I know that smtp.gmail.com will no longer support less secure apps in 2021. In order to migrate to using oauth access tokens, I am trying to understand the flow.
I do not want to access users gmail account information, I simply want to send them an email that contains password recovery link for my application. Everything I've been reading talks about getting access_token and displaying consent screen to the user before sending emails. This indicates to me that all these tutorials assume you want to send emails on behalf of the user.
I just want to use a single gmail account to send password recovery emails. How can this be achieved?
Related
I'm trying to figure out the correct authentication pattern to use for Docusign for captive users on my site. The users have already authed on my site, and probably don't have Docusign accounts. I'm using the Docusign C# SDK's running on the server to get the Url for embedded signing. To create the envelope, I am currently sending an auth token generate by the user signing in to Docusign, but then they have to either have or create Docusign accounts.
If I don't want the users to have to sign in to Docusign, what is the proper way to authenticate the service to the Docusign API host?
If you use Auth Code Grant, then yes, you will have to use refresh tokens and then even these eventually expire.
If you use JWT, you only need to get consent once per-user (or use administrative consent for entire account) and then you won't need to have user log again or do anything again to obtain new access token ever.
Note: your end-users don't need to have DocuSign accounts, or consent or any of that. The sender will be the same fixed account you used to auth with JWT and you already consented to.
can GMAIL API be used for sending out account verification when registering to a site?
I plan to use it for email registration , verification, forgot password for transactional use
Yes it can but you may not want to unless you are using Google workspace.
To send an email using a standard google gmail account you will need to use Oauth2 and authorize the user who owns this account. Using Gmail scopes with an Oauth2 will require your application go go though a security audit. This audit is expensive and time consuming. Its up to you to decide if this is worth it or not.
You could go though the SMTP server and use something called an Apps password to authorize it. This solution would work but, google is shutting down unsave apps now and i fear that apps password will me next. If it is your only option then would be to use Xoauth2 with smtp. Which again may require that you verify the app.
If you do have a google workspace account then you could set up domain wide delegation to a service account allowing it to impersonate a user on your workspace domain. This solution would work without any issues. It would be optimal in my opinion.
I want to allow my users to register themselves by verifying otp that will be sent to email and phone number simultaneously and allow signup after verification. I am using azure adb2c user flows,
I am open for changing auth provider to Auth0 or firebase if they satisfy this use-case.
When it comes to Auth0, you would need to build out the functionality in your application code for a one time password to be sent out to the email and phone number simultaneously. I hope this helps bring some clarification. Thanks!
I am creating an app to extract user's emails once they arrive at the uesr' Gmail account (automatically).
After reading Gmail API, I conclude that each extraction (of a Gmail) would require a user authorization through the Oauth 2.0 flow.
I am wondering if there is a way to extract an (G)email by providing an api_key (each gmail account would have its own api_key, obtained by gmail account user registering the app with Google)? The key is to extract (g)email without requiring manual authorizations by gmail account owners.
After looking into the issue carefully, I have drawn a conclusion that Gmail (Hotmail, Yahoo mail are the same) does not support api_key authentication method for email accesses,
i.e. each time before an app accesses a gmail count, manual authentication is needed.
My Gmail Addon is making a request to an external server.
I want to make sure on the server that it's really the user / the addon.
How can I do that? can I save a token in the addon that can't be tampered with?
(The addon interact with Google servers, can I take advantage on that?)
Authenticating the user (email address) in our server can also be of great help
We can authenticate the user by passing the accessToken & emailId of the user to our server, get the google profile of the user using this access token by making Google UserInfo API call, validate the email id from this profile against the emailId that is passed from Gmail add-on. If they both are same, you can treat it is a valid authentication. This process is similar to SIGNIN WITH GMAIL feature which we see in all apps nowadays.
Once it is authenticated, you can return the application session id to the add-on which we can save it in the user cache. This session id we can use to fetch our app data.
CacheService.getUserCache().put("sid", <sessionId>);