[Users] Gmail OAUTH2 recent change

[David Fletcher]

Chris Schrauben <chrisretusn at hotmail.com> wrote:

>That said, until I can rid myself of Gmail I have activated TFA in
>Gmail and created an App Password for Claws Mail. It works.
>
>I have attached to files. I got them from a post made by Little Girl
>dated 13 Jun 2022, subject Oauth2 to save from having to search for
>them.
>

I'm not surprised you could not get OAUTH2 to work using these
instructions - they are full of errors. I was going to refer you to the
FAQ, but I now see that someone has copied all these erroneous
instructions onto there too.

The instructions that were on the wiki a couple of weeks ago worked
perfectly - presumably as it's a wiki this can be recovered. A recent
change by Google meant a small change was needed in the source code of
older releases. The updated version is in the git Claws code and has
been detailed on here several times. One line of the source needs one
change on older versions - not what's detailed in these instructions.

The steps 17, 18, 26, 27, 28 and 29 are all unnecessary. You don't need
to define a domain. You don't need to add email addresses. You should
not expect to run a production client by setting it's status to
Testing. Setting the application status to 'Testing' alongside failing
to either use the latest git version or update your source is the cause
of all this need to re-authorise every 7 days.

If set up correctly OAUTH2 works fine (over 2 years here). The underlying
issue is the security audit for $$$$$ demanded by Google - Thunderbird
either paid or are in bed with Google to the extent they didn't need
to. Either way, paying that fee is not an option for a zero budget open
source code. It's not been helped by the Google API change, but things
always move on and go out of date so that's not a unique issue for
Google or OAUTH2.