[Users] Gmail OAUTH2 recent change

Dustin Miller dustbiz at gmail.com
Thu Jul 7 04:00:53 UTC 2022


On Wed, 06 Jul 2022 20:21:58 +0000
"David Fletcher" <David at megapico.co.uk> wrote:

> Chris Schrauben <chrisretusn at hotmail.com> wrote:
> 
> >That said, until I can rid myself of Gmail I have activated TFA in
> >Gmail and created an App Password for Claws Mail. It works.
> >
> >I have attached to files. I got them from a post made by Little Girl
> >dated 13 Jun 2022, subject Oauth2 to save from having to search for
> >them.
> >
> 
> I'm not surprised you could not get OAUTH2 to work using these
> instructions - they are full of errors. I was going to refer you to
> the FAQ, but I now see that someone has copied all these erroneous
> instructions onto there too.
> 
DM: Yes, I noticed that recently on the FAQ -- seems like a regression
to me from what was there before. Everything working fine here, using
the previous instructions along with the change in the code David
mentions below. ---Dustin
> 
> The instructions that were on the wiki a couple of weeks ago worked
> perfectly - presumably as it's a wiki this can be recovered. A recent
> change by Google meant a small change was needed in the source code of
> older releases. The updated version is in the git Claws code and has
> been detailed on here several times. One line of the source needs one
> change on older versions - not what's detailed in these instructions.
> 
> The steps 17, 18, 26, 27, 28 and 29 are all unnecessary. You don't
> need to define a domain. You don't need to add email addresses. You
> should not expect to run a production client by setting it's status to
> Testing. Setting the application status to 'Testing' alongside failing
> to either use the latest git version or update your source is the
> cause of all this need to re-authorise every 7 days.
> 
> If set up correctly OAUTH2 works fine (over 2 years here). The
> underlying issue is the security audit for $$$$$ demanded by Google -
> Thunderbird either paid or are in bed with Google to the extent they
> didn't need to. Either way, paying that fee is not an option for a
> zero budget open source code. It's not been helped by the Google API
> change, but things always move on and go out of date so that's not a
> unique issue for Google or OAUTH2.


More information about the Users mailing list