G Suite Oauth Support for fetching and sending email. (Needed before June 15, 2020)

[rdytogokev]

G Suite just sent this message out announcing that "Less Secure Apps" will no longer be allowed to access their system soon. In other words, if you are using freescout with G Suite, things will stop working unless Oauth support is implemented.

Here are the contents of the email I have received:

Starting February 15, 2021, G Suite accounts will only allow access to apps using OAuth. Password-based access will no longer be supported.

Dear Administrator,

We’re constantly working to improve the security of your organization’s Google accounts. As part of this effort, and in consideration of the current threat landscape, we’ll be turning off access to less secure apps (LSA) — non-Google apps that can access your Google account with only a username and password, without requiring any additional verification steps. Access through only a username and password makes your account more vulnerable to hijacking attempts. Moving forward, only apps that support a more modern and secure access method called OAuth will be able to access your G Suite account.

Access to LSAs will be turned off in two stages:

June 15, 2020 - Users who try to connect to an LSA for the first time will no longer be able to do so. This includes third-party apps that allow password-only access to Google calendars, contacts, and email via protocols such as CalDAV, CardDAV and IMAP. Users who have connected to LSAs prior to this date will be able to continue using them until usage of all LSAs is turned off.

February 15, 2021 - Access to LSAs will be turned off for all G Suite accounts.
What do I need to do?

To continue using a specific app with your G Suite accounts, users in your organization must switch to a more secure type of access called OAuth. This connection method allows apps to access accounts with a digital key instead of requiring a user to reveal their username and password. We recommend that you share the user instructions (included below) with individuals in your organization to help them make the necessary changes. Alternatively, if your organization is using custom tools, you can ask the developer of the tool to update it to use OAuth. Developer instructions are also included below.

MDM configuration
If your organization uses a mobile device management (MDM) provider to configure CalDAV, CardDAV, and Exchange ActiveSync (Google Sync) profiles, these services will be phased out according to the timeline below:

June 15, 2020 - MDM push of IMAP, CalDAV, CardDAV, and Exchange ActiveSync (Google Sync) will no longer work for new users.

February 15, 2021 - MDM push of IMAP, CalDAV, CardDAV, and Exchange ActiveSync (Google Sync) will no longer work for existing users. Admins will need to push a Google Account using their MDM provider, which will re-add their Google accounts to iOS devices using OAuth.

Other less secure apps
For any other LSA, ask the developer of the app you are using to start supporting OAuth.
If you use other apps on iOS or MacOS that access your G Suite account information through only a password, most access issues can be resolved by removing then re-adding your account. When you add it back, make sure to select Google as the account type to automatically use OAuth.

[freescout-helpdesk]

Suggestion submitted to Google: google/gmail-oauth2-tools#18

[amirkhan7]

https://github.com/laravel/socialite - not sure if this is helpful as an additive connection method..

[freescout-helpdesk]

According to this, App Passwords will continue to work after oAuth 2.0. will be enforced in G Suite (information is confirmed by G Suite support). So we've prepared an instruction on how to connect G Suite to FreeScout using App Passwords. All G Suite users should now use App Passwords to connect to FreeScout.

Situation with App Passwords and enforcing oAuth in Microsoft Office 365 Exchange is not so clear yet. If you are using FreeScout with Microsoft Office 365 Exchange please proceed to this issue.

Also see post in our blog: https://medium.com/@freescout/oauth-2-0-g-suite-microsoft-365-and-php-7da16ca74314

Adding oAuth support to the FreeScout IMAP includes the following complications:

1. The only suitable IMAP library supporting oAuth is Horde IMAP Client. (Zend/Laminas Mail library is not suitable as it does not support searching emails by date, etc).
2. Adding Horde IMAP Client library to the FreeScout will add around 800 new files/folders to the core and several megabytes to the dist of the app, which may cause problems when updating the app on some hostings.
3. After switching from Webklex IMAP library to Horde IMAP Client library it may take a year to debug and fix all the issues which will arise.
4. PHP developers decided to add oAuth support to the PHP IMAP extension: https://wiki.php.net/todo/ext/imap/xoauth2
5. So taking all above into account the FreeScout Team would rather prefer to wait for the oAuth to be added to the standard PHP IMAP extension, which may take a year or more.

[fulldecent]

date is passed. recommend to close issue