search

quarkusio / quarkus

Quarkus: Supersonic Subatomic Java.
https://quarkus.io
Apache License 2.0
13.35k stars 2.56k forks source link

XOauth2 support for Quarkus Mailer e.g. for Office365 #39359

Open andreas-eberle opened 3 months ago

andreas-eberle commented 3 months ago

Discussed in https://github.com/quarkusio/quarkus/discussions/38773

Office365 by default required XOauth2 authorization. This is currently not supported by the Quarkus Mailer integration. Therefore, this makes it really hard to use Quarkus mailing with Microsoft E-Mail accounts.

Originally posted by **wernerjacobs** February 14, 2024 Hello, We're currently working on integrating Quarkus mail with our application and need to authenticate to smtp.office365.com using OAuth. Unfortunately, the documentation doesn't provide specific guidance on configuring Office 365 mail. We've attempted to replicate configurations used for other mail servers, but so far, we haven't had much success. Currently, we're encountering an SSL handshake issue and are unable to proceed. Our firewall settings should allow communication with smtp.office365.com on port 587, so we don't believe that's the source of the problem. However, when attempting to send a message, we're seeing the following error in our logs: Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: [error message] at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1314) Has anyone encountered similar challenges with configuring mail for Office 365 mail servers? We've verified that the protocols and cipher suites are correctly configured, so we're unsure what else could be causing this error. Does anybody know which configuration properties should be set? We are setting following properties quarkus.mailer.auth-methods=DIGEST-MD5 CRAM-SHA256 CRAM-SHA1 CRAM-MD5 PLAIN LOGIN quarkus.mailer.start-tls=REQUIRED quarkus.mailer.from=XXXX quarkus.mailer.host=smtp.office365.com quarkus.mailer.port=587 quarkus.mailer.username=XXX quarkus.mailer.password=XXXX quarkus.mailer.ssl=true quarkus.mailer.login=XOAUTH2 quarkus.mailer.trust-all=true Any insights or assistance would be greatly appreciated. Thank you
quarkus-bot[bot] commented 3 months ago

/cc @cescoffier (mailer)

sberyozkin commented 3 months ago

If the Instance<TokenCredential> suggestion can be considered reasonable (https://github.com/quarkusio/quarkus/discussions/38773#discussioncomment-8515842) then I can prototype some code in a draft PR.

The case of a Quarkus endpoint authenticating the users with the authorization code flow and then propagating the token to access some downstream service is generic - which is why I'm not sure that having the mailer specific OAuth2 support is the best approach