3

I have a desktop application which sends email from Gmail using SMTP.

Since Less secure Apps will not longer be supported, I am trying to use Google API with OAuth2. Is there any other way I can use to send email from Gmail accounts?

Also, if I use Google API with OAuth2 can we configure the client ID and client secret generated from Admin Gmail account and use the same for all the other users for authorization?

I am following this tutorial: https://www.youtube.com/watch?v=44ERDGa9Dr4

Thanks in advance!

Improve this question

1 Answer 1

Reset to default
3

I have a desktop application which sends email from Gmail using SMTP. Since Less secure Apps will not longer be supported, I am trying to use Google API with OAuth2.

If you want to stick with smtp did you consider checking out Did you consider checking Xoauth2?

Have you tried using an app password im not sure if thats going away as well.

Can we configure the client ID and client secret generated from Admin Gmail account and use the same for all the other users for authorization?

If you have a google workspace domain, Then you could use a service account and set up domain wide delegation which would allow the service account to impersonate any user on your domain.

If these are standard google gmail email accounts then you will need to use oauth2 to request consent from each user.

verification

remember if you switch to Oauth2 you will need to have your app verified

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

@DalmTo Thank you for all your suggestion, I will try them. Also, I am not working with a google workspace domain, by admin I meant like a developer gmail account which will be used to create the app and generate ClientID/Client Secret. They are standard gmail accounts, and its fine if I have to request consent from each user, just will the oauth2 credentials work for all the users if hardcoded?
The user needs to authorize your app, then you can store the refresh token. You can use the refresh token at a later date to request a new access token which will give you access to the users account via the gmail api. Remember that verification for a gmail restricted scope is going to cost between $15k - $75k each year for the security audit.
@DalmTo, Is the verification compulsory? Also Is there any other way than Gmail Api?
not always if its a single user app for example it shouldn't need to be verified but you need to apply and they will tell you. You should read though Verification or watch this What you need to know about application verification
@DalmTo, I need to just send Email from client's email id and it is a Desktop software, not a mobile application. Based on what i read, I dont think verification will be mandatory for my case.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.