How to pronounce "OAUTH" and what you need to know about it

2023-01-08 10:24
Written by

Is it "Oh-Oth"? "Owth"? "Worcestershire"?

I dunno. But if you use Microsoft Email services for bounce processing or the email processor, you need it now. And by "now" I mean three months ago.

In October, Microsoft discontinued "regular" authentication for IMAP and POP services, meaning that you can no longer just use a username and password when you configure the inbound mail accounts in CiviCRM (at Administer >> CiviMail >> Mail Accounts).

You need to enable the OAuth Client extension that ships with CiviCRM, and then configure a new mail account and remove the old one if you have one. For instructions see

Note that if you don't have control over how the tenancy is configured in the Microsoft account, you may need to either:

  • upgrade to 5.59+, which is not released yet but you can download a preview from, and then there will be a spot to configure the tenant id, OR
  • edit the ext/oauth-client/providers/ms-exchange.dist.json file and change where it says "common" to your tenant id.

The second option is recommended since the first one may make it difficult to upgrade properly to the real 5.59 when it is released, but if you like that kind of excitement then go for it.

Note that none of this applies to Outbound Mail (at Administer >> System Settings >> Outbound mail). It may someday, but email vendors are not enforcing it yet, and CiviCRM does not support it yet.

For detailed technical reading see related lab tickets tagged comp:OAuth.

Filed under