[Users] XOAUTH2 and claws-mail
David Fletcher
David at megapico.co.uk
Sat Apr 11 01:38:57 CEST 2020
Jerry,
I've also seen this coming. Google has said it is going to switch off
the 'less secure apps' access route their accounts in a few months and
force the use of OAuth2.
I started looking into what's needed. Much of the code already exists in
the Claws Mail gdata plugin - it already has the dialogue box for
requesting an authorization code, and forwarding you to a web page to
get this.
Unfortunately when you do this the Google page comes up saying "Sign in
with Google temporarily disabled for this app. This app has not yet been
verified by Google in order to use Google Sign in.".
Looking a little further shows that the developer Holger Berndt is
registered with Google as the contact. Apparently until the software is
verified by Google they block access beyond the developer. I've read
this happens once more than 100 people try to use an app that hasn't
been verified.
Holger - is it possible to push for this verification? I was going to
look at how OAuth2 may be applied to POP3 and SMTP authorisation
required for Gmail, but it's probably difficult with this verification
problem since I'll never be able to get the authorization codes to try
out.
Best wishes, David.
> It is still a ways off; however, I was wondering how claws-mail will
> handle "XOAUTH2" in the future. Microsoft has stated that they will be
> implementing it soon.
>
> <https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-april-2020-update/ba-p/1275508>
>
> Obviously, Google will follow suit. I believe they have already
> announced a proposed schedule to switch over to 'XOAUTH2'
>
> --
> Jerry
-----------------------------
Email: David at megapico.co.uk
Web: http://www.megapico.co.uk/
-----------------------------
More information about the Users
mailing list