nmh-workers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mhlogin stopped working

From: Steffen Nurpmeso
Subject: Re: mhlogin stopped working
Date: Mon, 20 Jul 2020 21:33:18 +0200
User-agent: s-nail v14.9.19-86-gf42d80dc 
Ken Hornstein wrote in
<20200720191854.EA8A179F0E@pb-smtp1.pobox.com>:
 |>I noticed that my two gmail accounts stopped working.  I can mhlogin
 |>again, and was told:
 |>
 |>   Sign in with Google temporarily disabled for this app This app has
 |>   not been verified yet by Google in order to use Google Sign In.
 |
 |Sigh.  I guess the shoe has finally dropped.
 |
 |We need to do "something" to verify nmh as a valid Google app.  I wasn't
 |in charge of that, and my understanding was the last time we tried to do
 |that it got rejected for some strange reason.
 |
 |Anybody know what we need to do here to fix this?

In the documentation of my MUA i link to

  https://github.com/google/gmail-oauth2-tools/wiki/OAuth2DotPyRunThrough

For mutt(1) someone put quite some effort to generate a full
OAuth2 support script if i understood right what "flew by" in my
inbox.  It should be in contrib, there.
Well, and in the manual of the MUA i maintain you could read

 But, how about XOAUTH2 / OAUTHBEARER?
   Following up I cannot login to Google mail (via OAuth)[43] one OAuth-
   based authentication method is available: the OAuth 2.0 bearer token
   usage as standardized in RFC 6750 (according SASL mechanism in RFC 7628),
   also known as XOAUTH2 and OAUTHBEARER, allows fetching a temporary access
   token via the web that can locally be used as a password[497].  The pro‐
   tocol is simple and extendable, token updates or even password changes
   via a simple TLS secured server login would be possible in theory, but
   today a web browser and an external support tool are prerequisites for
   using this authentication method.  The token times out and must be peri‐
   odically refreshed via the web.

   Some hurdles must be taken before being able to use this method.  Using
   GMail as an example, an application (that is a name) must be registered,
   for which credentials, a “client ID” and a “client secret”, need to be
   created and saved locally (in a secure way).  These initial configuration
   steps can be performed at
         https://console.developers.google.com/apis/credentials.
   Thereafter a refresh token can be requested; a python program to do this
   for GMail accounts is
         https://github.com/google/gmail-oauth2-tools/raw/master/python/
         oauth2.py:

         $ python oauth2.py --user=EMAIL \
           --client-id=THE-ID --client-secret=THE-SECRET \
           --generate_oauth2_token
         To authorize token, visit this url and follow the directions:
           https://accounts.google.com/o/oauth2/auth?client_id=...
           Enter verification code: ...
           Refresh Token: ...
           Access Token: ...
           Access Token Expiration Seconds: 3600
         $ # Of which the last three are actual token responses.
         $ # Thereafter access tokens can regulary be refreshed
         $ # via the created refresh token (read on)

   The generated refresh token must also be saved locally (securely).  The
   procedure as a whole can be read at
         https://github.com/google/gmail-oauth2-tools/wiki/
         OAuth2DotPyRunThrough.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)
reply via email to
[Prev in Thread] Current Thread [Next in Thread]