Difference between revisions of "Oauth2"
(Filled in some info for the Gmail 0auth2 setup process that some users may find helpful to deal with issues that may arise.) |
m (readability improvements) |
||
| Line 11: | Line 11: | ||
Publishing status (of project): 'Testing' (initial default) | Publishing status (of project): 'Testing' (initial default) | ||
User type: External | User type: External | ||
| + | |||
Notes related to the above: | Notes related to the above: | ||
| − | |||
| − | |||
| − | |||
| − | OAuth consent screen settings: | + | 1. If/when you create a new project, if it appears that the process has stalled, look in the top-right corner for a notification icon that you can click on and then select the relevant project. This should then open that project's dashboard so you can continue with the process. (As of 24 Mar 2022.) |
| + | |||
| + | 2. Regarding Google's above-linked instructions related to the "Credentials" page: Where it says "Click 'New Credentials'" it should read "Click '+ CREATE CREDENTIALS'" (as of 24 Mar 2022). | ||
| + | |||
| + | 3. Regarding "Publishing status", there isn't an option to choose this when you are creating a new project. It seems that the status will be considered as 'Testing' unless/until you have clicked on 'Publish App' in the 'Publishing status' section of the 'OAuth Consent Screen'; then it will be considered as being 'In Production'. (However, 'publishing' the app may require that it be submitted to Google for verification, which requires a variety of submissions that seem more relevant to the developers of an app for 'everyone' rather than for a user who is trying to set something up for themselves.) It is possible to get it working by using the 'Testing' status if you add the relevant email address to the 'Test Users' list on the 'Edit App Registration' - 'Test Users' page of the 'OAuth Consent Screen' setup process (or on the main 'OAuth Consent Screen' page). However, authorization with this status may only last for seven days. (As of 24 Mar 2022.) | ||
| + | |||
| + | |||
| + | '''OAuth consent screen settings:''' | ||
App name: Anything of your choice | App name: Anything of your choice | ||
User support email: Your own email | User support email: Your own email | ||
| Line 22: | Line 27: | ||
App domain entries: Leave blank | App domain entries: Leave blank | ||
| − | Scopes settings: | + | '''Scopes settings:''' |
Click on 'Add or Remove Scopes'. | Click on 'Add or Remove Scopes'. | ||
Select (check the box) this entry: "Gmail API, https://mail.google.com/, Read, compose, send and permanently delete all your email from Gmail" | Select (check the box) this entry: "Gmail API, https://mail.google.com/, Read, compose, send and permanently delete all your email from Gmail" | ||
| Line 31: | Line 36: | ||
Click on 'Save and Continue'. | Click on 'Save and Continue'. | ||
| − | Getting the ClientID | + | '''Getting the ClientID''' |
APIs and Services on the left menu, then Credentials entry | APIs and Services on the left menu, then Credentials entry | ||
| Line 38: | Line 43: | ||
Select "Edit Oauth Credentials" (pencil icon), then copy the Client Secret to the entry in Claws Mail Oauth2 account preferences screen. | Select "Edit Oauth Credentials" (pencil icon), then copy the Client Secret to the entry in Claws Mail Oauth2 account preferences screen. | ||
| − | + | '''Troubleshooting:''' | |
| − | + | ||
| + | It's possible / probable that Gmail will 'complain' about giving access to an unverified third-party app. If this keeps you from using Claws to access your Gmail, you may need to login to Gmail's webmail and change your security settings there to allow access to 'less-secure' third-party apps. | ||
Revision as of 16:42, 24 March 2022
Setting up OAuth 2.0 for Gmail
Follow the instructions here: https://support.google.com/googleapi/answer/6158849
Note: Before starting, make sure that you are not logged in (via webmail) to any Gmail account, or that you are logged in to only the relevant account.
When setting up the project use these settings:
Project name: Anything of your choice Publishing status (of project): 'Testing' (initial default) User type: External
Notes related to the above:
1. If/when you create a new project, if it appears that the process has stalled, look in the top-right corner for a notification icon that you can click on and then select the relevant project. This should then open that project's dashboard so you can continue with the process. (As of 24 Mar 2022.)
2. Regarding Google's above-linked instructions related to the "Credentials" page: Where it says "Click 'New Credentials'" it should read "Click '+ CREATE CREDENTIALS'" (as of 24 Mar 2022).
3. Regarding "Publishing status", there isn't an option to choose this when you are creating a new project. It seems that the status will be considered as 'Testing' unless/until you have clicked on 'Publish App' in the 'Publishing status' section of the 'OAuth Consent Screen'; then it will be considered as being 'In Production'. (However, 'publishing' the app may require that it be submitted to Google for verification, which requires a variety of submissions that seem more relevant to the developers of an app for 'everyone' rather than for a user who is trying to set something up for themselves.) It is possible to get it working by using the 'Testing' status if you add the relevant email address to the 'Test Users' list on the 'Edit App Registration' - 'Test Users' page of the 'OAuth Consent Screen' setup process (or on the main 'OAuth Consent Screen' page). However, authorization with this status may only last for seven days. (As of 24 Mar 2022.)
OAuth consent screen settings:
App name: Anything of your choice User support email: Your own email Developer email: Your own email App domain entries: Leave blank
Scopes settings:
Click on 'Add or Remove Scopes'. Select (check the box) this entry: "Gmail API, https://mail.google.com/, Read, compose, send and permanently delete all your email from Gmail" (For the above, note that the list is in alphabetical order and you may need to go to a later page to find this entry.) (Also, if you can't find it in the list, you can enter the URL manually at the bottom of the page to add it to the list.) Click on 'Update'. Confirm that the section 'Your restricted scopes' shows the entry you just added. Click on 'Save and Continue'.
Getting the ClientID
APIs and Services on the left menu, then Credentials entry
Copy the ClientID to the custom entry box on Claws Mail Oauth2 account preferences screen.
Select "Edit Oauth Credentials" (pencil icon), then copy the Client Secret to the entry in Claws Mail Oauth2 account preferences screen.
Troubleshooting:
It's possible / probable that Gmail will 'complain' about giving access to an unverified third-party app. If this keeps you from using Claws to access your Gmail, you may need to login to Gmail's webmail and change your security settings there to allow access to 'less-secure' third-party apps.
Microsoft - for Outlook or Exchange
Sign in to microsoft account
Go to Azure Active Directory > App registrations
Direct link: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps
Choose "New Registration"
Display name: Anything you choose Application (client) ID - will be auto generated Object ID - will be auto generated Directory (tenant) ID - will be auto generated Supported account types - set to "All Microsoft account users"
Once app is registered you can configure it:
Branding tab - any entries you like
Authentication tab -
Redirect URI: https://login.microsoftonline.com/common/oauth2/nativeclient Supported account types: "Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)"
Certificates & secrets tab - No entries needed
Token configuration - No entries needed
API permissions tab - Add these:
Microsoft Graph:
- IMAP.AccessAsUser.All - Mail.ReadWrite - Mail.Send - offline_access - POP.AccessAsUser.All - SMTP.Send
Expose an API tab - No entries needed
Owners tab - No entries needed
Manifest tab - Leave at defaults
Quickstart tab - Leave alone
Integration assistant - Leave alone
Once configured the ClientID (also called Application ID) can be copied over to Claws Mail custom ClientID box. No Client Secret is needed - leave that entry blank in Claws Mail's custom Client Secret box.
