I've been using a PHP script to access Google's SMTP and IMAP so that emails sent from the script page are copied to the client's Gmail sent items. However Google has now locked down and locked out "insecure apps" which also seems to lock out my script, no matter which settings I change in Gsuite or the gmail account. How would I make it a "secure app" given that the usual app password approach seems inapplicable, since the device is a web server?
Securing your App would consist on using the more secure OAuth2 protocol to make requests to the Gmail API or authenticate to the SMTP or IMAP.
Using the Gmail API is more user friendly and for your use case I think it's more indicated. You can start building a Gmail App using these tutorials.
Read these articles to know more about OAuth on Gmail Apps:
IMAP/SMTP
Google APIs
Related
I have to use my google account for gmail and drive services.
For drive services now i am using an service account but i cant find any possibility for send emails by service account.
Can i login to my account by google api php only using code?
I have registered in db my token && refresh_token, in any moment i could use it.
Gmail api does support service accounts, the only issue is that it only works with google workspace gmail accounts, you need to set up domain wide delegation on a workspace account to allow the service account to delignate as a user on the domain.
If you are only accessing your own account you can use Oauth2 and just store the refresh token, your app can just continue to use that to request a new access token whenever it needs.
Another option would be to go though the Gmail smtp server instead, using an apps password.
As of May 30, 2022, Google disabled less secure app access options. I understand that setting a Google Account to allow less secure app access was the key for PHPMailer to send emails via Gmail. I took over the maintenance of a few websites where this PHPMailer/Gmail functionality was used for the 'Contact us' pages.
https://support.google.com/accounts/answer/6010255?hl=en#zippy=%2Cuse-an-app-password
Now that this option is gone - what are the alternative solutions that do not require re-engineering the core functionality for the existing Contact Us pages?
You first port of call should be to read the docs. You've not needed to to use less secure apps for the last 5 years, but lots of people didn't realise that so now there's a frantic rush. In short, App Passwords are the easiest way to go as they don't require you to change your code at all, just update a password.
The quickest solution is to use use an apps password. This will require that you have 2fa enabled on your google account to create the apps password.
The second option is to use Xoauth2 to request authorization of the owner of the account. Then you can send an access token instead of the password.
There is a very good guide to how to set this up here Using Gmail with XOAUTH2
$mail->oauthUserEmail = "<your gmail address>#gmail.com";
$mail->oauthClientId = "237644427849-g8d0pnkd1jh3idcjdbopvkse2hvj0tdp.apps.googleusercontent.com";
$mail->oauthClientSecret = "mklHhrns6eF-qjwuiLpSB4DL";
$mail->oauthRefreshToken = "1/7Jt8_RHX86Pk09VTfQd4O_ZqKbmuV7HpMNz-rqJ4KdQMEudVrK5jSpoR30zcRFq6";
As long as this is a single user app you will not need to apply for verification.
I receive confirmation from users in my gmail account. I want to read them with a server side php script to display confirmation on my website. I got OAuth 2.0 client IDs and a service key from Google APis. How do I use these keys with the specific gmail account to get the emails? I cannot find any simple documentation.
You can not use a service account to access a normal users Gmail account. This is because there is no way to preauthorize it.
What you need to do is have the users authenticate your application using Oauth2 and get a refresh token for each user. Then you will be able to use the refresh token in your server sided script to request a new access token which you can use to read there gmails. The Google PHP client library team has created some examples for using their library which might help you. Google-api-php-client
Side note: If the users you are speaking of are part of a Google domains account then you can do it by giving service account permissions to access the users emails.
I'm using the PHP imap extension to read emails from a gmail account but when I tried it the first time I got an email from google telling me that it had blocked the sign-in because it was "from an app that may put your account at risk" and that "Google will continue to block sign-in attempts from the app you're using because it has known security problems or is out of date" . I had to go to the settings on gmail and manually "allow access to less secure apps". So my question is how do I make my sign-in attempts more secure so that I don't have to "allow access to less secure apps"?
I need to download Gmail emails using php api. there APIs for google. i do not exactly which api to use. i have web application. i have registered my application on google, oauth2.0. at this url Google Api console. i have downloaded this php API
I which there are many services. but not gmail. I do not want to use accessing emails using username and password API. i want to access using the token. which is permanent access token.
Google support OAuth authentication for IMAP. Use that.