Gmail SMTP authentication
-
@JonB Apparently "less secure apps" is enabled for personal accounts by default.
Short path:- open myaccount.google.com (assuming you are logging in with the account in question).
- on the left hand side you'll have "security" menu option. Click.
- follow the help page https://support.google.com/accounts/answer/185833?hl=en-GB
And for non-managed google account that should be all.
If the account is managed by the Google Workspace type of organisation (former GSuite) admin of that needs to:
- login to admin.google.com
- security -> access and data control -> less secure apps
- enable feature for user in question.
As for "what changes" on May 30th I have no idea but quick search found this: https://h30434.www3.hp.com/t5/Scanning-Faxing-Copying/After-May-30th-2022-what-will-be-the-way-to-scan-to-gmail/td-p/8320453
Which means that for the account in question google will phase out plain login without OAuth challenge. The right way to proceed is to create "less secure apps" credentials and continue as before.
-
@artwaw said in Gmail SMTP authentication:
follow the help page https://support.google.com/accounts/answer/185833?hl=en-GB
Under "Signing in to Google," select App Passwords. You may need to sign in. If you don’t have this option, it might be because:
2-Step Verification is not set up for your account.
For my own Gmail I do not see any "App Passwords". That may be because I personally do not have 2-step active, and don't wish to do so/try it out....
At the bottom, choose Select app and choose the app you using and then Select device and choose the device you’re using and then Generate.
If I (the end user) got this far, I don't know how "our app" would appear as one to be selected. Sounds more like a list of apps registered with Google?
Let's say this does all work. Now that means 2-step verification with mobile is enabled. An end user does something in our desktop app which causes it to want to send SMTP email. That might mean Google wants to send a code to mobile and have user enter it? Would that authentication appear on the desktop OK when run from a non-web desktop Python Qt program?
-
@JonB said in Gmail SMTP authentication:
, I don't know how "our app" would appear as one to be selected
it does not matter. Select "custom", provide recognisable name:
After providing the name you'll see something like this:
The yellow is the password (no spaces). Make a copy as this disappears forever as you hit "done". Then just use the users full email and that password to login to smtp.
This circumvents 2FA, so nothing will be sent anywhere in that regard. As this hampers the security aspect of the account take special care not to share those credentials.
-
@artwaw
Thanks, this looks great!I note it says "from Apps on devices that don't support 2-step". As I said earlier, I never get to see what you show
For my own Gmail I do not see any "App Passwords". That may be because I personally do not have 2-step active, and don't wish to do so/try it out....
so still not sure how I'm supposed to get to the screenshot you show, unfortunately....
-
@artwaw said in Gmail SMTP authentication:
@JonB I am afraid that rolling 2FA is unavoidable for this.
OK, but the text says "for devices which do not support 2FA"! That's pretty confusing! Does it mean "You will need to use 2FA enabled on your account in order to set this up for your app, but then an end user will not need 2FA to use this way of connecting to Gmail SMTP once you have set it up"?
-
@JonB said in Gmail SMTP authentication:
You will need to use 2FA enabled on your account in order to set this up for your app, but then an end user will not need 2FA to use this way of connecting to Gmail SMTP once you have set it up"?
That is my understanding of the situation, yes. (Please bear in mind that I did not work outside 2FA Google environment for quite some years now)
-
@JonB
Take a look at the original message you've got from google:"On May 30, you may lose access to apps that are using less secure sign-in technology. To help keep your account secure, Google will no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password. Instead, you’ll need to sign in using Sign in with Google or other more secure technologies, like OAuth 2.0."
That implies that logging in with google functionality will cease to work without 2FA challenge enabled. But in order to keep the functionality you have now, you need to enable 2FA and generate the "less secure app" credentials. That's the scope of the changes you face, if I read the situation correctly.
-
I'm not sure how it works in the background for initiating this request for access, but for my Synology NAS I recently set up email notifications. In the process of configuring it, it went to a Google page asking to authorize access to send emails on my behalf. Going to the Security page of my Google account and viewing the 'Third-Party Apps with Account Access', I now have Synology listed; perhaps your app will have to obtain the same authorization.
-
-
I'm not entirely sure just ensuring 2FA is enabled will work. In Google's message, they mention using either Sign In With Google or OAuth2. 'Sign In With Google' is one of their APIs, I don't think they are using it in the generic sense, sign-in with Google. https://developers.google.com/identity/gsi/web
-