Page 1 of 1

GMAIL Authentication

PostPosted: Tue May 22, 2018 7:20 am
by berkinet
Setting up Better Email (BTW, thanks) using a GMAIL account and ran into this problem:

google automatically wrote:
Google just blocked someone from signing into your Google Account from an app that may put your account at risk.
Less secure app
...
...
Are you the one who tried signing in?
Google will continue to block sign-in attempts from the app you're using because it has known security problems or is out of date. You can continue to use this app by allowing access to less secure apps, but this may leave your account vulnerable.

I have searched this forum and didn't see any reference to this problem. For now I have allowed Better Email to use my account, but I was wondering if there is a better fix to this issue.

Re: GMAIL Authentication

PostPosted: Tue May 22, 2018 10:05 am
by RogueProeliator
It wouldn't surprise me if that was because the Python version in use isn't using the latest TLS standard -- similar to the GitHub updater issue but Google is allowing you to circumvent the restriction.

Adam

Re: GMAIL Authentication

PostPosted: Tue May 22, 2018 10:27 am
by FlyingDiver
This has nothing to do with TLS. It's because Google wants two factor authentication for logins. Or something like that.

I think there's a way to use app-specific passwords similar to iCloud. But I don't use Gmail with BetterEmail, so I don't know the details.

I know that there are users doing so, hopefully one of them will pop up with the answer.

Re: GMAIL Authentication

PostPosted: Tue May 22, 2018 10:32 am
by berkinet
lanbrown wrote:
...To the OP, what version of macOS are you running?

Probably moot information having read FlyingDiver's response. But anyway it is 10.13.4

Re: GMAIL Authentication

PostPosted: Tue May 22, 2018 10:44 am
by berkinet
FlyingDiver wrote:
...I know that there are users doing so, hopefully one of them will pop up with the answer.

Well, according to google I have Visit your App passwords page. You may be asked to sign in to your Google Account.. I do that, and then immediately get
Screen Shot 2018-05-22 at 18.41.55.png
Screen Shot 2018-05-22 at 18.41.55.png (32.16 KiB) Viewed 3429 times


I guess I'll just manage with my less secure app :D

Re: GMAIL Authentication

PostPosted: Tue May 22, 2018 11:15 am
by RogueProeliator
FWIW, and for posterity, I was able to get time and actually do a bit of research in some of the developer docs -- looks like the main culprit are applications which are directly signing into Google and thus likely have your password stored. The two main workarounds are to either change the application to use OAuth for authentication OR enable 2-factor authentication and utilize the app-specific password. Obviously only the latter is a feasible solution from an end user perspective.

Berkinet - that App Passwords setting isn't available without 2-Factor Authentication enabled, perhaps that is not enabled on your account?

Re: GMAIL Authentication

PostPosted: Wed May 23, 2018 12:21 pm
by FlyingDiver
Adam - Can you point me to the docs for OAuth? If it's doable from Python I could possibly add it to the plugin.

Re: GMAIL Authentication

PostPosted: Wed May 23, 2018 10:50 pm
by RogueProeliator
Adam - Can you point me to the docs for OAuth? If it's doable from Python I could possibly add it to the plugin.

I honestly wouldn't worry too much about it -- the App Password works fine with the plugin and users really should enable two factor authentication anyway (and thus have access to the application passwords)! :-) One caveat, I believe the OAuth applications that I have seen are using the JSON API...

But if you really are interested:
https://developers.google.com/gmail/api/auth/about-auth

Re: GMAIL Authentication

PostPosted: Sat Jun 02, 2018 6:53 pm
by FlyingDiver
Decided I'm not interested in going down that road.

The answer seems to be to enable 2 Factor Authentication and then using app-specific passwords.