ATS 4 for Joomla 3 will NOT be migrated to OAuth2 for Microsoft accounts.
We are currently evaluating whether it is possible to implement OAuth2 for Microsoft accounts on ATS 5 for Joomla 4 and whether this makes sense as a long term commitment.
There are two major concerns with OAuth2 for email authentication.
The first one is that using OAuth2 to authenticate with email providers is not standardised and not supported natively in PHP. We can only offer support if the email provider supports XOAUTH2 and the only third party PHP library which implements this authentication method (Horde) continues to be maintained. This may restrict our ability to support this feature on newer versions of PHP or, if Horde is not updated, drop this feature completely. To give you a better idea of the current situation, we are currently using an obsolete version of PHP (7.2) and Composer (1.10) to get Horde through its PEAR repository (PEAR has been abandoned, Composer 1.10 is end of life and PHP 7.2 is also end of life). Horde itself does not support PHP newer than 7.3 so we are patching it using Rector to make it support PHP 8.0. We do not think this is a solution that can be maintained in the long run. Eventually there will be no environment capable of running the toolkit necessary to install the Horde library and we expect that the changes slated for PHP 9 will make this kind of hot patching completely impossible.
The second problem is that OAuth2 requires having a hosted service. Our experience with Google nearly two years ago is that the email providers WILL NOT authorise the creation of a generic hosted service (OAuth2 application) whose purpose is to relay credentials to a client like ATS — even though they have done exactly that for email applications like Thunderbird. This necessitates that the user (you) create an OAuth2 application and set it up correctly for your email account or, more generally, email accounts for your organisation.
Our recommendation is to forward your emails to a different mailbox which can be accessed with regular authentication over the IMAP or POP3 protocol. This will allow you to retrieve emails without having to go through the complicated OAuth2 setup and without risking losing support for it if you upgrade PHP.
We will continue monitoring the situation of email retrieval through PHP —an issue which affects the entire PHP ecosystem, not just our software— and re–evaluate the viability of the email fetch feature as a result.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!