update the smtp provider to support oauth authentication.

[zyhfish]

Fix #5139.

[valadas]

Very nice, I left a couple of questions/suggestiions and would like to give it a quick test before approving. I can do that with gmail I guess ?

[zyhfish]

Thanks so much @valadas , the suggestions have been applied.

[bdukes]

@zyhfish am I correct to understand that this change doesn't do anything until you have an ISmtpOAuthProvider implementation in your site? Do you have an example implementation we can review and test with?

[zyhfish]

@zyhfish am I correct to understand that this change doesn't do anything until you have an ISmtpOAuthProvider implementation in your site? Do you have an example implementation we can review and test with?

Hi @bdukes , thanks so much for your update, can you please ping me on Slack when you are online, so that we can discuss further, thx.

[bdukes]

I still need to see an ISmtpOAuthProvider implementation to test the frontend, but I've adjusted the backend to have fewer dependencies directly on MailKit, and I'm happy with how things stand now.

[bdukes]

Ben shared two SMTP OAuth provider packages developed for Evoq, and I was able to test with those. Once installed, there's a fourth SMTP Auth option, OAuth.

I was able to select on of the auth providers, enter the details and save. After clicking Save, a section displays with an Authorize button, which opens a pop-up to the SMTP provider. I wasn't able to figure out the details of getting a test SMTP service and auth setup (this would at least require a valid redirect URL to be configured to the test site), but was able to test at least that far.

[mitchelsellers]

Am I to understand that addition of this, at this time does NOT give the DNN Platform the proper ability to utilize OAuth? If this is correct, do we have the information available, in the extension points created to actually create something that is of value for the open source project?

[bdukes]

Correct, to add an implementation to the open source project, we would need to create classes that implement the ISmtpOAuthProivder interface.

Dnn.Platform/DNN Platform/Library/Services/Mail/OAuth/ISmtpOAuthProvider.cs

Lines 14 to 56 in 75794cc

	/// <summary>A contract specifying the ability to authenticate an SMTP client with an OAuth 2 endpoint.</summary>
	public interface ISmtpOAuthProvider
	{
	/// <summary>Gets provider name.</summary>
	string Name { get; }
	/// <summary>Gets the localized name.</summary>
	string LocalizedName { get; }
	/// <summary>Whether the provider has completed the authorization process for the portal.</summary>
	/// <param name="portalId">The portal ID.</param>
	/// <returns><see langword="true"/> if the authorization has been completed, otherwise <see langword="false"/>..</returns>
	bool IsAuthorized(int portalId);
	/// <summary>Get the authorize URL.</summary>
	/// <param name="portalId">The portal ID.</param>
	/// <returns>The URL.</returns>
	string GetAuthorizeUrl(int portalId);
	/// <summary>Get the provider parameters.</summary>
	/// <param name="portalId">the portal ID of the setting, pass <see cref="Null.NullInteger"/> if it's a global setting.</param>
	/// <returns>The list of settings.</returns>
	IList<SmtpOAuthSetting> GetSettings(int portalId);
	/// <summary>Update provider settings.</summary>
	/// <param name="portalId">the portal id of the setting, pass <see cref="Null.NullInteger"/> if it's a global setting.</param>
	/// <param name="settings">the settings.</param>
	/// <param name="errorMessages">the errors.</param>
	/// <returns>Whether update the settings successfully.</returns>
	bool UpdateSettings(int portalId, IDictionary<string, string> settings, out IList<string> errorMessages);
	/// <summary>Authorize the SMTP client.</summary>
	/// <param name="portalId">The portal ID.</param>
	/// <param name="smtpClient">The SMTP client.</param>
	void Authorize(int portalId, IOAuth2SmtpClient smtpClient);
	/// <summary>Authorize the SMTP client.</summary>
	/// <param name="portalId">The portal id.</param>
	/// <param name="smtpClient">The SMTP client.</param>
	/// <param name="cancellationToken">The cancellation token.</param>
	/// <returns>A <see cref="Task"/> indicating completion.</returns>
	Task AuthorizeAsync(int portalId, IOAuth2SmtpClient smtpClient, CancellationToken cancellationToken = default(CancellationToken));
	}

[zyhfish]

Hi @mitchelsellers , is this PR able to be merged and included in next release? thx

[bdukes]

@zyhfish since this is a new feature, we're planning to hold this PR for a 9.12 or 10.0 release

[david-poindexter]

@zyhfish since this is a feature, we are holding this one until the next minor release. Thanks!

[david-poindexter]

Hi @david-poindexter , can you please help to check whether this PR can be merged or there is anything else need to be done? thx

@zyhfish I'm with @mitchelsellers here - are there plans for an implementation to be provided?

[mitchelsellers]

Just to update everyone since this is a public channel.

I've been in communication offline with @zyhfish about what is needed to accept/merge this item

[zyhfish]

Hi @mitchelsellers @david-poindexter , the gmail/exchange implementations have been added, can you please help to check? thx

[valadas]

Awesome! Thanks @zyhfish I'll try my best to test/review tomorrow...

[valadas]

@zyhfish I have fixed a couple of stylecop issues that prevented the build from running. Now we have 2 failing tests, can you help on those ?

[bdukes]

I just pushed a change to those tests 🤞🏻

[bdukes]

I pushed a few commits to clean up the code, moving from ServiceLocator to DI and using async where available, among other things.

[valadas]

I installed this build and managed to figure out how to get OAuth connected which worked, but then sending a test email fails with:

[valadas]

@zyhfish do you have some sort of documentation on the process to use Exchange and/or google ones. I managed to figure out to get oauth working with exchange but it apparently needs also to have smtp configured and I am not sure what that should be set to...

[valadas]

Ok, so the MailKit repository has some docs for both Google and Exchange and I managed to test the google one and it works fine. For Exchange, my Microsoft accounts are all messed up and I could not get it to find the right tenant and stuff. But I got to the OAuth authentication part working, so this looks good to me. Thanks @zyhfish

[dowdian]

I am using the new DNN_Platform_9.13.0-rc0001 in a test environment to attempt to connect it to my Exchange instance via OAuth 2.0. I have succeeded in connecting to the Registered App using the new provider:

...and I have provided the App with the following permissions:

...further, I have used the New-ServicePrincipal Cmdlet followed by the Add-MailboxPermission Cmdlet to give the App permissions to a particular mailbox using the Exchange Online PowerShell.

Basically, I followed the instructions here: https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth#use-client-credentials-grant-flow-to-authenticate-smtp-imap-and-pop-connections

However, when I attempt to send a test email, I get the following error message:

AbsoluteURL:/API/PersonaBar/ServerSettingsSmtpHost/SendTestEmail
DefaultDataProvider:DotNetNuke.Data.SqlDataProvider, DotNetNuke
ExceptionGUID:2ffa6bd3-180d-4813-a597-17ec4aaf1961
AssemblyVersion:
PortalId:-1
UserId:-1
TabId:-1
RawUrl:
Referrer:
UserAgent:
ExceptionHash:uXNMQ/JMz4Kn9Q3nTNmjBWMi2QA=
Message:535: 5.7.3 Authentication unsuccessful [FR2P281CA0175.DEUP281.PROD.OUTLOOK.COM 2023-09-14T10:33:30.710Z 08DBB4BB46D82F30]
StackTrace:
   at MailKit.Net.Smtp.SmtpClient.<AuthenticateAsync>d__86.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at MailKit.Net.Smtp.SmtpClient.Authenticate(SaslMechanism mechanism, CancellationToken cancellationToken)
   at DotNetNuke.Services.Mail.MailKitMailProvider.OAuthSmtpClient.Authenticate(String username, String token)
   at Dnn.ExchangeOnlineAuthProvider.Components.ExchangeOnlineOAuthProvider.Authorize(Int32 portalId, IOAuth2SmtpClient smtpClient)
   at DotNetNuke.Services.Mail.MailKitMailProvider.SendMail(MailInfo mailInfo, SmtpInfo smtpInfo)
InnerMessage:
InnerStackTrace:
Source:MailKit
FileName:
FileLineNumber:0
FileColumnNumber:0
Method:
Server Name: webwk00000F

Am I missing something? Am I posting this question in the wrong place? Any assistance would be most appreciated.

Thank you for all of your work on making this and all the other features of DNN.

PS. I should add that this DNN instance is running in Azure as an App Service on the same tenant as the Exchange server. I'm not sure if that makes a difference, but I thought it was worth stating.

[valadas]

@zyhfish I was also able to do the oAuth part and got into some other issues afterwards, so I was only able to properly test the google one. Do you have some guidance or docs we could add to the feature to help people setup ?

[dowdian]

@zyhfish I have re-read the instructions I linked to above and confirmed that my configuration is set up correctly. I also added the delegated permission Mail.Send to see if that might have an effect.

It did not.

[dowdian]

@zyhfish and @valadas, has there been any news on this change? Thank you.

[valadas]

@dowdian unfortunatelly not, I don't know enough in the azure world to even know how to begin troubleshooting this. @zyhfish told me he tested it, so I guess it's just a matter of jiggling all the handles right... One think you may want to double-check, are you sending the test emails with a "from" address that matches the exchange account address ?