TASk-3786: outbound_smtp_auth supporting XOAUTH2 (#792)

Author: juliebin

content/momentum/4/modules/index.md

@@ -1,5 +1,5 @@
 ---
-lastUpdated: "03/01/2025"
+lastUpdated: "05/30/2025"
 title: "Category File"
 type: "custom"
 name: "Modules Reference"
@@ -63,7 +63,7 @@ description: "Table of Contents 71 1 Introduction 71 2 ac auth Authentication Ha
 | [openarc](/momentum/4/modules/openarc) | Open Source ARC |
 | [opendkim](/momentum/4/modules/opendkim) | Open Source DKIM |
 | [outbound_audit](/momentum/4/modules/outbound-audit) | Outbound traffic analytics |
-| [outbound_smtp_auth(modules.outbound_smtp_auth.php) |
+| [outbound_smtp_auth](/momentum/4/modules/outbound-smtp-auth) | Outbound authentication |
 | [persist_io](/momentum/4/modules/persistio) | Persistent IO Wrapper |
 | [pipe_io](/momentum/4/modules/pipeio) | Pipe IO Wrapper |
 | [pipe_transport](/momentum/4/modules/pipe-transport) | Module |

content/momentum/4/modules/outbound-smtp-auth.md

@@ -1,84 +1,94 @@
 ---
-lastUpdated: "03/26/2020"
+lastUpdated: "05/30/2025"
 title: "outbound_smtp_auth"
-description: "This module enables users to specify authentication parameters for a given set of messages so that Momentum will authenticate against the peer server when it sends outbound mail It currently supports the AUTH LOGIN and AUTH PLAIN methods of authentication You can specify the parameters in configuration or in lua..."
+description: "This module enables users to specify authentication parameters for a given set of messages so that Momentum will authenticate against the peer server when it sends outbound mail It currently supports the AUTH LOGIN, AUTH PLAIN and AUTH XOAUTH2 methods of authentication You can specify the parameters in configuration or in lua..."
 ---
 
-<a name="idp22419360"></a> 
+<a name="modules.outbound_smtp_auth"></a>
 
-This module enables users to specify authentication parameters for a given set of messages so that Momentum will authenticate against the peer server when it sends outbound mail. It currently supports the 'AUTH LOGIN' and 'AUTH PLAIN' methods of authentication. You can specify the parameters in configuration or in lua, or use a combination of both.
+This module enables users to specify authentication parameters for a given set of messages so that
+Momentum will authenticate against the peer server when it sends outbound mail. It currently
+supports the `AUTH LOGIN`, `AUTH PLAIN` and `AUTH XOAUTH2` methods of authentication.
+ You can specify the parameters in configuration or in lua, or use a combination of both.
 
 ### Note
 
 This module makes heavy use of message contexts to facilitate authentication. If it is enabled, you risk having extra I/O unless `keep_message_dicts_in_memory` is on.
 
-**Configuration Change. ** This feature is available in Momentum 4.2 and later.
+**Configuration Change** This module is refactored in Momentum 5.1, but this feature is available in
+ Momentum 4.2 and later. `AUTH XOAUTH2` support is added in 5.1.
 
 ### <a name="modules.outbound_smtp_auth.configuration"></a> Configuration
 
-Configuration variables are listed below. These values can all be changed and overridden by setting context variables with the same name as the options in lua. All variables are valid in the binding group, binding, domain, and global scopes.
+Configuration variables are listed below. These values can all be changed and overridden by setting
+ message context variables with the same name as the options in lua.
+ All variables are valid in the binding group, binding, domain, and global scopes.
 
 <dl class="variablelist">
 
-<dt>outbound_smtp_auth_key</dt>
-
-<dd>
-
-A unique key that can be used in lua to look up authorization details in a database. It enables you to easily trigger custom behavior based on a configuration scope. The default value is `false`.
-
-</dd>
-
 <dt>outbound_smtp_auth_pass</dt>
 
 <dd>
 
-The password that will be passed to the remote server. The default value is `false`.
+The password or auth token (e.g. for `AUTH XOAUTH2`) that will be passed to the remote server.
+ It has no default value.
 
 ### Note
 
-Setting the password in configuration will leave it as plaintext. To set the password more securely, dynamically retrieve it from a data store in lua and set it in the context variable that corresponds to this option.
+Setting the password in configuration will leave it as plaintext.
+ To set the password more securely, it's recommended to dynamically retrieve it from a data store
+ in lua and set it in the context variable that corresponds to this option.
 
 </dd>
 
 <dt>outbound_smtp_auth_type</dt>
 
 <dd>
 
-Determines what authentication protocol should be used. The only supported values are 'PLAIN' and 'LOGIN'. The default value is `false`.
+Determines what authentication protocol should be used. The only supported values are `PLAIN`,
+ `LOGIN` and `XOAUTH2`. It has no default value.
 
 </dd>
 
 <dt>outbound_smtp_auth_user</dt>
 
 <dd>
 
-The username that will be passed to the remote server. The default value is `false`.
+The username that will be passed to the remote server. It has no default value.
 
 </dd>
 
 </dl>
 
 ### <a name="modules.outbound_smtp_auth.usage"></a> Usage
 
+A hook `outbound_smtp_auth_config(msg)` is added by this module to allow per message auth settings.
+ The settings in `ec_message` context will override the configuration values.
+ This hook is called in delivery/scheduler thread before sending SMTP `AUTH` command.
+ Please avoid blocking or lengthy operations when implementing this hook.
+
 Basic examples of usage are provided below.
 
-The following example shows how you can extend the new hook and set the username and password in lua.
+The following example shows how you can extend the new hook and set the username and password in lua
+ for each message.
 
-<a name="modules.outbound_smtp_auth.example.set_username_pw"></a> 
+<a name="modules.outbound_smtp_auth.example.set_username_pw"></a>
 
 
 ```
-function mod:outbound_smtp_auth_config(msg, ac, vctx)
-  print('NOTICE: outbound_smtp_auth_config Lua hook called');
-  print('NOTICE: msg:['.. tostring(msg) ..']')
-  msg:context_set(VCTX_MESS, 'outbound_smtp_auth_user', 'foo')
-  msg:context_set(VCTX_MESS, 'outbound_smtp_auth_pass', 'bar')
+function mod:outbound_smtp_auth_config(msg)
+  --print('NOTICE: outbound_smtp_auth_config Lua hook called');
+  msg:context_set(VCTX_MESS, 'outbound_smtp_auth_type', 'XOAUTH2')
+  -- credential taken from example here:
+  -- https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth
+  msg:context_set(VCTX_MESS, 'outbound_smtp_auth_user', '[email protected]')
+  msg:context_set(VCTX_MESS, 'outbound_smtp_auth_pass', 'EwBAAl3BAAUFFpUAo7J3Ve0bjLBWZWCclRC3EoAA')
 end
 ```
 
 The following example shows how to use the new configuration variables to set distinct authorization parameters for two different domains.
 
-<a name="modules.outbound_smtp_auth.example.set_auth_parms"></a> 
+<a name="modules.outbound_smtp_auth.example.set_auth_parms"></a>
 
 
 ```
@@ -90,13 +100,17 @@ Domain "messagesystems.com" {
   Outbound_SMTP_AUTH_Type = "LOGIN"
   Outbound_SMTP_AUTH_User = "msys"
   Outbound_SMTP_AUTH_Pass = "msys"
-  Outbound_SMTP_AUTH_Key = "somestring"
 }
 
 Domain "sparkpost.com" {
   Outbound_SMTP_AUTH_Type = "PLAIN"
   Outbound_SMTP_AUTH_user = "sparkpost"
   Outbound_SMTP_AUTH_pass = "sparkpost"
-  Outbound_SMTP_AUTH_Key = "someotherstring"
 }
-```
+
+Domain "bird.com" {
+  Outbound_SMTP_AUTH_Type = "XOAUTH2"
+  Outbound_SMTP_AUTH_user = "[email protected]"
+  Outbound_SMTP_AUTH_pass = "EwBAAl3BAAUFFpUAo7J3Ve0bjLBWZWCclRC3EoAA"
+}
+```

content/momentum/4/modules/outbound-smtp-auth_v0.md

@@ -0,0 +1,105 @@
+---
+lastUpdated: "03/26/2020"
+title: "outbound_smtp_auth_v0"
+description: "This module enables users to specify authentication parameters for a given set of messages so that Momentum will authenticate against the peer server when it sends outbound mail It currently supports the AUTH LOGIN and AUTH PLAIN methods of authentication You can specify the parameters in configuration or in lua..."
+---
+
+<a name="idp22419360"></a>
+
+** This module is deprecated and replaced by the new
+[outbound_smtp_auth](/momentum/4/modules/outbound-smtp-auth) module since 5.1. **
+
+This module enables users to specify authentication parameters for a given set of messages so that Momentum will authenticate against the peer server when it sends outbound mail. It currently supports the 'AUTH LOGIN' and 'AUTH PLAIN' methods of authentication. You can specify the parameters in configuration or in lua, or use a combination of both.
+
+### Note
+
+This module makes heavy use of message contexts to facilitate authentication. If it is enabled, you risk having extra I/O unless `keep_message_dicts_in_memory` is on.
+
+**Configuration Change. ** This feature is available in Momentum 4.2 and later.
+
+### <a name="modules.outbound_smtp_auth_v0.configuration"></a> Configuration
+
+Configuration variables are listed below. These values can all be changed and overridden by setting context variables with the same name as the options in lua. All variables are valid in the binding group, binding, domain, and global scopes.
+
+<dl class="variablelist">
+
+<dt>outbound_smtp_auth_key</dt>
+
+<dd>
+
+A unique key that can be used in lua to look up authorization details in a database. It enables you to easily trigger custom behavior based on a configuration scope. The default value is `false`.
+
+</dd>
+
+<dt>outbound_smtp_auth_pass</dt>
+
+<dd>
+
+The password that will be passed to the remote server. The default value is `false`.
+
+### Note
+
+Setting the password in configuration will leave it as plaintext. To set the password more securely, dynamically retrieve it from a data store in lua and set it in the context variable that corresponds to this option.
+
+</dd>
+
+<dt>outbound_smtp_auth_type</dt>
+
+<dd>
+
+Determines what authentication protocol should be used. The only supported values are 'PLAIN' and 'LOGIN'. The default value is `false`.
+
+</dd>
+
+<dt>outbound_smtp_auth_user</dt>
+
+<dd>
+
+The username that will be passed to the remote server. The default value is `false`.
+
+</dd>
+
+</dl>
+
+### <a name="modules.outbound_smtp_auth_v0.usage"></a> Usage
+
+Basic examples of usage are provided below.
+
+The following example shows how you can extend the new hook and set the username and password in lua.
+
+<a name="modules.outbound_smtp_auth_v0.example.set_username_pw"></a>
+
+
+```
+function mod:outbound_smtp_auth_v0_config(msg, ac, vctx)
+  print('NOTICE: outbound_smtp_auth_v0_config Lua hook called');
+  print('NOTICE: msg:['.. tostring(msg) ..']')
+  msg:context_set(VCTX_MESS, 'outbound_smtp_auth_user', 'foo')
+  msg:context_set(VCTX_MESS, 'outbound_smtp_auth_pass', 'bar')
+end
+```
+
+The following example shows how to use the new configuration variables to set distinct authorization parameters for two different domains.
+
+<a name="modules.outbound_smtp_auth_v0.example.set_auth_parms"></a>
+
+
+```
+outbound_smtp_auth_v0 { }
+
+Keep_Message_Dicts_In_Memory = true
+
+Domain "messagesystems.com" {
+  Outbound_SMTP_AUTH_Type = "LOGIN"
+  Outbound_SMTP_AUTH_User = "msys"
+  Outbound_SMTP_AUTH_Pass = "msys"
+  Outbound_SMTP_AUTH_Key = "somestring"
+}
+
+Domain "sparkpost.com" {
+  Outbound_SMTP_AUTH_Type = "PLAIN"
+  Outbound_SMTP_AUTH_user = "sparkpost"
+  Outbound_SMTP_AUTH_pass = "sparkpost"
+  Outbound_SMTP_AUTH_Key = "someotherstring"
+}
+```