Diumumake suwe - saiki kasunyatan : Microsoft wis mateni otentikasi kanthi sandhi kanggo protokol tartamtu ing Exchange Online wiwit September 2022 kanggo milih oAuth2. Masalah GitHub saka akeh perpustakaan lan skrip serep nerangake manawa owah-owahan kasebut kaget akeh pangurus. Ing ngisor iki kita nuduhake cara sampeyan bisa terus ngakses isi kothak layang Exchange kanthi bantuan oAuth2 liwat PHP liwat IMAP.
Saka sudut pandang keamanan, langkah Microsoft pancen bener, nanging kerumitan akses program menyang e-mail saya tambah akeh. Contone, yen sampeyan nggunakake perpustakaan barbushin/php-imap sing akeh digunakake, akses digunakake kaya ing ngisor iki:
734a82898010e2fcb02c72c3cd9702c2
Iku mung ora bisa maneh. Kanggo nggawe sambungan liwat oAuth2, kangelan pisanan kanggo njaluk token akses. Lan kanggo iki sampeyan kudu njupuk rong rintangan.
Azure Active Directory
Langkah-langkah ing ngisor iki ndhaptar aplikasi anyar ing Azure Active Directory:
PowerShell
Saiki kita nguripake app ing Microsoft PowerShell (mode Administrator) lan wenehake idin menyang kothak layang individu (<TENANTID>, <CLIENTID>, <OBJECTID>, <EMAIL> kudu diganti ing saben kasus):
Install-Module -Name ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline -Organization <TENANTID>
New-ServicePrincipal -AppId <CLIENTID> -ServiceId <OBJECTID>
Add-MailboxPermission -Identity "<EMAIL>" -User <OBJECTID> -AccessRights FullAccess
...Yen wis rampung, liyane dudu ilmu roket. Wiwit barbushin / php-imap ora ndhukung oAuth2, sampeyan bisa nyambung karo perpustakaan alternatif Webklex / php-imap (kang uga duwe kauntungan saka ora mbutuhake modul PHP IMAP ).:
734a82898010e2fcb02c72c3cd9702c2
Nanging, perpustakaan sing ora resmi ndhukung oAuth2 uga bisa digunakake karo proxy kayata simonrob/email-oauth2-proxy nggawe bisa digunakake. Sawise iki Ngundhuh lan instalasi liwat python -m pip install -r requirements-no-gui.txt (Python ≥3.6 dibutuhake) sampeyan ngowahi file kasebut emailproxy.config contone kaya ing ngisor iki (ngganti wektu iki <TENANTID>, <CLIENTID>, <CLIENTSECRET> lan <EMAIL>):
[Server setup]
[IMAP-1993]
local_address = localhost
server_address = outlook.office365.com
server_port = 993
[Account setup]
[<EMAIL>]
token_url = https://login.microsoftonline.com/<TENANTID>/oauth2/v2.0/token
oauth2_scope = https://outlook.office365.com/.default
redirect_uri = http://localhost:8080
client_id = <CLIENTID>
client_secret = <CLIENTSECRET>Banjur sampeyan miwiti proxy karo python emailproxy.py --no-gui lan saiki bisa pindhah menyang IP sing ora dienkripsi localhost ing port 1993 nyambung liwat Auth Dasar biasa (lan sandhi wae). Yen sampeyan pengin miwiti proxy minangka layanan ing latar mburi nalika sampeyan miwiti sistem, sampeyan bisa nggunakake, contone, sistem d:
sudo systemctl edit --force --full emailproxy.service
[Unit]
Description=Email OAuth 2.0 Proxy
[Service]
ExecStart=/usr/bin/python /path/to/emailproxy.py --no-gui
Restart=always
[Install]
WantedBy=multi-user.target
sudo systemctl enable emailproxy.service --now
sudo systemctl status emailproxy.service
sudo systemctl start emailproxy.serviceYen sambungan sing dienkripsi dibutuhake, iki uga bisa ditindakake - mula sampeyan nggawe kunci pribadi lan sertifikat sing ditandatangani dhewe.:
openssl genrsa -out key.pem 3072
openssl req -new -x509 -key key.pem -out cert.pem -days 360
Banjur referensi digawe ing emailproxy.config loro file iki:
local_key_path = /path/to/key.pem
local_certificate_path = /path/to/cert.pem