I have a program that I wrote that monitors a mail box and retrieves messages and puts contents in a database. My email administrators have notified me that my application is using Basic Authentication and that Microsoft will drop support for that starting in October 2022. They tell me I need to use Modern Authentication. Does the Indy component TidIMAP4 support that? The links to documentation on the website seem to all be broken: https://www.indyproject.org/documentation/
Here is my current connection code, using the default AuthType of iatUserPass. Is that what I need to change? Is iatSASL modern authentication and how would I use that? Just switching the property no longer worked to connect. I probably have to change other properties to work with that.
procedure TdmMAARCEmails.InitializeIMAPConnection;
begin
IMAPClient := TIdIMAP4.Create(self);
try
// IMAPClient.AuthType := iatSASL;
OpenSSLHandler := TIdSSLIOHandlerSocketOpenSSL.Create(self);
OpenSSLHandler.sslOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2];
IMAPClient.IOHandler := OpenSSLHandler;
// IMAPClient.Host := 'imap.gmail.com';
IMAPClient.Host := FIniFile.ReadString('EMAIL', 'IMAPI_SERVER', '');
IMAPClient.Port := FIniFile.ReadInteger('EMAIL', 'IMAPI_PORT', 993);
IMAPClient.UseTLS := utUseImplicitTLS;
IMAPClient.Username := self.UserName;
IMAPClient.Password := self.Password;
IMAPClient.Connect;
except
on E:Exception do
writeln(E.Message);
end;
end;
CodePudding user response:
Does the Indy component TidIMAP4 support that?
Indy does not officially support "Modern Authentication" (aka OAuth 2.0) at this time (open ticket #192).
Unofficially, there is currently a sasl-oauth
branch in Indy's GitHub repo that is beginning to add in this support. If you were to try using this branch, you would be responsible for obtaining the necessary OAuth access token from Microsoft (see Authenticate an IMAP, POP or SMTP connection using OAuth - sections "Register your application" and "Get an access token"), and then you could assign that token to the TIdIMAP4
component to authenticate its IMAP connections (the "Authenticate connection requests" section of that document).
Alternatively, there is a 3rd party OAuth 2 implementation for Indy at this repo. It is meant for Gmail SMTP, but should be usable/adaptable for IMAP, too.
The links to documentation on the website seem to all be broken
Known issue: Links to old Indy website pages are currently broken
using the default AuthType of iatUserPass. Is that what I need to change?
Yes. iatUserPass
uses the IMAP LOGIN <username> <password>
command, which is what is being deprecated. iatSASL
uses the IMAP AUTHENTICATE <mechanism> <parameters>
command instead. Per the document above, Microsoft is expecting an AUTHENTICATE XOAUTH2 ...
command.
Is iatSASL modern authentication and how would I use that?
Setting the AuthType
to iatSASL
is just the first step towards enabling "modern authentication". You would then need to fill out the TIdIMAP4.SASLMechanisms
property with references to any TIdSASL
-derived components you need, which will handle the actual authentications.
Indy has several TIdSASL...
classes for various authentications (CRAM-MD5, CRAM-SHA1, NTLM, Digest, etc), but none for OAuth 2 yet. The sasl-oauth
branch is adding a few new TIdSASL...
classes, including TIdSASLXOAuth2
which would cover this situation (the other repo has a TIdSASLXOAuth
class for this same task).
Or, you can just write your own TIdSASL
-derived class to handle authentication however you need. For instance, if you just want to copy the TIdSASLXOAuth2
/TIdSASLXOAuth
implementation into your own code locally.
Just switching the property no longer worked to connect.
Correct, because your authentication setup is incomplete. See above.