Jump to content
Ugochukwu Mmaduekwe

Sending Email via GMail Using OAuth 2.0 via Indy

Recommended Posts

On 11/7/2019 at 11:50 AM, Ugochukwu Mmaduekwe said:

Does anyone have some sample code on how I can send email from Gmail in my Delphi App using OAuth 2.0 via Indy?

Indy does not currently support OAuth yet.  However, it would be fairly simple to create a TIdSASL-derived component that can be added to the TIdSMTP.SASLMechanisms collection to transmit an OAuth bearer token using the SMTP "AUTH XOAUTH2" command.  But getting that token in the first place is the tricky part, and has to be done outside of SMTP.

Edited by Remy Lebeau
  • Thanks 1

Share this post


Link to post
On 11/11/2019 at 2:02 PM, Remy Lebeau said:

Indy does not currently support OAuth yet.

However, you don't actually need OAuth to access GMail.  You can instead go into your Google account settings and generate an Application-specific password, which works just fine with Indy.

Edited by Remy Lebeau

Share this post


Link to post
On 11/12/2019 at 9:02 AM, Remy Lebeau said:

Indy does not currently support OAuth yet.  However, it would be fairly simple to create a TIdSASL-derived component that can be added to the TIdSMTP.SASLMechanisms collection to transmit an OAuth bearer token using the SMTP "AUTH XOAUTH2" command.  But getting that token in the first place is the tricky part, and has to be done outside of SMTP. 

I have now updated my demo to use an TIdSASL derived component that I created.  I must admit that it does use the Delphi TOAuth2Authenticator component as well which is not a Indy component... but it has been in Delphi going back quite a few versions.

  • Like 1

Share this post


Link to post
10 hours ago, Remy Lebeau said:

However, you don't actually need OAuth to access GMail.  You can instead go into your Google account settings and generate an Application-specific password, which works just fine with Indy.

The problem with application password is that it requires 2FA setup which in turn forces you to authenticate each login even though it's for something as trivial as sending mails from your app.

Edited by Ugochukwu Mmaduekwe

Share this post


Link to post

Gmail still allows SMTP and POP3 access with basic authentication, provided you ignore all attempts by Google to set-up better security on the account, and accept the odd/regular email that your account is being used by a suspicious application.  But once you have turned on 'better security' (forget it's real name) you can not turn it off, so have to set-up a new gmail account. 

 

The OAuth2 option is not too bad, you only need to authenticate with a Google login using a browser once and the refresh token provided remains valid until not used for six months, or when the account is changed. so you can get a new access token each time you send email without needing to authenticate again.  Other OAuth2 implementations usually expire the refresh token within 24 hours.

 

Angus

 

Share this post


Link to post
5 hours ago, Ugochukwu Mmaduekwe said:

The problem with application password is that it requires 2FA setup which in turn forces you to authenticate each login even though it's for something as trivial as sending mails from your app.

2FA is a good thing.  And no, you don't actually need to authenticate every login.  An app-specific password is meant to be used in only 1 location and shouldn't be passed around. You can set Google to remember where the password is being used from so you don't have to re-authenticate every time it is used from that location.  I use app-specific passwords when testing Indy with GMail (POP3, SMTP, and IMAP) and don't have to re-authenticate each time.

  • Thanks 1

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×