Gmail released a new API and since the auth scope is the same as for IMAP, it looks like IMAP access tokens will work on the Gmail API.
What is unclear is if OAuth 1 tokens will work on the Gmail API. I have legacy OAuth 1 tokens I'm considering migrating from IMAP to the Gmail API but I cannot ask the users to update their credentials.
Gmail API does not support the deprecated Oauth1 standard. A forward-path for upgrading those tokens to Oauth2 (without user involvement) can be found:
https://developers.google.com/accounts/docs/OAuth_ref#migration
Related
I now researched quite some time to understand OAuth 1.0a, OAuth 2.0 and OpenID Connect. I read their RFCs/Specs and still have one question regarding Google and their Authorization Code Grant on mobile.
OAuth 2.0 states in chapter 4.1.3:
The authorization server MUST require client authentication for confidential clients [...]
My Question:
How can Google ensure it's client authentication for a mobile client?
Thanks,
Dominik
The Google Developer Consoles (even the old version) no longer lists the Mail API in the list of available APIs.
I'm trying to develop a web application which acts on behalf of users to manage their Gmail, like Mailbox. This requires using the Gmail IMAP API with XOAUTH2 authentication with an OAuth 2.0 access token. The documentation instructs provisioning OAuth 2.0 token with a https://mail.google.com/ scope. Provisioning credentials for a web application then requesting a token with this scope yields a 403 response with an accessNotConfigured error. There are options in the developer console for configuring other APIs, but there is no option to configure access for the Mail API.
Attempting to provision the mail scope in the Google OAuth Playground using their client credentials works correctly and the resulting access token can be used to access Gmail IMAP with XOAUTH2.
Have Google disabled OAuth 2.0 authentication for Mail using new credentials, or is it just hidden? I can't find a way to contact them and ask for Mail API access.
Just create any client id it doesn't matter what API you select. When you make the authentication request send the scope of https://mail.google.com/. That will get you the access token you need to login to the imap server.
Is it possible to get a Twitter access token with OAuth 2.0? I came along this thread but I don't understand it. Do they support OAuth 2.0 or are they still using OAuth 1.0A?
Quoting from this page:
Twitter offers applications the ability to issue authenticated
requests on behalf of the application itself (as opposed to on behalf
of a specific user). Twitter's implementation is based on the Client
Credentials Grant flow of the OAuth 2 specification. Note that OAuth
1.0a is still required to issue requests on behalf of users.
Therefore, no they do not fully support OAuth 2.
What is the preferred method of accessing the Gmail API across sessions without user input? E.g. user logs in once, some fairly-non-sensitive ID is stored on my server, and I use that ID along with my app's secret/key to access user's mailbox...
I noticed that OAuth 1.0 is now deprecated by google (I'm assuming that OAuth 1.0 enables the aforementioned login mechanism), so what should we use? Does OAuth 2.0 + IMAP work with Gmail?
I'm using a Rails 3.2.6 backend.
Without storing the user's password, the only way for full GMail access is using IMAP/SMTP with OAuth 1. With OAuth 2 you currently can only access the Atom Inbox Feed.
Though OAuth 1 was already marked deprecated by Google, it should be supported until April 2015.
UPDATE:
OAuth 2 authorization support for GMail IMAP/SMTP just recently arrived, so this is now the recommended way to go.
I don't find any information in the oAuth API docs about oAuth 1.0 being deprecated.
However oAuth 2.0 seems to be there as well for Gmail: oAuth 2.0 Playground.
I'm building a Rails web app. I use OmniAuth for authentication.
I would like to provide API access but only after the user has authenticated themselves with OAuth (via twitter mainly).
Any suggestions of where to start?
EDIT: add more context as requested
Not trying to become an Oauth provider, but simply use the same login tokens. For example, you log into my app through twitter. You have both the token and secret OAuth tokens. I want to use those tokens to allow a user API access to the site.
I have a similar question: Retrieving OAuth tokens (on server) from Faraday OAuth module (from client)