Microsoft OAuth 2.0 Setup

overview microsoft oauth 2 0 for smtp is a secure authentication mechanism that allows onprintshop to send emails through microsoft 365 using token based authorization instead of traditional username and password credentials this modern approach enhances security by eliminating the need to store sensitive credentials and ensuring compliance with microsoft’s authentication standards by integrating oauth 2 0 with smtp, onprintshop can securely manage email communications such as order updates, notifications, and system alerts through a trusted connection purpose the purpose of this setup is to establish a secure and authorized connection between your microsoft 365 account and onprintshop for sending emails via smtp this ensures improved security, controlled access through permissions, and uninterrupted email delivery aligned with microsoft’s recommended practices configuration microsoft configuration step 1 verify required access ensure that you have a microsoft 365 work account with an active tenancy you should also have access to the microsoft admin center and microsoft entra portal to configure permissions and register the application required for oauth setup step 2 register application go to the microsoft entra portal https //entra microsoft com and navigate to entra id > app registrations click on new registration to begin creating a new application enter the application name as onprintshop oauth email and select the supported account types as any entra id tenant + personal microsoft accounts under the redirect uri section, choose web and enter the redirect url as https //your ops domain com/admin/get oauth token php once all details are added, click register to create the application step 3 note application details after registration, you will be redirected to the overview page copy and securely store the application (client) id and directory (tenant) id , as these will be required during the onprintshop configuration step 4 create client secret navigate to the “ certificates & secrets ” tab and click on “ new client secret ” add a description such as “ onprintshop oauth email ,” select an expiration period (recommended 24 months), and click “ add ” copy the generated secret value immediately, as it will not be visible again step 5 configure api permissions navigate to the “api permissions” tab, click “add a permission,” and then select “microsoft graph" choose “delegated permissions” and add the required permissions, including “offline access,” "smtp send,” and “mail send” after adding the permissions, click “ grant admin consent ” to authorize them for your organization step 6 allow authenticated smtp access the microsoft admin center and navigate to users > active users select the user account that will be used to send emails, then go to mail settings and open “ manage email apps ” enable the “ authenticated smtp ” option by checking the corresponding box and saving the changes configuration in onprintshop admin panel log in to the onprintshop admin panel using an administrator account, navigate to content management → email/sms → configuration , and click “add” to create a new email configuration in the configuration form, enter the required details enter the email connection title (e g , “microsoft azure oauth email”), select smtp as the connection type enter the smtp host as smtp gmail com , select tls encryption, and set the port to 587 choose smtp authentication as yes , then oauth 2 0 as the authentication method with microsoft as the provider provide the microsoft email address as the smtp username, along with the client id and client secret obtained earlier generate the refresh token using the provided authorization link and grant the required permissions to establish a secure connection between onprintshop and your google account once the refresh token is generated successfully, send a test email to verify that the configuration is working correctly after confirming successful email delivery, save the email configuration finally, navigate to content management → email/sms → set notification tab and assign the configured microsoft email address as the “from email” to complete the setup