Page 1 of 4 1234 LastLast
Results 1 to 10 of 31

Thread: Chilkat Email and Microsoft Basic Authentication changes

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Join Date
    Feb 2009
    Location
    Goteborg, Sweden
    Posts
    3,189

    Default Chilkat Email and Microsoft Basic Authentication changes

    Hi,

    As I know many of you do, at Asolvi we use Chilkat SMTP with basic authentication (user id & pw) to send out emails via an unattended utility program, reading from the database what to send out.

    What I understand from the message info, we might need to change our Chilkat code to use oAuth instead of basic authentication? And that also includes using a web-browser object to collect the oAuth token and save it to the database for future reference.

    Is anyone of you aware of this? Should we be concerned about it?

    Even if it will continue to work for a while as it does, Microsoft could suddenly turn off the feature of basic authentication after sending a warning email to the customer, that will probably not be read and all of a sudden our support is swamped by angry customers wondering why the emails aren't send no more from our program...

    Microsoft Link: https://techcommunity.microsoft.com/...e/ba-p/2111904

    Or have I misunderstood the whole thing?
    Nils Svedmyr
    RDC Tools International
    www.rdctools.com

    "The problem with internet quotes is that you don't know if they are true."
    Abraham Lincoln

  2. #2

    Default Re: Chilkat Email and Microsoft Basic Authentication changes

    Hi Nils,

    Yes, that is my understanding.
    When you use Office 365 then you must get an OAuth2 token for being able to send emails in the very near future.
    You can get an OAuth2 token by popping up the system browser (it doesn't have to be an embedded browser object) where the user can login to their Office 365 account and allow the smtp functionality for the generated token.

    This can all be done via Chilkat and the Graph API from Microsoft.
    The link to get started is here:
    https://www.example-code.com/datafle...cess_token.asp

    edit (sigh)
    read some more:
    https://docs.microsoft.com/en-us/exc...xchange-online
    SMTP AUTH will still be available when Basic authentication is permanently disabled on October 1, 2022. The reason SMTP will still be available is that many multi-function devices such as printers and scanners can't be updated to use modern authentication. However, we strongly encourage customers to move away from using Basic authentication with SMTP AUTH when possible. Other options for sending authenticated mail include using alternative protocols, such as the Microsoft Graph API.
    So it won't just suddenly stop, but you should still consider adding OAuth2 support.
    --
    Wil
    Last edited by wila; 3-Feb-2022 at 12:35 PM.

  3. #3
    Join Date
    Feb 2009
    Location
    Goteborg, Sweden
    Posts
    3,189

    Default Re: Chilkat Email and Microsoft Basic Authentication changes

    Thank you very much Wil for the confirmation.

    I must say I'm a little bit surprised that nobody else has commented on this?

    Aren't you all, that are using Chilkat to send out emails, a bit worried?

    I haven't started to change our existing Chilkat code base yet, but I expect it will take many hours to change from simple login with user id & pw, to a oAuth2 solution including to test it properly. And there will also be the problem of getting the token and saving it to the database in the first place, for each and every customer, and that's gonna need to be done manually! And I sincerely hope that is only needed to be done once <sigh!>

    Please correct me anyone if I got some of the above wrong.
    Nils Svedmyr
    RDC Tools International
    www.rdctools.com

    "The problem with internet quotes is that you don't know if they are true."
    Abraham Lincoln

  4. #4

    Default Re: Chilkat Email and Microsoft Basic Authentication changes

    Quote Originally Posted by Nils G. Svedmyr View Post
    And there will also be the problem of getting the token and saving it to the database in the first place, for each and every customer, and that's gonna need to be done manually!
    I don't understand what you're saying here. Normally you use 1 email account to send email to customers. eg. alerts@example.com that will send emails to the customer bob@customer.com and alice@customer.com etc... You only need to get the OAuth token for alerts@example.com not for Bob or Alice.

    If you have a specific email account to send to each customer, then yes each customer will have to get that token.
    You can't configure that on their behalf. Only if example.com is a domain you own then you can set it up yourself.

    --
    Wil

  5. #5
    Join Date
    Feb 2009
    Location
    Goteborg, Sweden
    Posts
    3,189

    Default Re: Chilkat Email and Microsoft Basic Authentication changes

    What I was trying to get across is what you state in your second paragraph. Asolvi has many, many customers and getting the token(s) manually needs to be done for each and every one of them.

    So what wasn't clear in my original message is that all customers has their own physical servers in-house.

    Most of the customers are just users without any special technical skills and probably no in-house IT-personal (purchasing external IT-services and those persons are hard to get in contact with). So we probably will have to do this on the customers behalf. That is a lot of manual labor to do to all of them, and something we're not looking forward to.

    Clear as mud?
    Nils Svedmyr
    RDC Tools International
    www.rdctools.com

    "The problem with internet quotes is that you don't know if they are true."
    Abraham Lincoln

  6. #6
    Join Date
    Feb 2009
    Location
    Stuart, FL
    Posts
    5,321

    Default Re: Chilkat Email and Microsoft Basic Authentication changes

    you need to call the token API to get the token. Remember also the token isnt valid forever. You will also get a refresh token to refresh your token

    no need to do that manually you simply call the OAuth API
    Michael Salzlechner
    StarZen Technologies, Inc
    http.://www.starzen.com

    IT Director at Balloons Everywhere

    Development Blog
    http://www.salzlechner.com/dev

    DataFlex Package Manager (aka Nuget for DataFlex)
    http://windowsdeveloper.com/dfPackage

  7. #7
    Join Date
    Feb 2009
    Location
    Goteborg, Sweden
    Posts
    3,189

    Default Re: Chilkat Email and Microsoft Basic Authentication changes

    Hi Michael,

    Yes, the token from Chilkat can be retrieved quite easily but how about to enable Office365 from an unattended mail-sending program?
    Nils Svedmyr
    RDC Tools International
    www.rdctools.com

    "The problem with internet quotes is that you don't know if they are true."
    Abraham Lincoln

  8. #8
    Join Date
    Feb 2009
    Location
    Stuart, FL
    Posts
    5,321

    Default Re: Chilkat Email and Microsoft Basic Authentication changes

    oauth2 handles that with a client credentials flow
    Michael Salzlechner
    StarZen Technologies, Inc
    http.://www.starzen.com

    IT Director at Balloons Everywhere

    Development Blog
    http://www.salzlechner.com/dev

    DataFlex Package Manager (aka Nuget for DataFlex)
    http://windowsdeveloper.com/dfPackage

  9. #9
    Join Date
    Feb 2009
    Location
    Goteborg, Sweden
    Posts
    3,189

    Default Re: Chilkat Email and Microsoft Basic Authentication changes

    Oh, that is great news. Just to be clear, so you're saying that there is no need for a manual browser "acceptance screen/object" to change the current Office365 setting?

    All can be handled by a simple Chilkat oAuth2 token call? Does this mean that it isn't even necessary to save the token, it is just as easy to request a new token each time?

    Thanks for your help.
    Nils Svedmyr
    RDC Tools International
    www.rdctools.com

    "The problem with internet quotes is that you don't know if they are true."
    Abraham Lincoln

  10. #10

    Default Re: Chilkat Email and Microsoft Basic Authentication changes

    Quote Originally Posted by Nils G. Svedmyr View Post
    Oh, that is great news. Just to be clear, so you're saying that there is no need for a manual browser "acceptance screen/object" to change the current Office365 setting?

    All can be handled by a simple Chilkat oAuth2 token call? Does this mean that it isn't even necessary to save the token, it is just as easy to request a new token each time?

    Thanks for your help.
    He didn't say that at all. He said that you can get a refresh token after you have an access token.
    There certainly is a manual browser popup involved (or optionally an embedded browser object if that's what you prefer)

    edit: The client credentials flow is like I wrote with the MS login screen.
    Another link... https://docs.microsoft.com/en-us/graph/auth/
    --
    Wil
    Last edited by wila; 4-Feb-2022 at 11:22 AM.

Page 1 of 4 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •