Home > Software engineering >  Using TidIMAP4 component to retrieve email, need to switch to using Modern Authentication
Using TidIMAP4 component to retrieve email, need to switch to using Modern Authentication

Time:07-14

I have a program that I wrote that monitors a mail box and retrieves messages and puts contents in a database. My email administrators have notified me that my application is using Basic Authentication and that Microsoft will drop support for that starting in October 2022. They tell me I need to use Modern Authentication. Does the Indy component TidIMAP4 support that? The links to documentation on the website seem to all be broken: https://www.indyproject.org/documentation/

Here is my current connection code, using the default AuthType of iatUserPass. Is that what I need to change? Is iatSASL modern authentication and how would I use that? Just switching the property no longer worked to connect. I probably have to change other properties to work with that.

procedure TdmMAARCEmails.InitializeIMAPConnection;
begin
  IMAPClient := TIdIMAP4.Create(self);
  try
    // IMAPClient.AuthType := iatSASL;
    OpenSSLHandler := TIdSSLIOHandlerSocketOpenSSL.Create(self);
    OpenSSLHandler.sslOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2];
    IMAPClient.IOHandler := OpenSSLHandler;

    //  IMAPClient.Host := 'imap.gmail.com';
    IMAPClient.Host := FIniFile.ReadString('EMAIL', 'IMAPI_SERVER', '');
    IMAPClient.Port := FIniFile.ReadInteger('EMAIL', 'IMAPI_PORT', 993);
    IMAPClient.UseTLS := utUseImplicitTLS;
    IMAPClient.Username :=  self.UserName;
    IMAPClient.Password := self.Password;
    IMAPClient.Connect;
  except
    on E:Exception do
      writeln(E.Message);
  end;
end;

CodePudding user response:

Does the Indy component TidIMAP4 support that?

Indy does not officially support "Modern Authentication" (aka OAuth 2.0) at this time (open ticket #192).

Unofficially, there is currently a sasl-oauth branch in Indy's GitHub repo that is beginning to add in this support. If you were to try using this branch, you would be responsible for obtaining the necessary OAuth access token from Microsoft (see Authenticate an IMAP, POP or SMTP connection using OAuth - sections "Register your application" and "Get an access token"), and then you could assign that token to the TIdIMAP4 component to authenticate its IMAP connections (the "Authenticate connection requests" section of that document).

Alternatively, there is a 3rd party OAuth 2 implementation for Indy at this repo. It is meant for Gmail SMTP, but should be usable/adaptable for IMAP, too.

The links to documentation on the website seem to all be broken

Known issue: Links to old Indy website pages are currently broken

using the default AuthType of iatUserPass. Is that what I need to change?

Yes. iatUserPass uses the IMAP LOGIN <username> <password> command, which is what is being deprecated. iatSASL uses the IMAP AUTHENTICATE <mechanism> <parameters> command instead. Per the document above, Microsoft is expecting an AUTHENTICATE XOAUTH2 ... command.

Is iatSASL modern authentication and how would I use that?

Setting the AuthType to iatSASL is just the first step towards enabling "modern authentication". You would then need to fill out the TIdIMAP4.SASLMechanisms property with references to any TIdSASL-derived components you need, which will handle the actual authentications.

Indy has several TIdSASL... classes for various authentications (CRAM-MD5, CRAM-SHA1, NTLM, Digest, etc), but none for OAuth 2 yet. The sasl-oauth branch is adding a few new TIdSASL... classes, including TIdSASLXOAuth2 which would cover this situation (the other repo has a TIdSASLXOAuth class for this same task).

Or, you can just write your own TIdSASL-derived class to handle authentication however you need. For instance, if you just want to copy the TIdSASLXOAuth2/TIdSASLXOAuth implementation into your own code locally.

Just switching the property no longer worked to connect.

Correct, because your authentication setup is incomplete. See above.

  • Related