jgosmann
commented
1 week ago Noting down some relevant documentation and thoughts:
- How to authenticate an IMAP, POP or SMTP connection using OAuth
- Microsoft identity platform and the OAuth 2.0 client credentials flow
- Use client credentials grant flow to authenticate SMTP, IMAP, and POP connections -> This is probably only relevant to configure permissions on the Microsoft 365 side, but should not concern the implementation in dmarc-metrics-exporter.
I think, the client grant credentials flow should be appropriate here. I suppose, dmarc-metrics-exporter would use that flow (which is basically one HTTP request) to obtain a access token (and refresh it when expired) and than uses that within the IMAP login step. (Maybe it should check the IMAP capabilities beforehand.)
Apart from the implementation, I wonder how to test this. I don't have a Microsoft 365 mailbox where I could configure a service principal of a client credentials grant flow. Maybe I can setup something temporarily, but not permanently as it is a paid service. This, however, still doesn't cover automated tests. Maybe I could setup a container with a Keycloak or similar for testing the client credentials flow, but not sure how to test the actual IMAP login ... I don't think Greenmail (my current test server) does support OAuth ...
Hi, thank you for this exporter! I'd like for it to support OAuth authentication, for use with Microsoft 365 mailboxes. It'd be great to be able to autheticate with an API key. Thanks again