YoannAbriel opened a new pull request, #62879:
URL: https://github.com/apache/airflow/pull/62879
## Problem
When using `SmtpHook` with `auth_type="oauth2"` against a server that
requires STARTTLS (e.g., Microsoft 365 / smtp.office365.com:587), sending an
email fails with `530 5.7.57 Client not authenticated to send mail`. The
XOAUTH2 AUTH command succeeds, but the subsequent MAIL FROM is rejected because
the SMTP session state was reset by STARTTLS without a follow-up EHLO.
## Root Cause
Three separate bugs in `SmtpHook`:
1. **`get_conn()` uses `self._auth_type` instead of `self.auth_type`
property.** The `auth_type` property reads from connection extras and falls
back to the constructor argument. Using the raw `_auth_type` attribute means
setting `auth_type` in the connection extras JSON has no effect — the
constructor default `"basic"` always wins.
2. **Missing `ehlo()` after `starttls()`.** Per RFC 3207, after STARTTLS
completes, the client must re-issue EHLO to re-establish the session. Without
it, the server considers the session unauthenticated after AUTH succeeds,
causing MAIL FROM to be rejected.
3. **Async path (`aget_conn`) has no OAuth2 support.** It only handles basic
auth via `auth_login`, silently ignoring `auth_type="oauth2"`.
## Fix
- Changed `self._auth_type` to `self.auth_type` in `get_conn()` so
connection extras are respected.
- Added `self._smtp_client.ehlo()` after `starttls()` in both sync and async
paths.
- Added OAuth2/XOAUTH2 authentication support to `aget_conn()`, mirroring
the sync implementation.
- Added tests for all three fixes: auth_type property usage,
ehlo-after-starttls ordering, and async OAuth2 auth.
Closes: #62775
<!-- SPDX-License-Identifier: Apache-2.0
https://www.apache.org/licenses/LICENSE-2.0 -->
---
##### Was generative AI tooling used to co-author this PR?
- [X] Yes — Claude Code
Generated-by: Claude Code following [the
guidelines](https://github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#gen-ai-assisted-contributions)
---
* Read the **[Pull Request
Guidelines](https://github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#pull-request-guidelines)**
for more information. Note: commit author/co-author name and email in commits
become permanently public when merged.
* For fundamental code changes, an Airflow Improvement Proposal
([AIP](https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+Improvement+Proposals))
is needed.
* When adding dependency, check compliance with the [ASF 3rd Party License
Policy](https://www.apache.org/legal/resolved.html#category-x).
* For significant user-facing changes create newsfragment:
`{pr_number}.significant.rst` or `{issue_number}.significant.rst`, in
[airflow-core/newsfragments](https://github.com/apache/airflow/tree/main/airflow-core/newsfragments).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
