So i came across this Less secure apps & your Google Account link, And it states that after the 30th of may this year, Enabling 'less secure apps' option will no longer be available.
I was wondering if there will be any alternative? I need to be able to read emails and download attachments through my application without the user having to do so himself, So the Gmail API is no good as far as i could see.
I also couldn't find any other option to access a gmail inbox without enabling this option... Ty for your time.
The whole point of this is that you should not be using someone's login and password to access gmail. You could try using an apps password but it is unlcear if this will work or not in the long run. Google has been very vague about that.
You should be authorizing the user either using Xoauth2 for the smtp server or by using the Gmail api and authorizing the user.
With oauth you can request a refresh token and then you will only need to request the users permission once after that you can use your refresh token to request a new access token.
The java mailer API works on password authentication(username and password). And if you want to use it with Gmail SMTP Server Address as the host you need to allow access less secure apps in your email account but this option is not available since may 30, this password authentication method will not work using gmail.
The option you can have is to use the gmail API to read/write to your gmail account another option is to use oauth2 to authenticate the account and save the tokens to the file so that you can use it to authenticate every time you call the api. For more on authorizing your app with google click here
Related
I have discovered that basic authentication to email account no longer works, when using java.mail library. It seems that an OAuth2 based authentication is needed. I need help in defining the actual steps. I have created a sample app in Azure and granted the IMAP, POP and SMTP permissions to it, but I don't know what are the next steps, how to actually tell my email reader (in Java code) that it should use this app and actually connect to the email inbox. The email server is a Microsoft Exchange server.
I'm trying to make a kind of email client program. I'm using transport.connect to attempt to connect to the users Gmail account with their username and password, but the application will return this if they don't have the setting to enable less secure access and I don't want to have to have that because not every user will know. I also don't need to get or send mail, I just need to get a valid sign in.
"Less secure apps" in that setting specifically means username and password.
You need to use OAuth, so that your code never sees the user's password.
I've written an android app to get my account usage such as Voice data usage, SMS data usage from Ringplus site (ringplus.net).
Ringplus API (https://docs.ringplus.net/) uses Oauth2. And the app that I wrote has hard coded client id & secret for my account.
Now, everything works fine for my account. But I want to give this app to my friend so that he can also use it to view his account usage.
With client id & secret hardcoded, how would that work for my friend?
Also, when I created app in Ringplus website, I just added redirect_uri as something which does not exist like http://localhost since I don't have anything hosted.
So, my question is how do I distribute my app with client id & secret hard coded?
Thanks
If I am not wrong the client ID and secret are for the API access. That one cannot be replaced and needs to be present for the application to successfully authentication / authorize with the API.
If you are not keen on sharing you client id and secret than you can provide a preferences screen in the android app, for the user to enter that information. But the user would need to sign up for the API (as you did). Use the information entered in the SharedPreferences can be use to connect to the API.
You should store client secret in a server. Upon receiving the code by sending clientid to ringplus you will get code to your server redirect uri. From here you can send the client secret to ringplus and send authentication token to the user
I have a running and working implementation of the Java Mail API. I am using the api to send out bulk email messages. On some occasions, the login gets blocked by google. So, I go to my gmail account and allow access to apps and set the security level to give access to apps that don't use what google calls "modern security". So, the google page tells me to try my program again. I try it again and it still won't let me log in. On some occasions when I have a login fail, I can go to the account, log in, and type in the recaptcha. This will allow me to log back in shortly after and send emails. However, the problem I am now experiencing does not show any recaptcha, nor does it say anything about any unknown apps that tried to access the account. It says nothing, and just wont let me log in to my account. I created two new accounts for testing and they worked fine. The account that I created that doesn't work only allowed me to send 17 emails before it blocked my service. Does anyone have any suggestions? Thanks!
Go to your Gmail account setting page and Enable access of Less secure apps. Then try with Java Mail API. Hope it works for you.
Make sure that your JavaMail with google auth is working fine, Check concurrently with Different app. If not post your code
If you're using a free Gmail account, Google might think your bulk email is spam (duh). If you're going to send bulk email, it may be time to pay someone for a business account that will let you do that.
I'm currently developing an android app where the user has to fill out and successfully send the data of a few text fields to a recipient/server, to enable a feature.
The big issue is how to do that in a secure way to be protected against e.g. decompiling. My concern is not the security during the transport but rather the security of the transport medium.
What I've thought/read so far:
I could send the data via mail with the Java Mail API.
First of all, I don't want require that the user has to enter his mail credentials and SMTP server.
That would mean that I have to include the credentials to a mail account in the app, though.
To avoid the situation that somebody decompiles the app and takes over my mail account, I thought of encrypting methods, but even if I would save the aes encrypted version of the password, the attacker could decompile the app and could add a syso to output the decrypted password.
The same applies to OAuth authentication because I have to store an authentication token.
In addition to the mail version, I read something about getting the password with a POST request from a web service, which doesn't seem safer at all.
I could search for free smtp server without the need of credentials, but I want something I can rely on instead of waking up each day and looking if the service still works.
Send the data to a web service.
Okay that would require more work for me, but I would accept that, if there would be a solution without saving the credentials in the app or having a web service which accepts data from everybody.
Have I overlooked something? Or is there no safe method without asking the user for his mail credentials or google account etc. ?
OAuth would probably work. The nice thing about OAuth is that if a token is compromised it can be revoked on the server side.
You could create a web service that accepts TCP connections on some port. You could have some authentication mechanism for example Digest authentication that would be carried out before accepting data.
Another option would be to use an API such as Golgi. Golgi requires a developer key, app key and app instance id to connect to the servers and send data. In the event these credentials somehow get compromised you can simply change the app key and push a new version of the app through the Play Store.