OAuth2 Authorizations in Email This Issue App in Jira Instance
Deprecation of Basic authentication in Exchange Online
We’re removing the ability to use Basic authentication in Exchange Online for Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, Exchange Web Services (EWS), Offline Address Book (OAB), Outlook for Windows, and Mac.
We’re also disabling SMTP AUTH in all tenants in which it’s not being used.
That means
This decision requires customers to move from apps that use basic authentication to apps that use Modern authentication. Modern authentication (OAuth 2.0 token-based authorization) has many benefits and improvements that help mitigate the issues in basic authentication.
As a result, I have decided to prepare a documentation for current users of Email This Issue add on/app in Jira Instance with Basic Authentication still configured.
The steps can work for both Email This Issue Jira Cloud or Email This Issue Jira Server/DC.
The configuration steps have been highlighted here and the vendor behind Email This Issue app have hinted that OAuth2 authorizations is inherently complex and takes up multiple configurations.
Enabling OAuth2 authorization in your Microsoft 365 account
- Before starting with the app registration, you need to have a Microsoft365 account and you should also check whether you have an active Exchange Online license (aka “subscription”) otherwise, you will run into issues during the authorization process.
- Now you can visit this link to access the Azure Active Directory of your M365 Tenant or directly from the Admin Center.
- Create a new app registration and take note of the client Id
In the Redirect URI section, select Web from the dropdown, then copy+paste the Callback URL from the OAuth2 Credentials dialog as the URI value. As this URI is specific to your Jira instance, it is important to copy the URL from the Email This Issue app into this page as a URI of another Jira instance cannot be reused.
- API Permissions (scopes) need to be granted for the application
Remove the default api permission before adding the required ones
Then continue to add the following API Permissions under Microsoft Graph in Delegated Permissions
OpenId permissions: offline_ access & openid
IMAP: IMAP.AccessAsUser.All
SMTP: SMTP.Send
Mail: Mail.Read, Mail.ReadBasic, Mail.ReadWrite & Mail.Send
and finally EWS: EWS.AccessAsUser.All (follow steps here https://docs.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-authenticate-an-ews-application-by-using-oauth#configure-for-delegated-authentication for this specifically if you run into any error)
Additionally, grant these API permissions admin consent ( Advisable)
- Go ahead and Generate Client Secret (set the expiration to never expire) then take note of the secret value because you may be unable to retrieve it once you leave that blade.
- Finally put together the client Id, secret value, authorization endpoint and token endpoint for the next step. The endpoints can be gotten from the overview blade of the registered app.
OAuth2 Credentials in Email This Issue
To create a new one go to SETTINGS → OAuth2 Credentials → + Add
Populate the details with the values gotten from the previous steps above
Use the saved OAuth2 credentials in Incoming Mail Connections
- To connect to an email service using OAuth2, after specifying the OAuth Credential and Username, you must start the authorization process by clicking the Authorization button.
Then follow the prompt to allow and accept the app permission request
- You should get an Authorized successfully prompt, then go ahead to test connection first, and you should get another prompt with The connection is working, then you can save it.
If you have followed this steps accordingly, you should have a working connection for incoming mail, you can repeat procedure for outgoing mail connection.
At this point you can go ahead to explore with all the feature Email This Issue has to offer.
If you found this guide helpful, please consider following me on Twitter and connecting on LinkedIn. Don’t forget to give this article a 👏 if you enjoyed reading it as a show of support. Thanks! ✌️
