3

Following this github article I am able to authenticate against GMail using OAuth2 and send gmail messages programmatically uisng SMTP and IMAP (clients from MailKit). The link was kindly provided by the author (jstedfast). The problem with the method is that it opens browser popup and requires user to authenticate, at least from time to time. Maybe this is because the method uses "User Secret" and not Service Account and private/public key, but I do not know for sure.

I need to send an email from server-type application, where there is no user to manually push the process forward. So far, the app is using standard SMTP authentication but this requires GMail/GSuite accounts to have "less secure" setting enabled and the customer does not want that.

There is a very old post (also by jstedfast) that shows how to authenticate email client with OAuth2, using Service Account and public/private key. I followed that article to the letter (except that I used json-packaged certificate, instead of p12 and used GMail not GSuite email) but the results are negative. Namely, when I try to execute client.Authenticate(accessToken) the response is exception that reads {"status":"400", "schemes":"Bearer", "scope": "https://mail.google.com/"}

I have access to GSuite and would not mind using it if necessary but, I have not found definite instructions and example that works. Would anyone be able to point at C# example that authenticates with OAuth2 through private/public key encryption and does not require user interaction ?

pete.a
  • 31
  • 3
  • I'm sorry that I did not respond sooner (I missed this one). It sounds like you did the right thing by following my older set of instructions which was for services. I'm not sure why it's not working for you, but when I registered my demo app, Google's portal gave me the certificate in a p12 file and not embedded in json. There are 2 different ways to register your app and how you register determines which method of authenticating via OAuth you need to use. My only recommendation is to make sure you register as a service as well (sounds like you did, though). – jstedfast Nov 15 '20 at 13:01
  • Big thanks for your comment jstedfast ! and no worries about late reply. I found that when working with "user secret" the pop-up happens for the first time and then only if G-OAuth2 detects a change that invalidates original approval. For example modification to the email account (new password) or change on a local computer where private key was stored (i.e. new machine name, time-zone).This allowed me to complete the original project while using "user secret" only. My client agreed to shift certificate-based OAuth2 for email sending to the next year, so I will return to it in Jan 2021. – pete.a Dec 07 '20 at 15:14
  • Any updates on this @pete.a? – hb0 Feb 14 '22 at 12:10

1 Answers1

0

This is possible with web app type OAuth client ID and manually created refresh token.
How to create correct OAuth client ID and get refresh token: https://stackoverflow.com/a/24123550/6075536
How to send email with MailKit then: https://stackoverflow.com/a/52413127/6075536

And keep in mind Refresh token expiration rules.

Kirsan
  • 254
  • 3
  • 5