The End of Basic Authentication: OAuth 2.0

Microsoft 365, Google Workspace and other cloud providers are taking steps to direct their users towards more secure forms of authentication. A logical step when you read that in 2022 84% of companies had an identity-related leak in the past 12 months.
Basic Authentication, often in the form of a Username & Password, will soon become a thing of the past and will become ‘Modern Authentication’. For example, MFA (Multi Factor Authentication) and secure tokens such as OAuth 2.0 over secure channels such as HTTPS. Resulting in fewer brute force login attempts, mis/reuse of passwords and phishing/social engineering of login data.

Modern authentication image news item

Dovetail OAuth2 & InboundEmail component

Implementation of OAuth 2.0 has always been possible within Dovetail, however it required multiple flows due to the operation of the protocol. In order to meet the increasing demand for ‘Modern Authentication’ and especially to simplify the implementation, we have developed our own component for this. In addition, the InboundEmail component has been extended with the possibility to use an access token to authenticate with OAuth 2.0.

The OAuth2 and the custom InboundEmail component will be available in version 4.13.0.

What does it mean for me?

If your flows use Microsoft 365 services, the deadline is October 1, from that moment Microsoft will automatically start migrating its services to ‘Modern Authentication’. There is an option to postpone the transition of your system until January 2023. This article from Microsoft describes the steps you need to take if you want to do this.

If you do want to be ready for Modern Authentication on October 1, it is important that you check the flows and make the necessary adjustments. Check the API documentation of your linked endpoints for more information.

Until now we haven’t seen any deadlines for Google Workspace and other cloud providers. However, we advise you to make the necessary adjustments to your flow(s) as soon as the OAuth 2 and custom InboundEmail component become available.

Related resources

Infrastructural spaghetti

Of course, the differences between Thai and Dut...

Frontend challenge

One of the main aims of Dovetail 4.15 was to ma...

How to replace a library from 2010?

In Dovetail 4.15 we transitioned to Jackson to ...

If you don’t test restores, you don’t have backups

It is as simple as the title suggests: “If you ...