search

pglombardo / PasswordPusher

🔐 Securely share sensitive information with automatic expiration & deletion after a set number of views or duration. Track who, what and when with full audit logs.
https://pwpush.com
Apache License 2.0
1.8k stars 331 forks source link

Mail via Office365 - add oauth2 authentication #532

Open yanx1990 opened 1 year ago

yanx1990 commented 1 year ago

Hello, Since october 2022, Microsoft removes the possibility to use basic authentication. We are forced to use Oauth2 authentication now. Would it be possible to add this authentication method with the SMTP package you use ?

Thank you for all the work you did on this nice tool :)

Kind regards, Yannick

github-actions[bot] commented 1 year ago

Hello @yanx1990, thanks for contributing to the Password Pusher community! We will respond as soon as possible.

pglombardo commented 1 year ago

Hi @yanx1990 - absolutely although it may be a bit of time. I'm working on a Microsoft Teams application for Password Pusher and plan to add Oauth2 support.

Unfortunately Teams is non trivial. I plan to work on this over the holidays. If I can sort it out and get oauth2 support out first (and separately), I definitely will do so.

pglombardo commented 1 year ago

Separate question - do you use Teams and would you find an MS Teams app useful?

yanx1990 commented 1 year ago

Hi @yanx1990 - absolutely although it may be a bit of time. I'm working on a Microsoft Teams application for Password Pusher and plan to add Oauth2 support.

Unfortunately Teams is non trivial. I plan to work on this over the holidays. If I can sort it out and get oauth2 support out first (and separately), I definitely will do so.

That would be awesome to have Oauth2 support :). Thanks a lot for adding it as a feature request.

Separate question - do you use Teams and would you find an MS Teams app useful?

Indeed, we are using Teams in our organization. I'm really curious how your app could be implemented as a Teams app. This is not our priority as we are using the web version but it could be a really nice to have :).

Thanks a lot Peter !

Viajaz commented 1 year ago

@yanx1990 Password Pusher has an API, you might be able to setup a Teams bot with scripting support (Or even PowerAutomate) to call it from MSTeams. Maybe something like https://github.com/poshbotio/PoshBot

Viajaz commented 1 year ago

@pglombardo If you are considering OAuth2 support, please consider something that might work with OpenID Connect (#410) in the future, as there is overlap in functionality. I'm sure there are Ruby libs that can work for both use-cases.

pglombardo commented 1 year ago

I agree @Viajaz. I plan to expand the log in options sooner than later alongside a MS Teams application. The topic is big and I want to make sure I understand the security implications.

Oauth2 and OpenID for automatic and single click logins are at the top of the list.

Viajaz commented 1 year ago

OpenID

@pglombardo I'm assuming you meant OpenID Connect, OpenID is the older technology.