andris9
commented
1 month ago I'm not sure if I follow you here 🤔
Individual users, not organizations, can create OAuth2 connections to their email accounts for EmailEngine
Closed brentshulman-silkline closed 1 month ago
andris9
commented
1 month ago I'm not sure if I follow you here 🤔
Individual users, not organizations, can create OAuth2 connections to their email accounts for EmailEngine
brentshulman-silkline
commented
1 month ago Oh, I was under the impression that an organization could set up an OAuth2 connection for people within its organization to opt-in to.
So, if I had a customer (a.k.a. an Organization) with many users, would each user need to create an OAuth2 connection? They couldn't just "sign in" with their GMail of that OAuth provider?
andris9
commented
1 month ago In order to use OAuth2, you need to create an "application". When end users click on the "sign in with gmail" button, they grant access to that application for the requested resources (for example, calendar or mailbox). EmailEngine can then use the credentials of that application with the grant information provided by the user to access the mailbox of such a user. There is usually no need to create more than 1 OAuth2 application, and you would typically create it under your own organization as a "public" application, but you can also create dedicated "private" applications for every organization if you like - in this case, the admin of that organization would have to generate the "private" application and provide you with the credentials. The main upside for such an approach is that "private" OAuth2 applications generated for a specific organization do not need to be validated by Google; other than that, it only complicates things.
brentshulman-silkline
commented
1 month ago Thanks for the clarification @andris9. Was thinking of a use case for corporate emails connections where each organization would want to have more granular control over the access to email their are granting within their systems
I want to try to use EmailEnginer in a multitenant SaaS environment where organizations can create an OAuth2 connection to their email. Then, individual users can opt-in to connect their corporate email via that connection.
How can I do this? In my head, I could start the connection of the OAuth2 connection in my DB linked with an organization and then send some API request that specifies users are trying to register with that specific connection ID when they are logged into that particular organization.
Am I thinking about this correctly? If so, how would I go about doing that?