App Password

  • I feel I know the answer but just want to confirm. Once the plugin is setup and working. I assume there is no need to worry about the App Password expiring for the token since the token is already connected?

    The way the note in your instructions is written I was concerned that we have to create a new one every time the password expires. Below is the text I am talking about

    • Copy the secret’s?Value (not its ID)?** and temporarily paste it in a text file.?You won’t be able to retrieve it later.
    • Once a password expires, it cannot be used and the plugin will fail to retrieve tokens. Therefore you must renew this password right before it expires and update the plugin’s configuration accordingly (see next step).
      ** Make sure to copy the value and not the Secret ID. You wouldn’t be the first
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Marco van Wieren

    (@wpo365)

    Hi @techlifebalance

    Don’t shoot the messenger, but at the moment, you would need to worry about the app password (= Application (client) secret) expiring after a couple of month. When it expires, depends on the period you selected from the dropdown e.g. 6 month, 12 month etc.

    The user that you authenticated and which account the plugin uses to submit email messages to Microsoft Graph, receives an access token. Such access tokens is normally valid for about 1 hour. The plugin, however, is able to refresh those tokens. Refresh tokens (used to refresh the access token) normally remain valid, until the administrator revokes the refresh token or the user changes his password (or MFA is enabled).

    So long story short: You need to renew the Application (client) secret as soon as it expires (but better a day or so before).

    Hope that helps!

    -Marco

    I’ll be looking at using certificates for a future release, which would then indeed not expire after a set period of time.

    Thread Starter techlifebalance

    (@techlifebalance)

    Thank you so much! I love the plugin and now with all the security lockdowns that emails systems are doing, I am glad I found your plugin. I will put it on my calendar to renew the password a few days before.

    Can’t wait for the certificates! Do you know if it would be possible to use like a “Let’s Encrypt” certificate or something like that?

    THank you for a great product!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘App Password’ is closed to new replies.

Tags