php - 如何在 PHPMailer for Exchange Online 中实现 Oauth 2.0

Question

正如你们许多人所知，从 2022 年 1 月 10 日起，Microsoft 将弃用 Exchange online 的基本身份验证(登录名和密码)。您可以在这里阅读全文:

https://www.microsoft.com/en-us/microsoft-365/blog/2022/09/01/microsoft-retires-basic-authentication-in-exchange-online/#:~:text=As%20previously%20announced%2C%20we%20are,users%20move%20to%20Modern%20Authentication

我目前正在使用 PHPMailer 从应用程序通过 SMTP 发送电子邮件。

当前代码的工作示例:

<?php
    include "vendor/autoload.php";
    
    use PHPMailer\PHPMailer\PHPMailer;
    use PHPMailer\PHPMailer\Exception;

    $mail = new PHPMailer;
    $mail->IsSMTP();
    $mail->Host = "smtp.office365.com";
    $mail->Port = "587";
    $mail->SMTPAuth = true;
    $mail->Username = "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="513c280e343c30383d113c287c323e3c21303f287f323e3c" rel="noreferrer noopener nofollow">[email protected]</a>";
    $mail->Password = "my_password";
    $mail->SMTPSecure = "tls";
    $mail->From = "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="3f5246605a525e56537f5246125c50524f5e5146115c5052" rel="noreferrer noopener nofollow">[email protected]</a>";
    $mail->FromName = "my_name";
    $mail->AddAddress("<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="701d092f151d11191c301d095d131f1d00111e095e131f1d" rel="noreferrer noopener nofollow">[email protected]</a>");
    $mail->IsHTML(true);
    $mail->Subject = "This is a test subject";
    $mail->Body = "Hello, how are you?";
    $mail->Send();
?>

我想从基本身份验证转移到 OAuth 2.0。在阅读了大量文档、在网上搜索了 3 天、尝试了又尝试之后，我无法让它工作。

我的新代码示例:

<?php
    include "vendor/autoload.php";

    use PHPMailer\PHPMailer\Exception;
    use PHPMailer\PHPMailer\OAuth;
    use PHPMailer\PHPMailer\PHPMailer;
    use PHPMailer\PHPMailer\SMTP;
    use Stevenmaguire\OAuth2\Client\Provider\Microsoft;
    
    $mail = new PHPMailer;
    $mail->isSMTP();
    $mail->Host = "smtp.office365.com";
    $mail->SMTPAuth = true;
    $mail->AuthType = "XOAUTH2";
    $mail->SMTPDebug = SMTP::DEBUG_LOWLEVEL;
    $mail->SMTPSecure = "tls";
    $mail->Port = 587;

    $username = "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="92ffebcdf7fff3fbfed2ffebbff1fdffe2f3fcebbcf1fdff" rel="noreferrer noopener nofollow">[email protected]</a>";
    $clientId = "client_id_from_azure_app_registration";
    $clientSecret = "client_secret_from_azure_app_registration";
    $redirectURI = "my_redirect_uri";
    $Token = "my_token";
    $mail->refresh_token = $Token;

    $provider = new Stevenmaguire\OAuth2\Client\Provider\Microsoft(
        [
            "clientId" => $clientId,
            "clientSecret" => $clientSecret,
            "redirectUri" => $redirectURI
        ]
    );

    $provider->urlAPI = "https://outlook.office365.com/.default";
    $provider->scope = "Mail.Send";

    $mail->setOAuth(
        new OAuth(
            [
                "provider" => $provider,
                "clientId" => $clientId,
                "clientSecret" => $clientSecret,
                "refreshToken" => $Token, 
                "userName" =>$username
            ]
        )
    );

    $mail->From = $username;
    $mail->AddAddress("<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="137e6a4c767e727a7f537e6a3e707c7e63727d6a3d707c7e" rel="noreferrer noopener nofollow">[email protected]</a>");   
    $mail->IsHTML(true);
    $mail->Subject = "This is a test subject";
    $mail->Body = "Hello, how are you?";
    $mail->Send();
?>

我通过 Postman 生成访问 token 并在上面的代码中使用此 token :

应用程序在 Microsoft Azure 中配置为具有所需的权限:

这是我得到的输出:

2022-09-27 13:51:38 Connection: opening to smtp.office365.com:587, timeout=300, options=array()
2022-09-27 13:51:38 Connection: opened
2022-09-27 13:51:38 SMTP INBOUND: "220 AS4P191CA0011.outlook.office365.com Microsoft ESMTP MAIL Service ready at Tue, 27 Sep 2022 13:51:37 +0000"
2022-09-27 13:51:38 SERVER -> CLIENT: 220 AS4P191CA0011.outlook.office365.com Microsoft ESMTP MAIL Service ready at Tue, 27 Sep 2022 13:51:37 +0000
2022-09-27 13:51:38 CLIENT -> SERVER: EHLO
2022-09-27 13:51:38 SMTP INBOUND: "250-AS4P191CA0011.outlook.office365.com Hello [2a02:4780:8:2::25]"
2022-09-27 13:51:38 SMTP INBOUND: "250-SIZE 157286400"
2022-09-27 13:51:38 SMTP INBOUND: "250-PIPELINING"
2022-09-27 13:51:38 SMTP INBOUND: "250-DSN"
2022-09-27 13:51:38 SMTP INBOUND: "250-ENHANCEDSTATUSCODES"
2022-09-27 13:51:38 SMTP INBOUND: "250-STARTTLS"
2022-09-27 13:51:38 SMTP INBOUND: "250-8BITMIME"
2022-09-27 13:51:38 SMTP INBOUND: "250-BINARYMIME"
2022-09-27 13:51:38 SMTP INBOUND: "250-CHUNKING"
2022-09-27 13:51:38 SMTP INBOUND: "250 SMTPUTF8"
2022-09-27 13:51:38 SERVER -> CLIENT: 250-AS4P191CA0011.outlook.office365.com Hello [2a02:4780:8:2::25]250-SIZE 157286400250-PIPELINING250-DSN250-ENHANCEDSTATUSCODES250-STARTTLS250-8BITMIME250-BINARYMIME250-CHUNKING250 SMTPUTF8
2022-09-27 13:51:38 CLIENT -> SERVER: STARTTLS
2022-09-27 13:51:38 SMTP INBOUND: "220 2.0.0 SMTP server ready"
2022-09-27 13:51:38 SERVER -> CLIENT: 220 2.0.0 SMTP server ready
2022-09-27 13:51:38 CLIENT -> SERVER: EHLO
2022-09-27 13:51:38 SMTP INBOUND: "250-AS4P191CA0011.outlook.office365.com Hello [2a02:4780:8:2::25]"
2022-09-27 13:51:38 SMTP INBOUND: "250-SIZE 157286400"
2022-09-27 13:51:38 SMTP INBOUND: "250-PIPELINING"
2022-09-27 13:51:38 SMTP INBOUND: "250-DSN"
2022-09-27 13:51:38 SMTP INBOUND: "250-ENHANCEDSTATUSCODES"
2022-09-27 13:51:38 SMTP INBOUND: "250-AUTH LOGIN XOAUTH2"
2022-09-27 13:51:38 SMTP INBOUND: "250-8BITMIME"
2022-09-27 13:51:38 SMTP INBOUND: "250-BINARYMIME"
2022-09-27 13:51:38 SMTP INBOUND: "250-CHUNKING"
2022-09-27 13:51:38 SMTP INBOUND: "250 SMTPUTF8"
2022-09-27 13:51:38 SERVER -> CLIENT: 250-AS4P191CA0011.outlook.office365.com Hello [2a02:4780:8:2::25]250-SIZE 157286400250-PIPELINING250-DSN250-ENHANCEDSTATUSCODES250-AUTH LOGIN XOAUTH2250-8BITMIME250-BINARYMIME250-CHUNKING250 SMTPUTF8
2022-09-27 13:51:38 Auth method requested: XOAUTH2
2022-09-27 13:51:38 Auth methods available on the server: LOGIN,XOAUTH2

Fatal error: Uncaught League\OAuth2\Client\Provider\Exception\IdentityProviderException: Bad Request in /home/u760208683/vendor/stevenmaguire/oauth2-microsoft/src/Provider/Microsoft.php:79 Stack trace: #0 /home/u760208683/vendor/league/oauth2-client/src/Provider/AbstractProvider.php(628): Stevenmaguire\OAuth2\Client\Provider\Microsoft->checkResponse(Object(GuzzleHttp\Psr7\Response), Array) #1 /home/u760208683/vendor/league/oauth2-client/src/Provider/AbstractProvider.php(537): League\OAuth2\Client\Provider\AbstractProvider->getParsedResponse(Object(GuzzleHttp\Psr7\Request)) #2 /home/u760208683/vendor/phpmailer/phpmailer/src/OAuth.php(115): League\OAuth2\Client\Provider\AbstractProvider->getAccessToken(Object(League\OAuth2\Client\Grant\RefreshToken), Array) #3 /home/u760208683/vendor/phpmailer/phpmailer/src/OAuth.php(128): PHPMailer\PHPMailer\OAuth->getToken() #4 /home/u760208683/vendor/phpmailer/phpmailer/src/SMTP.php(598): PHPMailer\PHPMailer\OAuth->getOauth64() #5 /home/u760208683/vendor/phpmailer/phpmailer/src/PHPMailer in /home/u760208683/vendor/stevenmaguire/oauth2-microsoft/src/Provider/Microsoft.php on line 79

有人能指出我正确的方向吗？

非常感谢!

亲切的问候，洛朗

Answer 1

Fatal error: Uncaught League\OAuth2\Client\Provider\Exception\IdentityProviderException:

此错误是由于您提供的是 access_token 来发送邮件，而不是刷新_token。

首先，添加范围offline_access以在授权网址中获取refresh_token并将其保存在应用程序中的某个位置(过期时间为24小时或90天，具体取决于应用程序类型)获得刷新 token 后，您可以使用相同的 token 发送任意数量的邮件。

您可以通过在网址中提供另一个未过期的刷新 token 并将 grant_type 更改为刷新 token 并添加 key 刷新 token 来获取新 token 。