"Modern Authentication" OAuth2 for retrieving Emails

Online help for LANMailServer

Email Server for Local Networks POP3 IMAP4 IMAP with Autoresponder, SMTP Relay Server, Email Distribution Groups, OAuth2 Support

"Modern Authentication" OAuth2 for retrieving Emails

OAuth2 is currently supported by Microsoft Office 365/Exchange Online and Gmail. Other providers/applications that also support the OAuth2 standard can be configured independently, e.g., LANMailServer Email Server.

Difference Between BASIC/Standard Authentication and "Modern Authentication" OAuth2

The POP3, IMAP, and SMTP protocols provide authentication using a username/email address and password. Over the years, various simple and complex encryption methods have been developed to ensure that login credentials cannot be intercepted during client-server communication.
With "Modern Authentication" using OAuth2, permission from the user must be obtained via a browser using an additional app provided by the server operator. Once permission is granted, the application receives an access token. Authentication then occurs using this token without transmitting the password. The access token expires at short intervals, requiring a new one to be requested repeatedly. This is more secure than using the same password continuously.
Disadvantage of "Modern Authentication": A separate app must be created for each server operator, and proof of authenticity may be required, making this process time-consuming.

Information about OAuth: Wikipedia OAuth

Built-In OAuth2 App

An app is pre-integrated for accessing Microsoft accounts. You need to select the correct account type to gain access.

Microsoft Azure AD v2 - Business or School Account	You may only use this account type if you have a business or school account with Microsoft. For private personal accounts (hotmail.com, live.com, outlook.com...), use the account type "Microsoft Azure AD - Personal Account."
Microsoft Azure AD - Personal Account	Use this account type if you have a private, personal account (hotmail.com, live.com, outlook.com...) with Microsoft.

For Google accounts, you must create an app yourself due to the complex verification process: Create OAuth2 App in Google Cloud.

Newsletter SuperMailer: Import contacts from Microsoft Cloud or send emails via Microsoft Cloud.

This functionality uses a separate app with its own access tokens, which must be authorized separately.

Using OAuth2

In the respective dialog for sending or receiving emails, choose:

<SMTP/POP3/IMAP> AUTHentication Basic/Standard

OAuth2 <account type> or

OAuth2 <custom_app>.

OAuth2 instead pf BASIC/Standard auth

You do not need to enter a password.

Then click on the "Test" button to authorize the app in the browser (authorization) and obtain an access token for the desktop program.

Using the Access Token

The desktop program will use the access token instead of the password in the future and will also update it automatically every 60 minutes. This access token will be used for the SMTP, POP3, and IMAP protocols for the respective email address when OAuth2 is selected for authentication.

Data Storage

The desktop programs SuperMailer, BirthdayMailer, FollowUpMailer, MailboxFetcher, and SuperSpamKiller Pro store the data encrypted in the Windows registry. All desktop programs access the same data, so it is not necessary to authorize access or create a new app in every desktop program.

The LANMailServer email server uses its own app and stores the data in the local database, allowing easy data transfer when moving the server.

Adding Custom OAuth2 Apps or Deleting Access Tokens

In the desktop program for configuring email sending or receiving, select "Manage OAuth2 Apps and Tokens."

OAuth2 instead pf BASIC/Standard auth

OAuth2 und Zugriffstokens verwalten

Add	A custom app can be added. Create OAuth2 App in Microsoft Cloud for Office 365/Exchange Online Create OAuth2 App in Google Cloud
Modify	Modify the app's settings.
Delete	Permanently deletes the app. Note: The desktop programs SuperMailer, BirthdayMailer, FollowUpMailer, and SuperSpamKiller Pro save the app name when OAuth2 is selected. If you delete an app in use, you must reconfigure the email sending or receiving settings.
Sign Out Accounts	First select the app, then click "Sign Out Accounts." You can now choose the email addresses for which to sign out from the cloud provider and delete the access tokens. Note: If the cloud provider returns an error during sign-out, this will be displayed, but the local access tokens will still be deleted. OAuth2 App for Accessing Microsoft Accounts for SuperMailer, BirthdayMailer, FollowUpMailer, MailboxFetcher, and SuperSpamKiller Pro OAuth2 App for Accessing Microsoft Accounts for LANMailServer
Revoke Access	This function is only available if supported by the cloud provider and the corresponding URL is stored in the app settings. First select the app, then click "Revoke Access." You can now choose the email addresses for which to sign out and remove them from the cloud provider account, and delete the access tokens. Note: If the cloud provider returns an error during sign-out, this will be displayed, but the local access tokens will still be deleted. OAuth2 App for Accessing Microsoft Accounts for SuperMailer, BirthdayMailer, FollowUpMailer, and SuperSpamKiller Pro OAuth2 App for Accessing Microsoft Accounts for LANMailServer