SecureSMTPClientSession on gmail

[micheleselea]

Hi all this morning I found that google block by default application that try send email without match newer security standard. I always use SecureSMTPClientSession without problem since few days ago. There's a walk around in gmail configuration for let "less secure" application to send email.
After few debugging I think the problem was related to the context build with CLIENT_USE instead for example TLSV1_2_CLIENT_USE...but this didn't help.
I think the problem is related to the authentication method because google suggest to use OAuth 2.0 and I think that is the problem. Have you found the same behavior?

[obiltschnig]

As a first measure you can turn on "Allow less secure apps" on your Google account settings page (Sign-in & security > Connected apps & sites).
Proper measure would be to add OAuth 2 support to SMTPClientSession. The required changes to SMTPClientSession are rather trivial. The hard part is obtaining the bearer token, especially if your application does not have a built-in web server to handle the necessary OAuth authorization work flow.

[obiltschnig]

Added XOAUTH2 support to SMTPClientSession based on information from https://developers.google.com/gmail/xoauth2_protocol?hl=en. Untested for now. Good luck ;-)
8022781

[micheleselea]

I already activated Allow less secure apps ;)
As soon I have time to test XOAUTH2 add-on I'll try and let you know

[micheleselea]

Ok I tried the code, and I think it can work but the Base64Encoder has a strange default behavior that put a \r\n token somtetime in the base64 encoded stuf. This break the protocol, and I think can break the protocol even in the other modes like loginUsingPlain.
Do you know about \r\n token added?

[micheleselea]

Ok found...is Base64EncoderBuf::setLineLength
probably the SMTPClientSession need to set it to 0 before calling encode stuff, otherwise it can breaks the SMTP protocol

[obiltschnig]

Ah, yes, set line length to 0.

[obiltschnig]

I'll fix it.