Generating and sending automatic emails or email notifications is important in many business spaces. The ability to notify users or customers via email provides tremendous value in both time and efficiency. There are two main ways to configure emails in FileMaker for this: OAuth and SMTP. SMTP has long been the standard, but with the release of OAuth email support, there are many benefits to making the switch away from SMTP. Those benefits include security, configuration ease, customization of access, enhanced user experience, and MFA support.
What is OAuth 2.0?
OAuth, which stands for "Open Authorization," is an industry-standard protocol that allows applications to share information with other applications while keeping private data secure. This is done using tokens. To get a token, a user will send a request to a resource server, providing the server with a client ID and secret ID to validate they are able to access the resource. The server will send back a response with an access token or code depending on the grant type. The user will then use the provided access token or code in any further requests to the server. Tokens only last for a limited time before needing to be refreshed using a refresh token.
What is the difference between OAuth and SMTP?
SMTP is a simple method for sending emails. It sends a username and password to verify credentials with each request that is base64encoded. The main issue with SMTP is the security vulnerability that comes with exposing the username and password every time an email is sent. To get around sending usernames, OAuth uses tokens that expire after a certain amount of time, so the password is never exposed when sending a request to the server. Many companies are pushing towards OAuth and beginning to phase out SMTP support. Microsoft has already deprecated support for basic authentication in online exchanges.
In terms of security, many businesses have multi-factor authentication (MFA) set up to provide an extra layer of protection. SMTP does not support MFA, but OAuth 2.0 can be configured to work with MFA accounts. Lastly, using OAuth and email APIs with service accounts allows for better control and restrictions based on your business needs. This allows you to configure your application to only have access to sending emails if that is all it needs to do. This type of setup is perfect for sending emails such as notifications, server errors, and scheduled processes that need to send emails out to customers.
OAuth Setup Requirements
Currently, FileMaker supports the following OAuth providers for email. Each has its own set of requirements to enable:
Google requirements
Google Workspace subscription
A domain you own that will be connected to your Google Workspace account
Outlook requirements
Access to the Azure Active Directory (Azure AD)
A Microsoft 365 subscription with Microsoft Graph API access
Account Setup and Connecting To FileMaker
This guide from Claris can help you configure your Google or Outlook accounts and connect them to FileMaker.
How To Use OAuth Emails In FileMaker
The first thing you will need to do to set up your OAuth emails is to create a place to store your credentials for your admin user email, service account email, and private key. For security purposes, it is recommended that you store these fields in a preferences table or global fields. To ensure no improper use of these values, you should set them to be concealed edit boxes so users cannot copy values out of them.
Once you have preferences fields created to store your data, you will need to use the JSON downloaded when creating the API keys to grab the admin user email, services account email, and private key from the JSON and put them into the respective preferences fields you've created to hold that information. When copying the private key, make sure to include from the "----BEGIN PRIVATE KEY-----" all the way to the "----END PRIVATE KEY-----\n" in order to ensure it functions properly. The JSON example below is specific to using Google for your OAuth 2.0. If you intend to use Outlook, it will look different from the one below.
{ "type": "service_account", "project_id": "YOUR_PROJECT_ID", "private_key_id": "YOUR_PRIVATE_KEY_ID", "private_key": "-----BEGIN PRIVATE KEY-----\nYOUR_PRIVATE_KEY\n-----END PRIVATE KEY-----\n", "client_email": "YOUR_CLIENT_EMAIL.iam.gserviceaccount.com", "client_id": "YOUR_CLIENT_ID", "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://oauth2.googleapis.com/token", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/YOUR_CLIENT_EMAIL.iam.gserviceaccount.com", "universe_domain": "googleapis.com" }
The next step is to set up the send email step in a script to use OAuth. You can do this by switching the drop-down from Send Via Client to OAuth. Then click the specify button, choose your OAuth provider (Google or Microsoft), and enter in the following information to allow your app to send OAuth email requests.
The final step is to provide some sort of interface. If these emails can be customized by the user or are automatically generated script schedule emails, then you just need to pass the information for the To, From, CC, BCC, Subject, Body, and any attachments. In our example, we allow the user to specify all that information and click a button to send the request. That's it! You've now successfully set up OAuth emailing with FileMaker.
Conclusion
Making the switch to OAuth over SMTP emails has many benefits. The biggest benefit is enhanced security, along with configuration, customization of access, enhanced UX, and MFA support. With OAuth becoming the industry standard in many aspects, it will be a smooth transition when the time comes to fully deprecate SMTP support. If you need help configuring OAuth into your FileMaker system emails, contact us at DB Services for assistance.
Did you know we are an authorized reseller for Claris FileMaker Licensing?
Contact us to discuss upgrading your Claris FileMaker software.
Test Test