Later this year, Google will start the process of deprecating what they call "Less Secure Apps" which only use a username and password to access Google Accounts, which includes apps using protocols like IMAP and SMTP.
Currently GMail is used as an outgoing SMTP mail server for the webthings.io instance of the registration server, to send emails to confirm an email address or reclaim a subdomain.
From 15th June 2024, no new users will be able to enable less secure apps which will mean that people won't be able to configure new instances of the registration server to use Google as an SMTP server (not a huge problem, since other options are available and the webthings.io instance should keep working).
From 30th September 2024 access to Less Secure Apps will be turned off for all Google Workspace accounts, and protocols like IMAP and SMTP will stop working. This is a bigger problem because it means the webthings.io registration server will no longer be able to send new outgoing emails.
In order for the registration server to continue sending outgoing mail via Google's mail servers, we will need to implement OAuth2 support on the registration server, to authenticate with the noreply@webthings.io GMail account.
The Google Workspace documentation says this involves using SASL (Simple Authentication and Security Layer) authentication for SMTP. It's possible that the application may also have to be verified by Google in order to gain this API access, but there are exceptions which I think may cover us.
The registration server appears to use the lettre Rust library for outgoing mail. According to the documentation, the authentication module of this library "provides limited SASL authentication mechanisms", but I'm not sure what this means.
An alternative to implementing OAuth2 for the registration server would be to switch to an alternative paid email service which still supports less secure password-based SMTP authentication, but that will entail an additional ongoing cost because webthings.io currently piggyback's on top of Krellian's paid Google Workspace account. It would also mean we couldn't use other Google Workspace features for webthings.io like the team@webthings.io email alias in Google Groups. Using a lesser known outgoing mail service may also result in more outgoing emails being filtered out as spam.
Later this year, Google will start the process of deprecating what they call "Less Secure Apps" which only use a username and password to access Google Accounts, which includes apps using protocols like IMAP and SMTP.
Currently GMail is used as an outgoing SMTP mail server for the webthings.io instance of the registration server, to send emails to confirm an email address or reclaim a subdomain.
From 15th June 2024, no new users will be able to enable less secure apps which will mean that people won't be able to configure new instances of the registration server to use Google as an SMTP server (not a huge problem, since other options are available and the webthings.io instance should keep working).
From 30th September 2024 access to Less Secure Apps will be turned off for all Google Workspace accounts, and protocols like IMAP and SMTP will stop working. This is a bigger problem because it means the webthings.io registration server will no longer be able to send new outgoing emails.
In order for the registration server to continue sending outgoing mail via Google's mail servers, we will need to implement OAuth2 support on the registration server, to authenticate with the noreply@webthings.io GMail account.
The Google Workspace documentation says this involves using SASL (Simple Authentication and Security Layer) authentication for SMTP. It's possible that the application may also have to be verified by Google in order to gain this API access, but there are exceptions which I think may cover us.
The registration server appears to use the lettre Rust library for outgoing mail. According to the documentation, the authentication module of this library "provides limited SASL authentication mechanisms", but I'm not sure what this means.
An alternative to implementing OAuth2 for the registration server would be to switch to an alternative paid email service which still supports less secure password-based SMTP authentication, but that will entail an additional ongoing cost because webthings.io currently piggyback's on top of Krellian's paid Google Workspace account. It would also mean we couldn't use other Google Workspace features for webthings.io like the team@webthings.io email alias in Google Groups. Using a lesser known outgoing mail service may also result in more outgoing emails being filtered out as spam.