Prometheus Alert Manager Integration with OAuth2 Credentials Not Working
217 views
Skip to first unread message
Dipak Rai
May 8, 2025, 11:37:00 AMMay 8
to Prometheus Users
Snippet of my alertmanager.yml file:
global:
smtp_smarthost: "smtp.office365.com:587"
smtp_from: "noreply...@myorg.com"
http_config:
oauth2:
client_id: "76214c65-6283-4368-abbe-987********"
client_secret: "Vp_8Q~********~97~*********~b~D"
token_url: "https://login.microsoftonline.com/5d471751-917b-********/oauth2/v2.0/token"
scopes: ["https://outlook.office365.com/.default"]
tls_config:
insecure_skip_verify: true
endpoint_params:
grant_type: "client_credentials"
But as I load the alert manager and wait for the emails being sent I get the below error:
time=2025-05-08T15:16:47.536Z level=ERROR source=dispatch.go:360
msg="Notify for alerts failed" component=dispatcher num_alerts=1
err="email-alert/email[0]: notify retry canceled after 7 attempts:
send MAIL command: 530 5.7.57 Client not authenticated to send mail.
[*****.INDP287.***.OUTLOOK.COM 2025-05-08T15:16:42.409Z.****]"
What is wrong with my configuration in prometheus? I have duly followed the links here
global:
smtp_smarthost: "smtp.office365.com:587"
smtp_from: "noreply...@myorg.com"
http_config:
oauth2:
client_id: "76214c65-6283-4368-abbe-987********"
client_secret: "Vp_8Q~********~97~*********~b~D"
token_url: "https://login.microsoftonline.com/5d471751-917b-********/oauth2/v2.0/token"
scopes: ["https://outlook.office365.com/.default"]
tls_config:
insecure_skip_verify: true
endpoint_params:
grant_type: "client_credentials"
But as I load the alert manager and wait for the emails being sent I get the below error:
time=2025-05-08T15:16:47.536Z level=ERROR source=dispatch.go:360
msg="Notify for alerts failed" component=dispatcher num_alerts=1
err="email-alert/email[0]: notify retry canceled after 7 attempts:
send MAIL command: 530 5.7.57 Client not authenticated to send mail.
[*****.INDP287.***.OUTLOOK.COM 2025-05-08T15:16:42.409Z.****]"
What is wrong with my configuration in prometheus? I have duly followed the links here
- https://prometheus.io/docs/prometheus/latest/configuration/configuration/#oauth2
- https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth
Bryan Boreham
May 8, 2025, 11:41:23 AMMay 8
to Prometheus Users
You have added a token under http_config, but mail sending uses smtp not http.
There are a few settings like smtp_auth_secret, but I have no idea whether Microsoft will accept them.
Bryan
Dipak Rai
May 9, 2025, 3:05:14 AMMay 9
to Bryan Boreham, Prometheus Users
Hi Bryan,
Rather, am I correct to say that it is Prometheus that does not support OAuth2 based authentication for SMTP email configuration. I followed this post for smpt_config. But despite giving the access_token the SMTP server gives an error as below:
err="email-alert/email[0]: notify retry canceled after 4 attempts: *email.loginAuth auth: 535 5.7.139 Authentication unsuccessful, basic authentication is disabled. [MA0****0074.INDPRD01.PROD.OUTLOOK.COM 2025-05-09T07:00:20.974Z ********]"
It seems that despite providing the access_token the SMTP server is confusing it as a basic authentication. (?)
global:
smtp_smarthost: 'smtp.office365.com:587'
smtp_from: 'your-...@domain.com'
smtp_auth_username: 'your-...@domain.com'
smtp_auth_password: 'YOUR_ACCESS_TOKEN'
smtp_require_tls: true
smtp_smarthost: 'smtp.office365.com:587'
smtp_from: 'your-...@domain.com'
smtp_auth_username: 'your-...@domain.com'
smtp_auth_password: 'YOUR_ACCESS_TOKEN'
smtp_require_tls: true
Regards,
Dipak.
--
You received this message because you are subscribed to the Google Groups "Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-use...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/prometheus-users/e6da8970-3977-46b1-a3e5-4162d3508321n%40googlegroups.com.
Bryan Boreham
May 9, 2025, 4:56:30 AMMay 9
to Prometheus Users
Looks like you're right. Issue is open here: https://github.com/prometheus/alertmanager/issues/3244
Reply all
Reply to author
Forward
0 new messages