Ukufikelela nge-PHP kuTshintsho/iOfisi 365

Kudala kubhengezwe - ngoku iyinyani : IMicrosoft ilucimile ukuqinisekiswa ngephasiwedi kwiiprothokholi ezithile kuTshintsho kwi-Intanethi ukusuka ngoSeptemba ka-2022 ngokuthanda i-oAuth2. Imiba yeGitHub yamathala eencwadi amaninzi kunye nezikripthi ezigcinayo zenza kucace ukuba utshintsho lwabamba abalawuli abaninzi ngokumangalisayo. Apha ngezantsi sibonisa indlela yokuqhubeka nokufikelela imixholo yebhokisi yemeyile yoTshintshiselwano ngoncedo lwe-oAuth2 nge-PHP nge-IMAP.


Ngokwembono yokhuseleko, intshukumo yeMicrosoft ichanekile kakhulu, kodwa ukuntsonkotha kofikelelo lwenkqubo kwii-imeyile zonyuke kancinci. Umzekelo, ukuba usebenzisa ibarbushin/php-imap ilayibrari esetyenziswa ngokubanzi , ufikelelo lusetyenziswa ngolu hlobo lulandelayo.:

734a82898010e2fcb02c72c3cd9702c2

Ayisasebenzi nje. Ukuze kusekwe umdibaniso nge-oAuth2, ubunzima bokuqala kukufumana uphawu lofikelelo. Kwaye oku kufuneka uthathe imiqobo emibini.

I-Azure Active Directory

La manyathelo alandelayo abhalisa i-app entsha kwi-Azure Active Directory:

Ngena kwi- https://portal.azure.com
Vula i "Azure Active Directory"
Khetha "Ubhaliso lwe-App" kunye "nobhaliso olutsha".
Khuphela "I-ID yeSicelo (uMthengi)" (=I-ID yoMthengi) & "neSazisi sikavimba weefayili (umqeshi)" (=I-ID yoMqeshi).
"Iimvume zeAPI" kunye "Yongeza iMvume"
"IiAPI ezisetyenziswa ngumbutho wam" kunye "neOfisi 365 Utshintshiselwano kwi-Intanethi"
"Iimvume zeSicelo" & "IMAP.AccessAsApp"
Ndinike imvume admin
"Izatifikethi kunye neeMfihlo" kunye "neeMfihlo zoMthengi" kunye "neMfihlo eNtsha yoMthengi"
Khetha inkcazo kwaye usete ubunyani
Khuphela "iSazisi esiMfihlo" (iMfihlo yoMthengi) kwibhodi eqhotyoshwayo
Vula usetyenziso lweshishini
Khuphela "i-ID yento".

I-PowerShell

Ngoku sivula i-app kwi Microsoft PowerShell (Imo yomlawuli) kwaye unikeze iimvume kwiibhokisi zeposi ezizimeleyo (<TENANTID>, <CLIENTID>, <OBJECTID>, <EMAIL> kufuneka kutshintshwe kwimeko nganye):

Install-Module -Name ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline -Organization <TENANTID>

New-ServicePrincipal -AppId <CLIENTID> -ServiceId <OBJECTID>
Add-MailboxPermission -Identity "<EMAIL>" -User <OBJECTID> -AccessRights FullAccess
...

Nje ukuba uyenzile loo nto, enye ayiyonzululwazi yerokhethi. Ekubeni i-barbushin/php-imap ayixhasi i-oAuth2, ungaqhagamshela nenye ithala leencwadi Webklex/php-imap (ekwanenzuzo yokungayifuni imodyuli ye- PHP IMAP ).:

734a82898010e2fcb02c72c3cd9702c2

Nangona kunjalo, amathala eencwadi angayixhasi ngokusemthethweni i-oAuth2 anokusetyenziswa nommeli onje simonrob/imeyile-oauth2-proxy yenze isebenze. Emva koku Khuphela kunye nofakelo nge python -m pip install -r requirements-no-gui.txt (Python ≥3.6 efunekayo) uhlela ifayile emailproxy.config umz. ngolu hlobo lulandelayo (ukutshintsha eli xesha <TENANTID>, <CLIENTID>, <CLIENTSECRET> kwaye <EMAIL>):

[Server setup]

[IMAP-1993]
local_address = localhost
server_address = outlook.office365.com
server_port = 993

[Account setup]

[<EMAIL>]
token_url = https://login.microsoftonline.com/<TENANTID>/oauth2/v2.0/token
oauth2_scope = https://outlook.office365.com/.default
redirect_uri = http://localhost:8080
client_id = <CLIENTID>
client_secret = <CLIENTSECRET>

Emva koko uqala i-proxy nge python emailproxy.py --no-gui kwaye ngoku ungaya kwi-IP engafihlwanga localhost kwizibuko 1993 qhagamshela nge-Auth eqhelekileyo eSiseko (kunye neseti yegama lokugqitha). Ukuba ufuna ukuqalisa i-proxy njengenkonzo ngasemva xa uqala inkqubo, ungasebenzisa, umzekelo inkqubo:

sudo systemctl edit --force --full emailproxy.service

[Unit]
Description=Email OAuth 2.0 Proxy
[Service]
ExecStart=/usr/bin/python /path/to/emailproxy.py --no-gui
Restart=always
[Install]
WantedBy=multi-user.target

sudo systemctl enable emailproxy.service --now
sudo systemctl status emailproxy.service
sudo systemctl start emailproxy.service

Ukuba udibaniso oluntsonkothileyo luyafuneka, oku kuyenzeka-ngokuba uqale wenze isitshixo sabucala kunye nesatifikethi esizisayinileyo.:

openssl genrsa -out key.pem 3072
openssl req -new -x509 -key key.pem -out cert.pem -days 360

Emva koko ireferensi yenziwe kwi emailproxy.config ezi fayile zimbini:

local_key_path = /path/to/key.pem
local_certificate_path = /path/to/cert.pem
Emva