[GSoC 2026 PROPOSAL] Adham Mahrous - Jenkins email notifications using Outlook SMTP with OAuth

adhamahmad · February 14, 2026, 12:58am

Self-Introduction

Hello,

My name is Adham Mahrous. I am a software engineer currently working at NCR Atleos on Java-based enterprise banking systems. I graduated with honors in Computer Science from Cairo University.

I am an active open-source contributor with merged contributions to Jenkins Core and Keycloak (An Open Source Identity and Access Management System).

Motivation & Project Interest

I have previously implemented OAuth2 (client credentials flow) in a Spring Boot project, including secure token handling and lifecycle management. Based on this experience, I am interested in exploring enhancements to improve token management within the plugin and would appreciate guidance on design direction.

Proposed High-Level Approach (Exploratory)

At a high level, I am considering the following direction for client credentials flow support:

Store credentials securely
Store client_id and client_secret securely as Jenkins credentials.
Before accessing email
- Check whether a valid access token is available.
- If expired, call Microsoft token endpoint to obtain a new access token.
- Update the token value in its Jenkins credential.
- Continue normal flow.
Microsoft specific considerations
- Maybe we can use MSAL for token acquisition and lifecycle handling.

Open Source Contributions

Jenkins (Core) – Merged contributions improving exception handling in plugin manager and test reliability.
Keycloak – Merged contribution refactoring backend logic to expose WebAuthn transport data.

Links

GitHub: https://github.com/adhamahmad

adhamahmad · March 14, 2026, 8:24pm

Hi everyone,

I have updated my project proposal and refined the architecture based on further exploration of the Jenkins plugin ecosystem.

The current approach focuses on adding generic OAuth2 credential support to the Jenkins Email Extension Plugin (email-ext) rather than implementing provider-specific OAuth logic inside the plugin.

The design integrates with the Jenkins OAuth Credentials abstraction, allowing the plugin to work with credentials implementing StandardUsernameOAuth2Credentials (for example those provided by entra-oauth-plugin). When an email notification is triggered, the plugin will resolve the configured credential through the Jenkins Credentials API, retrieve an OAuth access token using getAccessToken(), and authenticate the SMTP session using XOAUTH2 through the Jakarta Mail library.

This approach keeps the plugin provider-agnostic, preserves backward compatibility with existing StandardUsernamePasswordCredentials, and enables compatibility with OAuth-enabled SMTP providers such as Outlook.

The proposal also includes a Test Connection feature to allow administrators to validate OAuth SMTP configuration directly from the Jenkins UI.

Full proposal:

GSOC2026_Mahrous_Jenkins email notifications using Outlook SMTP with OAuth - Google Docs

I would appreciate any feedback on the architecture or implementation approach.

Thanks.

Topic		Replies	Views
[GSoC 2026 PROPOSAL] Mohammed Faheem - Jenkins email notifications using Outlook SMTP with OAuth GSoC	4	80	March 16, 2026
[GSoC 2026] Interested in Email-ext plugin – Outlook SMTP OAuth GSoC	6	127	March 15, 2026
[GSoC 2026] Introduction – Harshavardhan \| Email Notifications via Outlook SMTP with OAuth GSoC newcomer-contributor , gsoc	0	13	February 23, 2026
[GSoC 2026 Idea] Jenkins Email Notifications using Outlook SMTP with OAuth Contributing	1	20	March 9, 2026
Questions about the Outlook SMTP OAuth project GSoC question	0	34	February 25, 2026