Upcoming: disabling of Basic Auth on Exchange Online / Support for OAuth2

[jbostoen]

• https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-september-2021-update/ba-p/2772210
• https://wiki.php.net/todo/ext/imap/xoauth2
• https://sourceforge.net/p/itop/tickets/2058/

[jbostoen]

Combodo released a version of an O365 connector.

It uses some external libraries, including one which supposedly replaces PHP IMAP extension (although for some parts the documentation of the library mentions PHP IMAP extension might enhance functionality!)

There are still note worthy issues though: Webklex/php-imap#143

It also contains some libraries for MS O365/Azure specific authentication.

To do:

• Check how to backport this, as our current IMAP email source is slightly improved over the original Combodo implementation.
• Merge into one class with an option to determine whether it's a normal IMAP implementation or one requiring OAuth?
• Investigate PHP IMAP vs the library

Overall the Combodo implementation looks like a great start, although I hope it can be more flexible at some point (Google?) and depend less on third party libraries.

https://github.com/Combodo/itop-o365-email-synchro

[jbostoen]

Waiting for Combodo's implementation on a new mail library in new iTop 2.7 and 3.0 releases, since it currently looks like that will be included in the core iTop (and their Mail to Ticket Automation will build upon it)

[jbostoen]

Combodo already released iTop 2.7.7 introducing OAuth2 support.
However, iTop 3.0.2 (earlier 3.0 versions don't have it) will only be released at the end of August.

Therefore, steps are already being taken to make sure this fork of Combodo's Mail to Ticket Automation also supports OAuth2.

However, it seems with Combodo's extension the original IMAP implementation is untouched; while they do add a new one using Laminas for IMAP + OAuth2.

Two main actions remain:

• It will be investigated if it's possible to also replace the legacy implementation.
• It will be investigated if while building up on the enhanced functionality in iTop 2.7.7 and iTop 3.0.2, we can take an alternative route. Rather than having an entirely separate class of IMAP mailbox, I'd like to make it optional to enable OAuth2 on the existing IMAP mailboxes.

Anyone interested in early testing, please let me know; especially interested in MS O365 / Exchange Online and GMail environments.

[jbostoen]

Support for no validation of certificates + specifying SSL/TLS:

// Connecting with Imap:
$mail = new Imap([
    'host'     => '192.168.xxx.xxx',
    'user'     => 'user1',
    'password' => 'p@ssword',
    'ssl'      => 'TLS',
    'novalidatecert' => true,
]);

Check if something can be done regarding other IMAP options such as authuser, user: https://github.com/jbostoen/itop-jb-mail-to-ticket-automation-v2/blob/master/documentation/configuration.md#hints-on-office-365-with-shared-mailbox

[jbostoen]

Progress has been made in a separate branch!

Doing some more checks, but it looks to properly process and move/delete (if required) the messages from a MS O365 OAuth mailbox.

Expect a formal release soon!

[jbostoen]

This was released already.