Getting Started
Missed IBM TechXchange Dev Day: Virtual Agents? On-demand viewing is available here
*products versions - {webMethods Integration Server version: 10.3 and above}
webMethods Integration Server supports OAuth 2.0 in Email Listener from 10.3 onwards. Since with Microsoft announcement related to disabling of Basic Authentication for Outlook, EWS, RPS, POP, IMAP, and EAS protocols in Exchange Online from Oct 1 2022 onwards, many users are now configuring Email listener with OAuth 2.0 to comply with the new Microsoft guidelines.
NOTE: In the Microsoft announcement, they are not disabling or changing any settings for SMTP AUTH, so Basic authentication will be working for sending mails (SMTP).
In this process of moving to OAuth 2.0 , user might encounter issues when trying to enable the Email listener. This article highlights the things that needs to be check in order to successfully enable a Email listener with OAuth settings.
If Email listener with OAuth settings is not enabled, then please check:
"0068 Email Listener " component logging is set to TRACE in the Settings > Logging > View Server Logger Details
The “Auth URL” and “Access Token URL” in the Email listener is in below format. Auth URL :https://login.microsoftonline.com/{TenantID}/oauth2/v2.0/authorize Access Token URL: https://login.microsoftonline.com/{TenantID}/oauth2/v2.0/token
User has specified correct secret in the “Client Secret” field. Note: Secret ID is different from Client Secret.
Scope is defined correctly and must be “offline_access https://outlook.office365.com/IMAP.AccessAsUser.All”
offline_access https://outlook.office365.com/IMAP.AccessAsUser.All
“Transport Layer Security” is set to “Implicit”
The Truststore configured in the “Truststore Alias (optional)” field has the certificates of the Microsoft server. Generally JVM truststore (cacerts) have certificates from the popular sites including Microsoft .
If “Access Token Expiry Time” is empty, it means Integration Server has not yet received the Access token from the Microsoft. So, please enter the “Client Secret” field and click on “Get Authorization Code” link again to get a new Authorization code and access token.
Once the Email listener is enabled but the service mentioned in the listener is not invoked, then please check below mentioned configurations. This information is already there in Online Help/Integration Server Administrator guide.
Check the “Access Mode” of the port. It should be “Allow by Default” or the service is part of allowed list.
A user is specified in “Run services as user” field in the Email Port. Otherwise the authentication details needs to be part of the Email message.
If “Send reply email with service output” , “Send reply email on error” are set to “Yes” in the Email port, then make sure that “Email Notification” under "Settings > Resources " is configured correctly as those settings are used by Integration Server to send mails.