Following this github article I am able to authenticate against GMail using OAuth2 and send gmail messages programmatically uisng SMTP and IMAP (clients from MailKit). The link was kindly provided by the author (jstedfast). The problem with the method is that it opens browser popup and requires user to authenticate, at least from time to time. Maybe this is because the method uses "User Secret" and not Service Account and private/public key, but I do not know for sure.
I need to send an email from server-type application, where there is no user to manually push the process forward. So far, the app is using standard SMTP authentication but this requires GMail/GSuite accounts to have "less secure" setting enabled and the customer does not want that.
There is a very old post (also by jstedfast) that shows how to authenticate email client with OAuth2, using Service Account and public/private key. I followed that article to the letter (except that I used json-packaged certificate, instead of p12 and used GMail not GSuite email) but the results are negative. Namely, when I try to execute client.Authenticate(accessToken) the response is exception that reads {"status":"400", "schemes":"Bearer", "scope": "https://mail.google.com/"}
I have access to GSuite and would not mind using it if necessary but, I have not found definite instructions and example that works. Would anyone be able to point at C# example that authenticates with OAuth2 through private/public key encryption and does not require user interaction ?
This is possible with web app type OAuth client ID and manually created refresh token.
How to create correct OAuth client ID and get refresh token: https://stackoverflow.com/a/24123550/6075536
How to send email with MailKit then: https://stackoverflow.com/a/52413127/6075536
And keep in mind Refresh token expiration rules.
Related
Does anyone know how I can send an email via my webserver (Azure Functions) to gmail?
This is for clients to contact us through a website so it needs to be frictionless and without a challenge.
I have followed this guide
https://developers.google.com/gmail/api/quickstart/dotnet?authuser=1
After creating my own implementation of IDataStore for Azure, I have painfully realised that this will try to challenge via the web browser.
We previously had this working using SMTP using similar method to this
How to send email by using MailKit?
but this requires us to set the 'Allow Un-secure Apps' flag which after a period of time automatically switches off and causes our contact us page to stop working.
I guess this should be possible using an API key which I have created but I can't find any documentation on how to send an email using just the API Key.
Gmail api route using google .net client library.
If you are using a gsuite domain email address then you can use a service account. Let me know if you need some code for this.
Otherwise you will need to run your code once locally authorize it stave the refresh token then set up your Idatastore to use the refresh token that you pass to it. As long as the refresh token is used regularly it shouldnt expire. Thats not saying it cant but it shouldnt it will need to be babysat a little if it fails just generate a new refresh token for it and it will be up and running again.
smtp route
if you want to use smtp your probably going to have to work out Xoauth2 I am not aware of anything out of the box for C# that works with that and the Google .net client library does not work with the smpt server.
I am writing a small client to sync the outlook calendar on a machine with a user's google calendar. I am using .Net (C#).
I just read about accessing the Google Calendar API using the Google APIs Client Library for .NET and tried some basic stuff.
Now regarding the Authorization, as far as I understood, the new "OAuth 2.0" Authorization requires a "user consent", which means the user is directed to a google page where they must explicitly allow my application access to their calendar.
As if this user interaction is not enough, I as a programmer have to handle "access tokens" or "refresh tokens" and all that stuff.
Now my question is:
Is there really no easier way to have an installed application communicate with the google API to access a user's calendar?
I would like my user to enter his username/password in a "Settings" dialog. His credentials would be stored locally (encrypted of course) and then be used later on every access via google API. I know this can be dangerous and all that however I would like that decision to lie with me.
So, is that possible?
No that is not possible. The entire point of OAuth is the user never gives a 3rd party (you) their username and password. The only thing you get is a token that allows you to connect that the user can revoke at any time. (Also if the user changes his password, you can still use the same saved token and do not need to make the user update their settings).
If you decide to "work around" this by saving the username and pasword and performing the "authorization" yourself you will be in violation with the TOS of the API and will have your application banned by Google (or any OAuth provider if you try it with someone else) for not following the rules.
I am developing web services using the servicestack.net library.
In my scenario, the web services will be called from a WPF application. I need the ability to authenticate that only an approved client app is calling my service.
Is this as simple as hardcoding a "username" and "password" in the client application? This certainly does not seem like the proper approach. Is there a better way?
EDIT
In addition, on the client end, Users themselves will be able to login with a username/password and initiate requests to the service(not sure if this effects anything, so I thought I would mention it),
For more background information about Authentication in ServiceStack see this question.
Normally you would authenticate users not clients which you seem to be doing in addition. But if you're trying to lock down services so their only accessible via a specific set of clients you should look into employing some PKI into your client and server.
Basically something along the lines of: the client sends an additional token at login with an encrypted version of the user:password together with a private key embedded in the app. The server has the client public key and so would do un extra validation step on Login to unencrypt the user:pass token and compare it with the validated user credentials.
If a PKI solution is too heavy, an alternate strategy without using encryption could be for clients to ship with a secret Guid which when they login which will send an MD5 hash version of the Guid and the current time, as well as the unhashed version of the time. If the time is within a specified threshold and the MD5 hash is valid then their using an authenticated client.
I am developing a project where I need to send tweets from my web applications. These tweets must be send via my account instead of user's account. The OAuth library forces us to show log-in screen which is not required in this case. I am looking for a way to log-in to twitter via my username and password (we are not asking user to submit username and password) and tweet a user activity or something...
the OOB/Pincode method is not feasible as well as it requires human interaction by entering pin code...
It could achieve if twitter have support for old authentication method (I believe Twitter no more support old auth method) .... Does anyone have idea how can I achieve this by OAuth or anything else?
I believe you need to use Twitter XAuth for this. It will allow you to generate a non-expiring access token for your application using a username/password. Once you have this you can dispose the username/password and use the token to authenticate further requests to the API.
If you want to send the tweets from the same account as the one your application is registered with, I believe you can also just use the access token provided in your app settings page. The documentation is here. You can skip down to the part where you have the OAuth token and need to sign the request.
I've provided an example of how to authenticate against Twitter using oAuth and the application access token here.
I would like to send an invitation request from my Facebook application written in C#.
Here is what I tried:
_fbService.API.notifications.sendEmail(DataList1.DataKeys[e.Item.ItemIndex].ToString(),"Invitation to play a game", "You are invited to play the game","");
This does not work, it only sends a notification, not a request.
What am I doing wrong?
If you are asking how you can send invitations to users who have not authorized your application (i.e. not inviting your application users to use a new feature or participate in an activity), then you can't with the API.
From the API documentation - Notifications.sendEmail:
Sends an email to the specified users, who have both authorized your application and granted it the email extended permission.
The API function that did allow this was Notifications.sendRequest but it has been disabled, perhaps due to consideration of abuse and security. See the documentation for the alternative.