News

collect Agate 4.1 Released

We are pleased to announce that Agate 4.1 is now available. Agate is OBiBa’s central user profile server.

OAuth2 Authentication in Email Service

This release adds OAuth2 authentication for email sending, providing enhanced security and ensuring compatibility with modern email providers.

  • OAuth2 Support: Secure token-based email authentication for Microsoft 365, Gmail, and other OAuth2-compatible providers.
  • Dynamic Token Refresh: Automatic token refresh based on provider-specific expiration times, ensuring uninterrupted email delivery.
  • 100% Backward Compatible: Existing SMTP configurations continue to work without modification.
  • Easy Configuration: Simple opt-in via MICA_HOME/conf/application-prod.yml: 

auth-type: oauth2
...
# OAuth2 configuration - only used when auth-type: oauth2
oauth2:
user:                # Email address that will send emails
client-id:           # OAuth2 application client ID
client-secret:       # OAuth2 application client secret
tenant-id:           # Tenant/directory ID (provider-specific)
refresh-token:       # OAuth2 refresh token (obtain via authorization flow)
token-uri:           # Token endpoint (e.g., https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token)
scope:               # Required scope (e.g., https://outlook.office365.com/SMTP.Send)

Important: Microsoft is retiring Basic Authentication for SMTP in Exchange Online.

Security Improvements

User re-authentication is now requested when sensitive profile information is accessed or modified, enhancing overall security. Default session timeout before re-authentication is configurable and is set to 5 minutes by default. Critical actions requiring re-authentication include user profile updates and password changes by default. Additional actions can be configured as needed.

Cross-site Resource Forgery (CSRF) protection has been improved by enforcing CSRF tokens on all state-changing requests, following the OWASP recommendations , ensuring robust defense against CSRF attacks.

This release was possible thanks to the development contributions of Maelstrom Research and the support of the Leiden University Medical Center - LUMC .

See also Agate documentation for installation and operation instructions.

Maelstrom Research

The Research Institute of the McGill University Health Centre (RI MUHC)

Montreal General Hospital
1650 Cedar Ave. Floor 3, R3-110.3
Montreal, QC, H3G 1A4, Canada
info@maelstrom-research.org
info@obiba.org

© OBiBa 2023