Implement oauth login for GMail and other modern providers

[pulkomandy]

Apparently, simply sending your password to a server to login to it has fallen out of fashion.

For example GMail doesn't allow it by default and users need to enable some "insecure mode", resulting in much frustration when trying to set up GMail accounts with Haiku mail client.

The RFC documenting this: ​https://datatracker.ietf.org/doc/html/rfc7628

Documentation from Google: ​https://developers.google.com/gmail/imap/xoauth2-protocol

[kallisti5]

AlienSoldier reported this in IRC today:

"To help keep your account secure, Google will no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password. Instead, you’ll need to sign in using Sign in with Google or other more secure technologies, like OAuth 2.0"

The falling date is May 30 (at least for me)

[pulkomandy]

For the record, I currently have my gmail account set up using ​https://support.google.com/accounts/answer/185833?hl=en

This is a separate password used only for imap. It requires your Google account to have two-factor authentication enabled.

This way there is no need anymore for the "unsecure apps" thing, but this still requires a bit of manual setup, so we still should implement this ticket.

[humdinger]

This is a separate password used only for imap. It requires your Google account to have two-factor authentication enabled.

Does that entail having to pull out my phone and verify some message every time the mail_daemon checks the account?

[pulkomandy]

No. It works like a normal password but it only allows to connect to IMAP/POP/SMTP. So an app knowing this password cannot access other parts of your Google account.

[humdinger]

Thanks, I confirm it does indeed work.

[win8linux]

It should be noted that this workaround will be going away later this year:

​https://workspaceupdates.googleblog.com/2023/09/winding-down-google-sync-and-less-secure-apps-support.html