This document explains how to set up advanced authentication (OAuth2) for sending mail with the Mail component.
Advanced authentication (OAuth2) has been tested and confirmed to work with Gmail and Outlook.
To set up OAuth2, use GCP for Gmail and Azure for Outlook.
Correct settings require accurate knowledge of GCP or Azure.
If you are unsure about the detailed setting method, please contact Google for GCP and Microsoft for Azure.
1. How to set up mail sending in Gmail
Flow of setting method
We will set up the following steps in GCP.
1-1. Enable GMail API from the API service library.
Select the library from the API service menu.
Select Gmail API.
Enable Gmail API.
1-2. Press the Create button by selecting “External” from the OAuth consent screen menu.
1-3. Register Gmail’s scope in the scope.
For scope, specify necessary permissions such as “Gmail view all mail, create, send, complete delete”.
1-4. Register the Gmail email address that sends GMail mail in the test user.
1-5. Check the contents registered in the summary.
1-6. Click Create Credentials from the Credentials Menu and select OAuth 2.0 Client ID.
1-7. Please select “Web application” for the type of application and give it a name. Please add “http://127.0.0.1:48888/callback” to the authenticated redirect URI and save it.
1-8. When you check the data saved from the Credentials menu in OAuth2.0 Client ID2, the Client ID, Client Secret ID, and Authenticated Redirect URI are displayed, so please take a note for use in the component.
※In the above settings, the public status is “Test”, and it is a mode where mail can be sent only to test users. By setting this mode to “Public”, you can send mail from email addresses other than the test user. If you are unsure about the detailed setting method, please contact Google. There may be cases where we cannot support individual GCP setting methods.
Now that we have the Client ID, Client Secret ID, and Authenticated Redirect URI required for OAuth 2.0, the preliminary preparation is complete.
2. How to set up mail sending in Outlook
To use OAuth2.0 in Outlook, you need a contract with Microsoft365 for Business.
Flow of setting method
We will set up the following steps in Azure.
When sending mail, if an error like MailSend: failed to send mail: 535 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant. Visit https://aka.ms/smtp_auth_disabled for more information.
occurs, please enable authenticated SMTP settings in Microsoft 365 management center from 2-9 onwards.
2-1. Register the app in the Azure service.
Click the Create App button.
Click the New Registration button.
Specify the name of the application, supported account information, and redirect URI. Specify “http://localhost:48888/callback” for the Redirect URI.
2-2. When the app is registered, basic information is displayed in the summary.
2-3. Click Add Permission from the API Permissions Menu.
2-4. Select the Microsoft Graph of the Microsoft API and check Mail.Send and offline_access to add them.
2-5. Once saved, it will be displayed in Configured Permissions. Click Grant admin consent for your organization to give consent.
2-6. Note the client ID and redirect URI.
2-7. Click New Client Secret in the Certificates and Secrets menu to create it.
Create a client secret.
You can specify an expiration date for the client secret.
2-8. Display the client secret.
The value is the client secret, so please note it.
Now that we have the Client ID, Client Secret, and Redirect URI required for OAuth 2.0, the preliminary preparation is complete.
2-9. Enable authenticated SMTP settings in the Microsoft 365 management center.
Open Microsoft 365 Management Center.
Select Active Users from the left menu.
When you select the target user, a panel will open on the right.
Select Manage Mail Apps in the Mail tab.
Please enable authenticated SMTP and save it. The set contents may not be reflected immediately, so if the same error continues to occur in sending mail, please try again after a while. If the error continues to occur, please check the settings again.
Need more help with this?
Join our slack community for help