Ever since we announced our intention to disable Basic Authentication in Exchange Online we said that we would add Modern Auth (OAuth 2.0) support for the IMAP, POP and SMTP AUTH protocols.
Today,...
Updated Jun 30, 2022
Version 6.0
Blog Post
1 MIN READ
Announcing OAuth 2.0 support for IMAP and SMTP AUTH protocols in Exchange Online
In addition to use with personal mail accounts, we use MSFT OAuth2 authentication extensively for outbound mail from our websites via PHPMailer (for Contact forms, sales notifications to customers and so on). To avoid reissuing refresh tokens along with the access bearer token each time a customer uses a website's form or when the website itself wants to send email, we need regularly to manually authenticate and reissue a refresh token for each website before each 90 day limit on refresh tokens expires.
The 90 day limit seems sacrosanct. Is it the intention that such service accounts should themselves request a new refresh token when the expiry date is near (difficult, given that unlike access tokens, refresh tokens cannot be parsed).
It must be a common problem, so any ideas on how we should approach it ?