-
-
Notifications
You must be signed in to change notification settings - Fork 401
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ombi Email Notifications Failing Due to Deprecation of Basic Authentication #5175
Comments
I have this problem too with hotmail, got app password enabled
|
+1 |
How would you suggest resolving this without requiring every admin to create an Azure App Registration to support OAuth 2.0 for their installation ? |
You could avoid that by implementing a built-in option for OAuth 2.0, where admins configure their email credentials directly in the application, and Ombi handles the token generation and renewal process internally. Ultimately, the easier solution for Ombi would be to explicitly not support Microsoft email addresses and advocate for users to instead use a different email provider that still accepts basic auth. |
As far as I'm aware (correct me if I'm wrong), OAuth 2.0 still requires details such as ClientID etc which can only be created by performing an App Registration on Azure, Google Cloud etc.
As time progresses, more and more providers will stop offering basic auth. I wonder how other Open Source projects similar to Ombi are handling this issue. |
I agree on this one, basic auth will disapear at some point |
Summary
Summary of the Issue:
The error reported relates to the recent deprecation of Basic Authentication by Microsoft in Exchange Online, particularly affecting applications that use SMTP, IMAP, or POP protocols. The Ombi application is attempting to authenticate using Basic Authentication while sending an email, which is now disabled by default, leading to the error:
MailKit.Security.AuthenticationException: 535: 5.7.139 Authentication unsuccessful, basic authentication is disabled.
Microsoft deprecated Basic Authentication as it is a security risk. It does not support multi-factor authentication (MFA) and is vulnerable to attacks where credentials could be intercepted and reused. Modern Authentication, based on OAuth 2.0, offers improved security by using tokens that expire and are specific to the application, preventing misuse.
Resolution:
Ombi Version
4.41.1
What platform(s) does this occur on?
Docker
What database are you using?
MySQL
Relevant log output
The text was updated successfully, but these errors were encountered: