Re: [S-mailx] gmail access past May 30
Steffen Nurpmeso wrote in <20220519194652.mnnwr%stef...@sdaoden.eu>: |josef.ju...@gmail.com wrote in | <62869d6e.maAPCvwmu9ZCkPq9%jurek@computer-room01>: ... |At maximum "Junger Herr" ("Young Mr."), ever since i am 17. |(Almost 37 years thus.) Nebbish. 33! Puh! --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Re: [S-mailx] gmail access past May 30
josef.ju...@gmail.com wrote in <62869d6e.maAPCvwmu9ZCkPq9%jurek@computer-room01>: |Hello Mr. Nurpmeso: Oh - Help! Help! - please!!! At maximum "Junger Herr" ("Young Mr."), ever since i am 17. (Almost 37 years thus.) I remain unsure whether that is something bad. |Steffen Nurpmeso writes: |> By sheer luck i saw on the OpenBSD port ML a new port request for |> cyrus-sasl-xoauth2, and out of interest that lead me to [1], which |> is a good instruction, much better than the short FAQ entry of us. |> |> With the info from [1] and the software from [2] i run |> |[...] |> |> [1] http://mmogilvi.users.sourceforge.net/software/oauthbearer.html |> [2] http://mmogilvi.users.sourceforge.net/downloads/oauthbearerScripts-\ |> 2020-11-03.tar.bz2 |> |[...] |> |> So if "2-step verification" is not for you, you could go this way, |> but only with S-nail. | |Thank you again for this valuable information. This was a good link no? I will integrate this somehow. You are using this? |> In the meantime i remember something i may have overseen in what |> the Google guy said, regarding nmh that i talked about. In the |> meantime i have become a Google Workspace member, and with that |> i will possibly be able to choose "Internal" type for s-mailx, and |> maybe like this i can manage that S-nail v14.10 does not enforce |> to do the dance shown at [1], but only the software from [2]. |> (Or, maybe even that, even though Python3 is practically |> everywhere (?), link against curl and jsmn and do it all from |> within S-nail itself.) | |Thank you for your efforts! Thank you for your interest! It is not an App!! Ciao. --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Re: [S-mailx] gmail access past May 30
Hello Mr. Nurpmeso: Steffen Nurpmeso writes: > > By sheer luck i saw on the OpenBSD port ML a new port request for > cyrus-sasl-xoauth2, and out of interest that lead me to [1], which > is a good instruction, much better than the short FAQ entry of us. > > With the info from [1] and the software from [2] i run > [...] > > [1] http://mmogilvi.users.sourceforge.net/software/oauthbearer.html > [2] > http://mmogilvi.users.sourceforge.net/downloads/oauthbearerScripts-2020-11-03.tar.bz2 > [...] > > So if "2-step verification" is not for you, you could go this way, > but only with S-nail. Thank you again for this valuable information. > In the meantime i remember something i may have overseen in what > the Google guy said, regarding nmh that i talked about. In the > meantime i have become a Google Workspace member, and with that > i will possibly be able to choose "Internal" type for s-mailx, and > maybe like this i can manage that S-nail v14.10 does not enforce > to do the dance shown at [1], but only the software from [2]. > (Or, maybe even that, even though Python3 is practically > everywhere (?), link against curl and jsmn and do it all from > within S-nail itself.) Thank you for your efforts! Josef
Re: [S-mailx] gmail access past May 30
Mr. Nurpmeso: Thank you for your detailed response. Steffen Nurpmeso writes: > > Just call back if after the FAQ there remain questions, Josef!! And thank you for this kind offer. >From what I can tell so far, I think I will be using s-nail and trying to get oauthbearer authentication to work. I will probably be back here for help with the set up. Thanks again. Josef
Re: [S-mailx] gmail access past May 30
Hello again Josef. Steffen Nurpmeso wrote in <20220517210812.yhzh_%stef...@sdaoden.eu>: | <6283fcae.U3on3Kd7Xa2MGeWQ%jurek@computer-room01>: ||However, recently, Google has announced the following: ... || On May 30, you may lose access to apps that are using less || secure sign-in technology || || To help keep your account secure, Google will no longer || support the use of third-party apps or devices which ask || you to sign in to your Google Account using only your || username and password. Instead, you’ll need to sign in || using Sign in with Google or other more secure technologies, || like OAuth 2.0. || ||So, it looks like with my current .mailrc file, ||"heirloom mailx 12.5" and "s-nail 14.9.23" will stop ||working on May 30. || ||Can anyone coach me how to configure my .mailrc file so that ||I can continue to use gmail? | |You have two options, they are in the FAQ section of the s-nail |manual: | | I cannot login to Google mail (via OAuth) |and | But, how about XOAUTH2 / OAUTHBEARER? | |In short, you either use "2-step verification" and create an |application specific password, or you use "oauthbearer" (falsely |named) authentification. | |For Heirloom mailx only the former works. |I switched to the former for one of my Google accounts, finally, |and have not yet received more than the initial SMS on my mobile |phone. (But i do not use this account for real.) | |The latter only works for S-nail, and it requires a monstrous user |unfriendly setup (shown in the FAQ -- ask for further help!). |Note the Google support scripts shown in the FAQ no longer work |without hacks ([1]). I .. could try to find time tomorrow and do |something about that, hmm. By sheer luck i saw on the OpenBSD port ML a new port request for cyrus-sasl-xoauth2, and out of interest that lead me to [1], which is a good instruction, much better than the short FAQ entry of us. He offers oauthbearerScripts-2020-11-03.tar.bz2[2]. So i downloaded this, and the contained script fetchmail-oauth2.py works nicely with Python3! With the info from [1] and the software from [2] i run # python3 ./fetchmail-oauth2.py \ -c /tmp/x/oauthbearerScripts/xx.rc \ --obtain_refresh_token_file on a config like client_id=... client_secret=... refresh_token_file=/tmp/x/refresh_file access_token_file=/tmp/x/access_file max_age_sec=1900 (granted i had the client_id and the client_secret already, but [1] shows..) and it said To authorize token, visit this url and follow the directions: https://accounts.google.com/o/oauth2/auth? ^ Google stuff.. Enter verification code: Refresh token saved to '/tmp/x/refresh_file' Initial access token saved to '/tmp/x/access_file' Access Token Expiration Seconds: 3599 And it works. Easier than the Google script ever was, and still working! [1] http://mmogilvi.users.sourceforge.net/software/oauthbearer.html [2] http://mmogilvi.users.sourceforge.net/downloads/oauthbearerScripts-2020-11-03.tar.bz2 So if "2-step verification" is not for you, you could go this way, but only with S-nail. In the meantime i remember something i may have overseen in what the Google guy said, regarding nmh that i talked about. In the meantime i have become a Google Workspace member, and with that i will possibly be able to choose "Internal" type for s-mailx, and maybe like this i can manage that S-nail v14.10 does not enforce to do the dance shown at [1], but only the software from [2]. (Or, maybe even that, even though Python3 is practically everywhere (?), link against curl and jsmn and do it all from within S-nail itself.) Hope this helps. Ciao Josef! --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Re: [S-mailx] gmail access past May 30
Hello Josef. josef.ju...@gmail.com wrote in <6283fcae.U3on3Kd7Xa2MGeWQ%jurek@computer-room01>: |Since 2010, I have used various versions of |nail, heirloom mailx, and s-nail to access my |gmail account. | |Currently, I am using "heirloom mailx 12.5", |though I have "s-nail 14.9.23" running on my system |and I could switch to that. | | |However, recently, Google has announced the following: | | Date: Tue, 26 Apr 2022 01:43:05 GMT | Subject: You may lose access to some of your third-party apps | From: Google | | On May 30, you may lose access to apps that are using less | secure sign-in technology | | To help keep your account secure, Google will no longer | support the use of third-party apps or devices which ask | you to sign in to your Google Account using only your | username and password. Instead, you’ll need to sign in | using Sign in with Google or other more secure technologies, | like OAuth 2.0. | |So, it looks like with my current .mailrc file, |"heirloom mailx 12.5" and "s-nail 14.9.23" will stop |working on May 30. | |Can anyone coach me how to configure my .mailrc file so that |I can continue to use gmail? You have two options, they are in the FAQ section of the s-nail manual: I cannot login to Google mail (via OAuth) and But, how about XOAUTH2 / OAUTHBEARER? In short, you either use "2-step verification" and create an application specific password, or you use "oauthbearer" (falsely named) authentification. For Heirloom mailx only the former works. I switched to the former for one of my Google accounts, finally, and have not yet received more than the initial SMS on my mobile phone. (But i do not use this account for real.) The latter only works for S-nail, and it requires a monstrous user unfriendly setup (shown in the FAQ -- ask for further help!). Note the Google support scripts shown in the FAQ no longer work without hacks ([1]). I .. could try to find time tomorrow and do something about that, hmm. [1] https://github.com/google/gmail-oauth2-tools/issues/49 (In fact better OAuth support is in the queue for v14.10, but i dislike OAuth also for reasons shown in the FAQ, and i have no time to do the necessary network stuff, so maybe we would need to link against cURL or similar in order to get this done in a better way, like for example the alpine(1) MUA did, or even nmh(1). It also requires JSON parsing, i also looked out jsmn for that, but i SCREAMed on IETF lists why JSON is necessary for simple key/value pairs. Oh it is a mess. Both OAuth implementations are monsters. If you have a throw-away smart phone i would recommend the former. I mean, if you use Google you are tracked anyway, unless you possibly use TOR, but even then a lot of things can be done -- i have no idea whether they do it. |In reading through the gmail documents, one part reads: | | You can sign in to your Google Account from any third-party | app that has the "Sign in with Google" option. | |Does s-nail have this option? I tried to get a real OAuth account for S-nail in the past, but it is not doable really. It was a messy discussion, for example |Security Assessment ... |Depending on the size and complexity of your app, the cost for the |third-party assessment might vary from $8,000 to $75,000. We'll give you |further information when your project reaches this stage of the |verification process. Until then, please do not pursue a security ... Or that: | |OAuth Consent Screen is in English | |There is no OAuth Consent Screen. |This is not a graphical program. | | |OAuth Consent Screen shows the App Name | |URL bar of the OAuth Consent Screen shows the Client ID containing the | |There is no URL bar, as this is not a graphical program. | | |project_number 713030725322 fully displayed (Note: this is not required \ | |for | |native Android and iOS apps) | |This .. will be hard to accomplish in text mode. See below. | | |Video shows the OAuth grant process that users will go through. | |For example, this is _all_ a user sees for logging into GMail. |This is me logging into my GMail account via IMAP. ..etc (console output paste).. |Thank you for your help. Maybe it has changed since. I should look again. But v14.10 not before late Autumn. Just call back if after the FAQ there remain questions, Josef!! --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)