Support for OAuth2 (because of Google "Less secure apps" deprecation)

[KaliszAd]

Google will stop support for "Less secure 3rd party applications" on May 30th 2022. Can postal be used with oauth2?
I think, adding support would be possible, since Jakarta Mail/ JavaMail seems to support it.

[liquidz]

@KaliszAd
I'm afraid I'm going to get off the main track, but could you tell me the source for May 30th 2022?

I've been watching google workspace updates, but I could find only the following article.
https://workspaceupdates.googleblog.com/2020/03/less-secure-app-turn-off-suspended.html

Is there a more recent article?

[KaliszAd]

This is for normal GMail. In that same official Google help article is mentioned, Google Workspaces will follow at some point, which will be announced separately. https://support.google.com/accounts/answer/6010255?hl=en

…

On Thu, Mar 17, 2022, 05:19 Iizuka Masashi ***@***.***> wrote: @KaliszAd <https://github.com/KaliszAd> I'm afraid I'm going to get off the main track, but could you tell me the source for May 30th 2022? I've been watching google workspace updates, but I could find only the following article. https://workspaceupdates.googleblog.com/2020/03/less-secure-app-turn-off-suspended.html Is there a more recent article? — Reply to this email directly, view it on GitHub <#113 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAOQZK7Q4OLXW7EI255ETUTVAKXGPANCNFSM5Q3OJR3Q> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. You are receiving this because you were mentioned.Message ID: ***@***.***>

[liquidz]

@KaliszAd Thank you so much!

[imadmian]

any update on this ? @liquidz

[drewr]

Just an update on my end I don't have any bandwidth to implement this, but I could probably manage a review. Any takers? ❤️

[KaliszAd]

Perhaps leaving out the password parameter could switch the authentication to OAuth2: https://stackoverflow.com/questions/41821747/smtp-google-apps-oauth2-issue-in-relay Perhaps it is the old approach and no longer relevant as the OAuth2 token seems to be directly supported. IDK, I would need to acquire the needed expertise in JavaMail to implement it.

[KaliszAd]

Until the feature is implemented, here is a workaround using App Passwords: https://support.google.com/accounts/answer/185833?hl=en You can only enable them in account security, when you have two-factor authentication active. Enabling less secure apps is not necessary in such a case. Google only provides 16 lower-case letter passwords using this option so it probably doesn't improve security in some cases, where the account had longer, well protected/ rarely used passwords but that is a different discussion. It might fail some audit requirements though.