Hi all,
I'm a little bit confused about the OAuth2 config.
In the blog article (https://www.znuny.org/en/blog/modern-au ... -microsoft) they wrote to set the Microsoft Graph / Application permissions Mail.ReadWrite & Mail.Send.
The GUI seems to use the Access-Toke-Scope (https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send offline_access). This text field is missing in the screenshot in the blog article.
My Azure Admin says, that these are different ways to configuration permissions for an application and he is confused about the correct permissions to set up
Can somebody explain me, what is the correct way to configure the permissions for OAuth2?
Regards,
Dennis
OAuth2 configuration
Moderator: crythias
-
FunnyDingo
- Znuny newbie
- Posts: 2
- Joined: 31 Jan 2023, 16:06
- Znuny Version: 6.4.5
- Real Name: Dennis
-
root
- Administrator
- Posts: 3968
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: OAuth2 configuration
Hi,
This is caused by the time difference between the blog post and when the OAuth token configuration templates were generated. This is also why the screenshot does not show the scope input field.
Your admin is correct. There's a difference. But until now, it always worked fine in this configuration.
Feel free to adjust them to one or the other according to your admin's recommendation. We'd love to hear your feedback.
- Roy
This is caused by the time difference between the blog post and when the OAuth token configuration templates were generated. This is also why the screenshot does not show the scope input field.
Your admin is correct. There's a difference. But until now, it always worked fine in this configuration.
Feel free to adjust them to one or the other according to your admin's recommendation. We'd love to hear your feedback.
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
-
FunnyDingo
- Znuny newbie
- Posts: 2
- Joined: 31 Jan 2023, 16:06
- Znuny Version: 6.4.5
- Real Name: Dennis
Re: OAuth2 configuration
Hi Roy,
sorry for my late answer. So, what have I to do to switch to the Graph permissions? Just write "Mail.ReadWrite Mail.Send" into the scope field?
sorry for my late answer. So, what have I to do to switch to the Graph permissions? Just write "Mail.ReadWrite Mail.Send" into the scope field?
-
root
- Administrator
- Posts: 3968
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: OAuth2 configuration
Hi,FunnyDingo wrote: ↑13 Jul 2023, 15:29 Hi Roy,
sorry for my late answer. So, what have I to do to switch to the Graph permissions? Just write "Mail.ReadWrite Mail.Send" into the scope field?
I don't know the exact wording of the other scopes and have no time to look them up at the Microsoft documentation.
But your admin, the one who said they are wrong, should know them.
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?