply, quite busy at work, not sure when I'd have time to update my PR, but otherwise feel free to create your own branch / PR, I mostly wanted to show you it can be done :)

For the naming CertificateFingerprint - Instead of SecretWindowsStoreCertificateThumbprint

I'm not sure, the methodology used in my branch is very specific to Windows certificate store, and very useful for us in term of security to avoid storing a clear secret. If you just put CertificateThumbprint, where do you get it?

https://www.nuget.org/packages/NLog.MailKit.Oauth2/6.0.2-oauthfork

[snakefoot]

I mostly wanted to show you it can be done :)

Yes thank you for providing a great example for how to acquire OAuth 2.0 Token with Azure Cloud.

I'm not sure, the methodology used in my branch is very specific to Windows certificate store, and very useful for us in term of security to avoid storing a clear secret. If you just put CertificateThumbprint, where do you get it?

Usually one will use CertificateFingerprint-validation to ensure the right certificate is being used (on both sides). You have added the logic that the CertificateFingerprint is used for choosing the right certificate from the windows-operating-system-store (Windows likes to call it CertificateThumbprint while everyone else calls it CertificateFingerprint)

But I think the OAuth 2.0 token-resolving-logic for various cloud-providers and operating-systems should probably be in some other nuget-package, and not be placed into the NLog.MailKit-nuget-package.

[snakefoot]

Sounds like Microsoft will move to OAuth2-authentication in the near future:

• https://techcommunity.microsoft.com/blog/exchange/exchange-online-to-retire-basic-auth-for-client-submission-smtp-auth/4114750