Gmail SMTP authentication

JonB

@artwaw
Thanks, this looks great!

I note it says "from Apps on devices that don't support 2-step". As I said earlier, I never get to see what you show

For my own Gmail I do not see any "App Passwords". That may be because I personally do not have 2-step active, and don't wish to do so/try it out....

so still not sure how I'm supposed to get to the screenshot you show, unfortunately....

artwaw

@JonB I am afraid that rolling 2FA is unavoidable for this.
(A side note outside of the topic is that 2FA should be mandatory wherever possible for obvious security reasons, but that's just my sysadmin persona speaking).

JonB

@artwaw said in Gmail SMTP authentication:

@JonB I am afraid that rolling 2FA is unavoidable for this.

OK, but the text says "for devices which do not support 2FA"! That's pretty confusing! Does it mean "You will need to use 2FA enabled on your account in order to set this up for your app, but then an end user will not need 2FA to use this way of connecting to Gmail SMTP once you have set it up"?

artwaw

@JonB said in Gmail SMTP authentication:

You will need to use 2FA enabled on your account in order to set this up for your app, but then an end user will not need 2FA to use this way of connecting to Gmail SMTP once you have set it up"?

That is my understanding of the situation, yes. (Please bear in mind that I did not work outside 2FA Google environment for quite some years now)

artwaw

@JonB
Take a look at the original message you've got from google:

"On May 30, you may lose access to apps that are using less secure sign-in technology. To help keep your account secure, Google will no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password. Instead, you’ll need to sign in using Sign in with Google or other more secure technologies, like OAuth 2.0."

That implies that logging in with google functionality will cease to work without 2FA challenge enabled. But in order to keep the functionality you have now, you need to enable 2FA and generate the "less secure app" credentials. That's the scope of the changes you face, if I read the situation correctly.

JonB

@artwaw
All good, thank you very much for your time. I will have to try this out --- or rather, get others to try it out.

I cannot be sure but am marking this topic as solved.

mchinand

I'm not sure how it works in the background for initiating this request for access, but for my Synology NAS I recently set up email notifications. In the process of configuring it, it went to a Google page asking to authorize access to send emails on my behalf. Going to the Security page of my Google account and viewing the 'Third-Party Apps with Account Access', I now have Synology listed; perhaps your app will have to obtain the same authorization.

JonB

@mchinand
Yeah, that (the need to "register" anything about the app with Google) is precsiely what I am hoping to avoid, which I believe/hope @artwaw's suggestions will allow me to do. The app is not released, not for sale, not for general consumption, so we don't need such hassles!

mchinand

I'm not entirely sure just ensuring 2FA is enabled will work. In Google's message, they mention using either Sign In With Google or OAuth2. 'Sign In With Google' is one of their APIs, I don't think they are using it in the generic sense, sign-in with Google. https://developers.google.com/identity/gsi/web

artwaw

@mchinand But this is SAML/OAuth authentication. It is a different mechanism than the one we try to workout here.