SMTP Authentication with OAuth 2.0

Inside the Email settings of a realm (for sending registration emails etc.) you can use username/password to authenticate with the SMTP server. From the source code I think I can assume that Jakarta Mail is used to authenticate with the SMTP server by using BASIC AUTH.

Unfortunatly Microsoft with their Office 365 started to disable BASIC AUTH for some tennants and plan to disable it fully along the year.

So we have some clients that we need to send emails in their name and thus authenticate at the MS SMTP server by their secure “Modern authentication” - in the end it is just a token based authentication based on OAuth 2.0. In theory Jakarta Mail should be capable of authentication with this method (see OAuth2 Support).

So I think what is missing is the implementation in the keycloak email settings for this and the code in the backend.

Is there anything like that planned? Did anyone else had this problem? Are there perhaps any extensions for keycloak implementing this?

2 Likes