Ken Hornstein wrote in
<20200720191854.EA8A179F0E@pb-smtp1.pobox.com>:
|>I noticed that my two gmail accounts stopped working. I can mhlogin
|>again, and was told:
|>
|> Sign in with Google temporarily disabled for this app This app has
|> not been verified yet by Google in order to use Google Sign In.
|
|Sigh. I guess the shoe has finally dropped.
|
|We need to do "something" to verify nmh as a valid Google app. I wasn't
|in charge of that, and my understanding was the last time we tried to do
|that it got rejected for some strange reason.
|
|Anybody know what we need to do here to fix this?
In the documentation of my MUA i link to
https://github.com/google/gmail-oauth2-tools/wiki/OAuth2DotPyRunThrough
For mutt(1) someone put quite some effort to generate a full
OAuth2 support script if i understood right what "flew by" in my
inbox. It should be in contrib, there.
Well, and in the manual of the MUA i maintain you could read
But, how about XOAUTH2 / OAUTHBEARER?
Following up I cannot login to Google mail (via OAuth)[43] one OAuth-
based authentication method is available: the OAuth 2.0 bearer token
usage as standardized in RFC 6750 (according SASL mechanism in RFC 7628),
also known as XOAUTH2 and OAUTHBEARER, allows fetching a temporary access
token via the web that can locally be used as a password[497]. The pro‐
tocol is simple and extendable, token updates or even password changes
via a simple TLS secured server login would be possible in theory, but
today a web browser and an external support tool are prerequisites for
using this authentication method. The token times out and must be peri‐
odically refreshed via the web.
Some hurdles must be taken before being able to use this method. Using
GMail as an example, an application (that is a name) must be registered,
for which credentials, a “client ID” and a “client secret”, need to be
created and saved locally (in a secure way). These initial configuration
steps can be performed at
https://console.developers.google.com/apis/credentials.
Thereafter a refresh token can be requested; a python program to do this
for GMail accounts is
https://github.com/google/gmail-oauth2-tools/raw/master/python/
oauth2.py:
$ python oauth2.py --user=EMAIL \
--client-id=THE-ID --client-secret=THE-SECRET \
--generate_oauth2_token
To authorize token, visit this url and follow the directions:
https://accounts.google.com/o/oauth2/auth?client_id=...
Enter verification code: ...
Refresh Token: ...
Access Token: ...
Access Token Expiration Seconds: 3600
$ # Of which the last three are actual token responses.
$ # Thereafter access tokens can regulary be refreshed
$ # via the created refresh token (read on)
The generated refresh token must also be saved locally (securely). The
procedure as a whole can be read at
https://github.com/google/gmail-oauth2-tools/wiki/
OAuth2DotPyRunThrough.
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)