Picture of OAuth Authentication for SMTP Email

OAuth Authentication for SMTP Email

What this article covers

This article explains how to configure OAuth 2.0 authentication for Infigo email accounts.
OAuth 2.0 replaces traditional username/password logins with secure, token-based access — improving security and aligning with modern email providers such as Microsoft 365 and Google Workspace.

About this feature

Email delivery is a vital part of your storefront experience — from password resets and order confirmations to customer notifications.
Historically, Infigo relied on Basic Authentication (username and password) to connect with SMTP servers. However, many providers are now deprecating or restricting Basic Auth in favour of OAuth 2.0, a more secure and flexible method.

This enhancement ensures your platform remains compatible with leading email services while reducing the risk associated with storing and transmitting credentials directly.

What’s included

  • Added OAuth 2.0 authentication support for SMTP connections

  • New configuration fields for:

    • Tenant ID

    • Client ID

    • Client Secret

    • Token Endpoint

    • Scope

  • Full backward compatibility with Basic Authentication for existing setups

  • Improved security and compliance with current industry standards

Key settings

When setting up or editing an email account, administrators can now select OAuth 2.0 Authentication from the available authentication methods.
This selection exposes new fields required to register and connect your OAuth credentials from your email provider.
These credentials are typically obtained from your provider’s developer portal (e.g., Microsoft Entra ID for 365, Google Cloud Console for Gmail).

Use cases

  • Microsoft 365 / Exchange Online users: Migrate to OAuth to comply with Microsoft’s Basic Auth deprecation.

  • Google Workspace customers: Enable token-based access for improved security and automatic renewal.

  • Security-focused organisations: Reduce risk exposure by removing stored passwords from your configuration.

  • IT-managed environments: Integrate with existing identity and access management (IAM) policies for better control.

Step-by-step implementation

  1. Go to Admin → Configuration → Email Accounts.

  2. Edit an existing email account or click Add New to create one.

  3. Under Authentication Method, select OAuth 2.0 Authentication.

  4. Enter the following details, provided by your email provider:

    • Tenant ID

    • Client ID

    • Client Secret

    • Token Endpoint

    • Scope

  5. Save your changes.

  6. Click Send Test Email to confirm the token-based connection is successful.

  7. Once verified, your storefront will send emails using OAuth 2.0 securely and automatically refresh tokens when needed.

Tips & best practices

  • Keep credentials secure: Store Tenant, Client, and Secret details safely — treat them as sensitive data.

  • Test on staging first: Confirm email delivery works correctly before enabling OAuth in production.

  • Monitor expiration policies: OAuth tokens refresh automatically, but ensure your provider’s configuration supports long-lived access.

  • Document your configuration: Record all OAuth credentials and endpoints for future updates or auditing.

  • Fallback compatibility: Basic Authentication remains supported if OAuth is not yet available in your environment.

Incomplete
Alternate Search Terms

share orders by department, view teammate orders in My Orders, reorder a colleague’s design, department-wide order history, cross-customer reorder within department, purchasing manager reorder for team, change an order’s department in Admin, find orders by coworker email, orders tied to department not user, quote reference prevents cross-user reorder