Idea Summary
Microsoft Office 365 has deprecated Basic Authentication for Outlook.com in favor of Modern Authentication (OAuth2). This shift is expected to be adopted by other major email providers like Google. However, Oracle APEX currently supports only Basic Authentication (with TLS) for sending emails, not OAuth2. As a result, APEX users can no longer use Outlook SMTP for sending emails or leverage built-in features like email queues, monitoring, and diagnostics—posing a significant challenge for enterprises relying on Microsoft as their identity provider.
Please Refer:
-
MS Outlook settings for SMTP: https://support.microsoft.com/en-au/office/pop-imap-and-smtp-settings-for-outlook-com-d088b986-291d-42b8-9564-9c414e2aa040
"Outlook.com requires the use of Modern Auth / OAuth2. Basic auth is in the process of being deprecated from the Outlook.com service."
-
Oracle Doc to Configure Email in Apex: https://docs.oracle.com/en/database/oracle/apex/22.1/aeadm/configuring-email.html
Use Case
Native support for MS Outlook's Modern/oAuth2 in Apex email configuration and APEX_MAIL would mean having an Apex Instance-wide configuration that would allow ALL applications hosted on the Apex instance to leverage this single outbound email configuration seamlessly.
For example, an APEX app that sends org-internal emails using MS Outlook(O365) as SMTP sever & Azure SSO as the Identity provider cannot do so natively without the use of 3rd party relays. Developers must instead implement complex workarounds using Microsoft Graph APIs, even for simple tasks like sending automated email notifications.
Challenges with the Current API-Based Workaround:
1. No Instance-Level Setup: Each app/page must implement its own email logic.
2. Loss of Native Email Management Features: APEX’s built-in email queue, logging, and diagnostics are unavailable.
3. Increased Complexity and Maintenance Overheads: Multiple Graph API calls are needed for different email tasks which need to be custom-coded separately.
4. Redundant Web Credentials Setup: Web credentials must be configured for each workspace.
5. No APEX_MAIL usage: Existing APEX_MAIL features can't be used.
Preferred Solution
Apex primarily uses the APEX_MAIL (built upon UTL_SMTP) for email handling and it currently does not have native support for oAuth2 authentication scheme, it would be a great place to integrate the oAuth Authentication scheme with. Please consider adding native OAuth2 support for MS Outlook SMTP at the instance level, similar to current Basic Auth configurations. Integrating OAuth2 into APEX_MAIL would allow users to continue using APEX’s robust email features while complying with modern authentication standards.
References:
Additional details on AskTom thread: https://asktom.oracle.com/ords/asktom.search?tag=setup-apex-221-email-with-ms-o365-outlook-smtp
APEX_MAIL: https://docs.oracle.com/en/database/oracle/apex/24.2/aeapi/APEX_MAIL.html#AEAPI-GUID-14F51C6D-CB82-4B38-AB6E-61C46E75596F
UTL_SMTP: https://docs.oracle.com/en/database/oracle/oracle-database/19/arpls/UTL_SMTP.html