Connecting Outlook to Odoo using OAuth

Adapting to New Security Standards
November 29, 2022 by
Connecting Outlook to Odoo using OAuth
OERP Canada, Lucas Jagel

What is OAuth and why is it important?

OAuth is a standard for authentication, created as a response to the flaws present in Basic Authentication. Before we discuss the importance of OAuth, we need to review the problems with Basic Authentication that need to be solved. Basic Authentication works over HTTP by including a header with encoded credentials in each request. Since the credentials are encoded and not encrypted, they can be decoded by anyone listening to the request. Essentially the credentials are sent in clear text over HTTP. This issue can be alleviated by using SSL to encrypt the connection (HTTPS) but this would still be vulnerable to Man-in-the-Middle attacks. There is also the ongoing issue of credentials being sent in every request. Since the credentials are identical between requests, a single compromised request is enough to compromise the connection. These are problems that OAuth was designed to solve, along with improvements in the form of tokenized authentication.

OAuth works by using a token provider that distributes cryptographically signed tokens to end users, allowing the user to connect to any service configured to trust the token provider. This solves the issue of unsecure connections by using encrypted tokens and also solves the issue with re-used credentials, as each user session will generate a unique token. OAuth also allows the token provider to be connected with multiple services, permitting a user to sign into multiple services with a single set of credentials. This is commonly called Single Sign-On (SSO).

Why does this matter for Odoo?

As security improves it is important for less secure methods of communication to be replaced with newer, more secure methods. For Microsoft authentication this meant phasing out Basic Authentication. Basic Authentication was disabled in October 2022 and was replaced with OAuth. If you need to connect to Outlook to send and receive emails OAuth will be required. Here are the steps required to connect Outlook to Odoo using OAuth.

Setting up Outlook

Creating an Azure Application to provide OAuth keys

  1. First register a new App in AzureApp registration in Azure
  2. Setup the App
    Name: Any name will work
    Supported account types: Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Micrsoft accounts (e.g. Skype, Xbox)
    Redirect URI: app registration settings
  3. Save the App Client ID. Then click Add a certificate or secretSaving client ID & credentials
  4. Fill in the secret description and set an expiration date (a new secret will need to be created after the expiration)Setting up client secret
  5. Save the Secret Value. Be sure to save the Value not the IDSaving the secret value
  6. Go to API Permissions and add the permissions "IMAP.AccessAsUser.All" and "SMTP.Send"Adding API permissions part 1Adding API permissions part 2Adding API permissions part 3Adding API permissions part 4
  7. At this point the Azure App is configured. First; if your database is < v16 then you will need to install the microsoft_outlook moduleFinding the Microsoft Outlook app in Odoo versions <16
  8. Next log in to your Odoo database and go to General Settings
  9. Enter the Client ID and the Secret Value that were saved from AzureConfiguring Outlook credentials in Odoo settings
  10. Next is to configure an Outgoing and Incoming email server in Odoo. Ensure that you are in developer mode in Odoo. Under Settings go to: Technical->Outgoing Mail Servers and click create
  11. Enter a Description and select Outlook under Connection InformationSet up Outlook as a mail server in Odoo
  12. You will not need a password to connect with OAuth. Instead click Connect your Microsoft Account
  13. A Microsoft window will open allowing you to login to confirm the connection. Once you are logged in, the connection is complete for this mail server.
  14. Don't forget to configure an incoming mail server. Under Settings go to: Technical->Incoming Mail Servers and click create. The steps are the same as the Outgoing Mail Server setup.

This completes the setup for your Outlook mailbox in Odoo. You can rest easy knowing that your connection will be more secure thanks to OAuth!

Thanks for reading - feel free to contact us here if you have any questions or would like to learn more about Odoo.

- OERP Team

in Tips
Connecting Outlook to Odoo using OAuth
OERP Canada, Lucas Jagel November 29, 2022
Share this post