Hi, we would like to know if OJS 3.5 supports modern auth smtp in ojs 3.5
Does OJS 3.5 support OAuth2 for SMTP? With Microsoft and Google moving away from Basic Auth (username/password), we need to ensure OJS 3.5 can authenticate using OAuth2/Modern Auth.
Thanks
HI @deepakc,
There is reference to Oauth2 here: OAuth2 authentication · Issue #6988 · pkp/pkp-lib · GitHub
However, I don’t think this plugin (which is developed by a third party) mentioned has been updated, but there is a note to re-open this issue if there is interest.
-Roger
PKP Team
@rcgillis, this plugin is for OAuth authentication in OJS. Regarding its use in SMTP, there is this thread from 2023 with an explanation by Alec: Community recommendations for OAuth setup in OJS? - #2 by asmecher
@deepakc , I haven’t done an exhaustive search of the forum, but it might be worth looking to see if there are any more recent topic.
Hi @deepakc,
I’m afraid the long answer is going to require a bit of a detour through OJS history…
OJS 3.3 and older used PHPMailer directly to deliver email. OJS 3.4 and newer (including 3.5) uses Symfony mailer instead (in line with our increasing adoption of Laravel, which also uses Symfony mailer).
Symfony mailer includes support for a number of different authorization methods and transports. Configuration for these is passed in from the config.inc.php configuration file in the PKP Container’s initialization – this is where OJS configuration is adapted to Laravel-style configuration (including for the mailer).
As you can see from that snippet of code, the transport configured there is still PHPMailer [edit: only with default = phpmailer in config.inc.php]! This is implemented in the PHPMailerTransport class, which maps the Laravel configuration into what PHPMailer expects. The reason for allowing this pathway is explained in #7285. In short, the usual Symfony transport requires the use of PHP proc_… functions, which are often disabled on commodity hosts. To avoid putting OJS users in conflict with their ISPs, we continued to support PHPMailer when needed.
Laravel’s mail system, and Symfony mailer and PHPMailer underneath it, all support a wide variety of auth options, including OAuth. But the configuration is transformed from OJS’s config.inc.php file, to Laravel-style configuration, then potentially to PHPMailer-style configuration, and not all configuration options are carried through.
If the configuration options that you require aren’t passed through in the configuration conversions from config.inc.php, let me know which additional options you need, and I may be able to get them added.
Related posts:
Regards,
Alec Smecher
Public Knowledge Project Team
To provide some wider context on why we are asking: we currently rely on a legacy mailhost, but we are seeing a significant decline in deliverability. Outlook has already started dropping emails sent via our mailhost, and we expect Gmail to follow suit as they tighten sender requirements.
Since Microsoft 365 has officially retired Basic Auth for SMTP, we are essentially stuck. To ensure our journals can reliably reach users, Modern Auth (XOAUTH2) support is becoming a critical requirement.
We don’t know till when we can reply on mailhost.
Thanks a lot Alec for the detailed/historical explanation.
Very needed to understand the real issue and the hard work the Dev team is doing.
We had the same problem with Microsoft last year, but luckily our institution still maintains its own relay server that supports Basic oAuth and, in turn, signs the mails and forwards to Microsoft (with the deliverability issues deepakc mention).
If it weren’t for that, we would have a big problem.
The point is, in our region 70% of universities already use M$ email, so the scenario described will be the norm. As this Basic oAuth deprecation also happens in Google, the problem will be even bigger.
So in short, what I’m trying to say it’s that, as deepakc I also think Modern Auth is a critical requirement… an until it’s implemented, we will need to document better usual configurations and workarounds.
Take care,
m.
Hi all,
Just a quick follow-up – I think I got some details wrong in the first response.
In the [email] section, if you use sendmail or smtp for the default setting, then Symfony Mailer is used to deliver messages. Only if you use phpmailer will PHPMailer be used.
Regards,
Alec Smecher
Public Knowledge Project Team
thanks for the info. Does symfony mailer provides connection via oauth2 for SMTP?