[JENKINS-73486] Jenkins Email Extension plugin: OAuth 2.0 does not work with O365 #1420
Description
This is more or less a follow-up to JENKINS-69414">JENKINS-69414.
While OAuth2 authentication may work for generic providers such as GMail, it does not work for Office365, as instead of using the client secret as a password, one has to first request an access token from "https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token" using the client_credentials flow, then use that token as the password.
Without this, as in, using the client secret as a password, authentication always fails:
14:40:44 DEBUG SMTP: AUTH XOAUTH2 failed 14:40:44 AuthenticationFailedException message: 535 5.7.3 Authentication unsuccessful [VI1PR0102CA0059.eurprd01.prod.exchangelabs.com 2024-07-19T12:40:44.173Z 08DCA6EA4C774BA8]
If, however, you retrieve an access token using the aforementioned API, authentication succeeds and the e-mail gets delivered:
354 Start mail input; end with . ------=_Part_33_1071535181.1721393717667-- . 250 2.0.0 OK <1621590247.34.1721393718389@c427e035ed5b> [Hostname=AM9PR03MB6802.eurprd03.prod.outlook.com] DEBUG SMTP: message successfully delivered to mail server QUIT
Example call:
While one could simply call the API manually and configure the provided access token, this becomes quite tedious, as the token is only valid for an hour. I therefore request some sort of mechanism / configuration option in the plugin so it retrieves the token by itself.
Relevant SO entry: https://stackoverflow.com/questions/73449562/jenkins-email-extension-plugin-and-oauth-2-0-query
Originally reported by awillinger, imported from: Jenkins Email Extension plugin: OAuth 2.0 does not work with O365
- assignee:
slide_o_mix
- status: In Progress
- priority: Major
- component(s): email-ext-plugin
- label(s): email-ext
- resolution: Unresolved
- votes: 0
- watchers: 4
- imported: 20251211-193728
Raw content of original issue
This is more or less a follow-up to
JENKINS-69414.While OAuth2 authentication may work for generic providers such as GMail, it does not work for Office365, as instead of using the client secret as a password, one has to first request an access token from "https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token" using the client_credentials flow, then use that token as the password.
Without this, as in, using the client secret as a password, authentication always fails:
14:40:44 DEBUG SMTP: AUTH XOAUTH2 failed 14:40:44 AuthenticationFailedException message: 535 5.7.3 Authentication unsuccessful [VI1PR0102CA0059.eurprd01.prod.exchangelabs.com 2024-07-19T12:40:44.173Z 08DCA6EA4C774BA8]If, however, you retrieve an access token using the aforementioned API, authentication succeeds and the e-mail gets delivered:
354 Start mail input; end with <CRLF>.<CRLF>------=_Part_33_1071535181.1721393717667--
.
250 2.0.0 OK <1621590247.34.1721393718389@c427e035ed5b> [Hostname=AM9PR03MB6802.eurprd03.prod.outlook.com]
DEBUG SMTP: message successfully delivered to mail server
QUITExample call:
While one could simply call the API manually and configure the provided access token, this becomes quite tedious, as the token is only valid for an hour. I therefore request some sort of mechanism / configuration option in the plugin so it retrieves the token by itself.
Relevant SO entry: https://stackoverflow.com/questions/73449562/jenkins-email-extension-plugin-and-oauth-2-0-query
environment
Jenkins version: 2.468<br/>
Plugin version: 1814.v404722f34263
