OAuth2 Authorizations in Email This Issue App in Jira Instance

Oladipupo Olimene
5 min readSep 6, 2022

Deprecation of Basic authentication in Exchange Online

In September 2021, Microsoft announced that effective October 1, 2022 they will begin disabling Basic authentication for Outlook, EWS, RPS, POP, IMAP, and EAS protocols in Exchange Online. SMTP Auth will also be disabled if it is not being used.

We’re removing the ability to use Basic authentication in Exchange Online for Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, Exchange Web Services (EWS), Offline Address Book (OAB), Outlook for Windows, and Mac.

We’re also disabling SMTP AUTH in all tenants in which it’s not being used.

That means

This decision requires customers to move from apps that use basic authentication to apps that use Modern authentication. Modern authentication (OAuth 2.0 token-based authorization) has many benefits and improvements that help mitigate the issues in basic authentication.

As a result, I have decided to prepare a documentation for current users of Email This Issue add on/app in Jira Instance with Basic Authentication still configured.

The steps can work for both Email This Issue Jira Cloud or Email This Issue Jira Server/DC.

The configuration steps have been highlighted here and the vendor behind Email This Issue app have hinted that OAuth2 authorizations is inherently complex and takes up multiple configurations.

Enabling OAuth2 authorization in your Microsoft 365 account

  • Now you can visit this link to access the Azure Active Directory of your M365 Tenant or directly from the Admin Center.
  • Create a new app registration and take note of the client Id

In the Redirect URI section, select Web from the dropdown, then copy+paste the Callback URL from the OAuth2 Credentials dialog as the URI value. As this URI is specific to your Jira instance, it is important to copy the URL from the Email This Issue app into this page as a URI of another Jira instance cannot be reused.

  • API Permissions (scopes) need to be granted for the application

Remove the default api permission before adding the required ones

Then continue to add the following API Permissions under Microsoft Graph in Delegated Permissions

OpenId permissions: offline_ access & openid

IMAP: IMAP.AccessAsUser.All

SMTP: SMTP.Send

Mail: Mail.Read, Mail.ReadBasic, Mail.ReadWrite & Mail.Send

and finally EWS: EWS.AccessAsUser.All (follow steps here https://docs.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-authenticate-an-ews-application-by-using-oauth#configure-for-delegated-authentication for this specifically if you run into any error)

Additionally, grant these API permissions admin consent ( Advisable)

  • Go ahead and Generate Client Secret (set the expiration to never expire) then take note of the secret value because you may be unable to retrieve it once you leave that blade.
  • Finally put together the client Id, secret value, authorization endpoint and token endpoint for the next step. The endpoints can be gotten from the overview blade of the registered app.

OAuth2 Credentials in Email This Issue

To create a new one go to SETTINGS OAuth2 Credentials + Add

Populate the details with the values gotten from the previous steps above

Use the saved OAuth2 credentials in Incoming Mail Connections

  • To connect to an email service using OAuth2, after specifying the OAuth Credential and Username, you must start the authorization process by clicking the Authorization button.

Then follow the prompt to allow and accept the app permission request

  • You should get an Authorized successfully prompt, then go ahead to test connection first, and you should get another prompt with The connection is working, then you can save it.

If you have followed this steps accordingly, you should have a working connection for incoming mail, you can repeat procedure for outgoing mail connection.

At this point you can go ahead to explore with all the feature Email This Issue has to offer.

If you found this guide helpful, please consider following me on Twitter and connecting on LinkedIn. Don’t forget to give this article a 👏 if you enjoyed reading it as a show of support. Thanks! ✌️

--

--

Oladipupo Olimene

Cloud || Dev Ops || IAC || Security || Automation || Monitoring