Re: oauth2 with GMail?
On Mon, Sep 27, 2021 at 12:30:22AM -, Grant Edwards wrote: > On 2021-09-26, Hokan wrote: > > On Sun, Sep 26, 2021 at 09:03:39PM -, Grant Edwards wrote: > >> > >> What did you provide for your application's URLs when you create the > >> application for use with mutt? > > > > It looks like I didn't enter anything for App domain or for Authorized > > domain. I did this several years ago so maybe requirements have changed? > > I was asking about the application's "support URL" and "privacy policy > URL". Those were the ones that tripped me up. Somebody suggested using > a 'localhost' URL, but I haven't tried it. Aren't those under "App domain"? Anyway, I haven't looked at this stuff since I set it up several years ago so I guess I can't help, except to say it can (could?) be done because I did it ... somehow. -- Hokan Bicyclist Sysadmin signature.asc Description: PGP signature
Re: oauth2 with GMail?
On 2021-09-26, Hokan wrote: > On Sun, Sep 26, 2021 at 09:03:39PM -, Grant Edwards wrote: >> >> What did you provide for your application's URLs when you create the >> application for use with mutt? > > It looks like I didn't enter anything for App domain or for Authorized > domain. I did this several years ago so maybe requirements have changed? I was asking about the application's "support URL" and "privacy policy URL". Those were the ones that tripped me up. Somebody suggested using a 'localhost' URL, but I haven't tried it. -- Grant
Re: oauth2 with GMail?
On Sun, Sep 26, 2021 at 09:03:39PM -, Grant Edwards wrote: > > What did you provide for your application's URLs when you create the > application for use with mutt? It looks like I didn't enter anything for App domain or for Authorized domain. I did this several years ago so maybe requirements have changed? I note that under "Domain verification" it says: Verification Status Verification not required Your consent screen is being shown, but your app has not been reviewed so your users may not see all of your information, and you will not be able to request certain OAuth scopes. -- Hokan Bicyclist Sysadmin signature.asc Description: PGP signature
Re: oauth2 with GMail?
On 2021-09-26, Hokan wrote: > Don't app-specific password act like second passwords and give full > access to your Google account (not just mail)? When you create the app-specific password it asks what type of app it is. For mine, I selected "mail", so hopefully that only allows acces to mail (haven't tested that). > If so the granularity of oauth access would make it the better > choice. I think the granularity of oauth2 might be finer, but hopefully app-specific passwords are granular enough. > While you may need a GSuite (or whatever they call it now) account > to create the project, once created it can be used outside that > domain, including for a regular gmail account. I don't think that's the domain I'm talking about. I'm talking about the domain name you provide as part of your application's support and privacy URLs when you create the "application" for which you download oauth2 credentials. AFAICT, that's completely unrelated to the Google/GMail account where you're creating the project/application. I read somewhere that if you just use 'localhost' it'll let you slide by. > I created one and use it for regular Gmail and for accounts across > half a dozen Gsuite domains (school, work, nonprofit, personal, > etc.) This email is being sent from Mutt using Oauth2. What did you provide for your application's URLs when you create the application for use with mutt? -- Grant
Re: oauth2 with GMail?
Don't app-specific password act like second passwords and give full access to your Google account (not just mail)? If so the granularity of oauth access would make it the better choice. While you may need a GSuite (or whatever they call it now) account to create the project, once created it can be used outside that domain, including for a regular gmail account. I created one and use it for regular Gmail and for accounts across half a dozen Gsuite domains (school, work, nonprofit, personal, etc.) This email is being sent from Mutt using Oauth2. On Sun, Sep 26, 2021 at 07:05:41PM -, Grant Edwards wrote: > On 2021-09-26, D.J.J. Ring, Jr. wrote: > > Yes, I know how app-specific passwords work. > > That's different than oauth2. I was asking about oauth2. Other mutt > users are using it, as are msmtp users, and I was trying to figure out > how they convinced Google to generate oauth2 credentials for them > without having their own domains. signature.asc Description: PGP signature
Re: oauth2 with GMail?
On 2021-09-26, Grant Edwards wrote: > On 2021-09-26, D.J.J. Ring, Jr. wrote: > >> You have to create an "application specific password" in this case, >> ignore everything about "domains" as it doesn't apply. >> >> Also once you've created your "application specific password" you >> can use it for gmail on all your computers even those using >> different Operating Systems. > > Yes, I know how app-specific passwords work. [And I do have that working] > That's different than oauth2. [...]
Re: oauth2 with GMail?
On 2021-09-26, D.J.J. Ring, Jr. wrote: > You have to create an "application specific password" in this case, > ignore everything about "domains" as it doesn't apply. > > Also once you've created your "application specific password" you > can use it for gmail on all your computers even those using > different Operating Systems. Yes, I know how app-specific passwords work. That's different than oauth2. I was asking about oauth2. Other mutt users are using it, as are msmtp users, and I was trying to figure out how they convinced Google to generate oauth2 credentials for them without having their own domains. -- Grant
Re: oauth2 with GMail?
Grant, As Tavis correctly said, you're in the wrong place. You need to be in your gmail account using a browser. Here: https://myaccount.google.com/security - Click "App passwords", then Select Device/Purpose, then "Generate". Best wishes, David If you don't have a domain, then you can do it the easy peasy way, just generate an application specific password: - Go to https://myaccount.google.com/security - Click "App passwords" - Select Device/Purpose, then "Generate" Tavis
Re: oauth2 with GMail?
Grant, You have to create an "application specific password" in this case, ignore everything about "domains" as it doesn't apply. Also once you've created your "application specific password" you can use it for gmail on all your computers even those using different Operating Systems. Best wishes, David On Sun, Sep 26, 2021 at 1:39 PM Grant Edwards wrote: > On 2021-09-26, Tavis Ormandy wrote: > > On 2021-09-26, Grant Edwards wrote: > >> I'm trying to figure out how to use oauth2 for SMTP/IMAP (mostly SMTP) > >> with Gmail [...] > >> > >> But, I get stuck when I get to the rather vague part of the > >> instructions that say to go to > https://console.cloud.google.com/apis/credentials, > >> create a project and download credentials. > >> > >> Google seems to require I that pre-register my project's domain (which > >> I don't have) in order to generate credentials. Am I doing something > >> wrong? > > > > Hmm - but the reason you want to do this is because you have a domain > > where application specific passwords are disabled for policy reasons? > > No, I don't have any domain at all. There is no "project", and I'm not > actually creating an application -- but have to pretend that you are > in order to use OAUTH2 with GMail. > > > If you don't have a domain, then you can do it the easy peasy way, > > just generate an application specific password: > > That requires 2FA be enabled on the GMail account -- which is probably > what I should do instead of wrestling with OAUTH2. > > -- > Grant > > > >
Re: oauth2 with GMail?
On 2021-09-26, Tavis Ormandy wrote: > On 2021-09-26, Grant Edwards wrote: >> I'm trying to figure out how to use oauth2 for SMTP/IMAP (mostly SMTP) >> with Gmail [...] >> >> But, I get stuck when I get to the rather vague part of the >> instructions that say to go to >> https://console.cloud.google.com/apis/credentials, >> create a project and download credentials. >> >> Google seems to require I that pre-register my project's domain (which >> I don't have) in order to generate credentials. Am I doing something >> wrong? > > Hmm - but the reason you want to do this is because you have a domain > where application specific passwords are disabled for policy reasons? No, I don't have any domain at all. There is no "project", and I'm not actually creating an application -- but have to pretend that you are in order to use OAUTH2 with GMail. > If you don't have a domain, then you can do it the easy peasy way, > just generate an application specific password: That requires 2FA be enabled on the GMail account -- which is probably what I should do instead of wrestling with OAUTH2. -- Grant
Re: oauth2 with GMail?
On 2021-09-26, Grant Edwards wrote: > I'm trying to figure out how to use oauth2 for SMTP/IMAP (mostly SMTP) > with Gmail by following the instructions at > >https://luxing.im/mutt-integration-with-gmail-using-oauth/ > > But, I get stuck when I get to the rather vague part of the > instructions that say to go to > https://console.cloud.google.com/apis/credentials, > create a project and download credentials. > > Google seems to require I that pre-register my project's domain (which > I don't have) in order to generate credentials. Am I doing something > wrong? > Hmm - but the reason you want to do this is because you have a domain where application specific passwords are disabled for policy reasons? If you don't have a domain, then you can do it the easy peasy way, just generate an application specific password: - Go to https://myaccount.google.com/security - Click "App passwords" - Select Device/Purpose, then "Generate" Tavis. -- _o)$ lynx lock.cmpxchg8b.com /\\ _o) _o) $ finger tav...@sdf.org _\_V _( ) _( ) @taviso
Re: oauth2 with GMail?
On 2021-09-26, Marcelo Laia wrote: > Please, could you see if that thread helps you? > > https://github.com/marlam/msmtp-mirror/issues/28 No, it doesn't help. My question is about how to create an "application" at Google without a domain. That thread and the pages it reference are about how to use oath2 credentials after you have created an application. -- Grant
Re: oauth2 with GMail?
Please, could you see if that thread helps you? https://github.com/marlam/msmtp-mirror/issues/28 Marcelo