Using OAuth to authenticate with an email server

When you are using the EmailInput or EmailOutput nodes in IBM® App Connect Enterprise 12.0.11 (or later), you can authenticate with an email server by using the OAuth (Open Authorization) standard.

About this task

To use the OAuth capability, you must define a security identity by using the mqsicredentials command. For the EmailInput node, you must define a security identity of credential type email, and specify values for the client-id and access-token parameters. For the EmailOutput node, you must define a security identity of credential type smtp, and specify values for the client-id and access-token parameters.

The method for generating an access token depends upon your email provider, but typically involves generating a Client ID and Client Secret, which you can then use to generate the access token. The following instructions include details of how to generate an access token with a personal Gmail account:

Procedure

  1. Navigate to https://console.developers.google.com/projectselector/apis/credentials and log in using your Gmail ID.
  2. Click Create Project and provide a project name, such as acegmailproject. You can leave the Location set to No organization.
  3. Click Create.
  4. In the side menu, navigate from the Credentials section to the OAuth consent screen. Set the User Type to External. Click Create.
  5. Specify an App name, such as IBM App Connect Enterprise.
    This is the name that will be shown on the Consent screen when the OAuth identity is granted.
  6. Specify a User support email, which can be your own Gmail ID.
  7. Specify a Developer contact information Email address, which can be your own Gmail ID.
  8. Click Save and Continue.
  9. Click Credentials (in the menu on the left side of the screen) and then click Create Credentials > OAuth client ID (at the top of the screen).
  10. Select an Application type of Web application.
  11. Specify a Name of App Connect.
  12. In the Authorized redirect URIs section, click the Add URI button, and specify https://developers.google.com/oauthplayground.
  13. Click Create (at the bottom of the page).
    A message is displayed, confirming that the OAuth client has been created. This message includes a Client ID and a Client secret. Ensure that you make a note of these details, or click Download JSON to save a local copy.
  14. Click OK.
  15. On the side menu, click Library, then search for Gmail API and select it.
  16. Click Enable to enable the Gmail API.
  17. Navigate back to the OAuth consent screen and add yourself as a Test user.
  18. You can now obtain an access token. Navigate to https://developers.google.com/oauthplayground/ and click the OAuth 2.0 Configuration button (showing a cog icon) in the top right corner.
  19. Select Use your own OAuth credentials and specify the Client ID and Client Secret values that you obtained in an earlier step, then click Close.
  20. On the left side of the screen, under Step 1 Select & authorize APIs, scroll down and expand Gmail API v1 from the list of APIs, and select all the available scopes:
  21. Click Authorize APIs, then select your Gmail account and allow the scopes.
  22. Click Exchange authorization code for tokens (under step 2) to generate and display the access token and refresh token.
  23. You can now use this access token to create an App Connect Enterprise credential by using the mqsicredentials command.