Closed mircealungu closed 2 years ago
better to just use an application specific password
Thanks for the answer @kootenpv! I started using yagmail for the OAuth2 flow. As far as I can tell Gmail discourages the use of application passwords and they want to move everybody to OAuth.
How does the refresh token work? Do you get a new one from Gmail and write it to the credentials file? I was wondering whether maybe in my deployment the file ends up somehow not writeable...
Cheers, M.
I'm not so familiar with oauth anymore.
Actually I think app specific password is fine, don't have to worry about it
From an email I received from Google that made me switch away from app passwords:
On May 30, you may lose access to apps that are using less secure sign-in technology.
To help keep your account secure, Google will no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password. Instead, you’ll need to sign in using Sign in with Google or other more secure technologies, like OAuth 2.0.
Or do you mean that app passwords are still a "more secure technology" and can still be used? I've mistaken OAuth for the only way when in fact it was only one example? Argh! Will try!
App passwords still work, I like it more
The bastards! You know how much time i wasted with OAuth 2!
Yeah seriously. It is so annoying that OAuth2 creds expire so often.
Would you guys suggest I just remove OAuth2 support in yagmail and make people go for app specific password?
Or did you find yagmail specifically by e.g. "gmail oauth2"?
I specifically found it for OAuth2 once the support for "less secure login" method was dropped by Gmail. I didn't even imagine they support "app passwords" when the "less secure login" is dropped. Is there a way to make the OAuth2 tokens live longer? Like authorize them for a year? I wouldn't drop the support for oauth.
Is there a way to make the OAuth2 tokens live longer? Like authorize them for a year? I wouldn't drop the support for oauth.
I have no idea
I didn't even imagine they support "app passwords" when the "less secure login" is dropped.
yea it confuses me too.... but I can tell you I'm very satisfied with app specific password and wouldn't consider OAuth2 ever again
Same. Don't know if I'm grandfathered in, or if it will shut down in the future, but for now, app-specific password works great!
1) Top-right on a Google user page, like Gmail > Manage your Google account > Security 2) Under "Signing in to Google", turn on 2-step verification 3) Also under "Signing in to Google": App passwords > generate a new one for Yagmail. You'll use this to auth below. (or go to https://myaccount.google.com/apppasswords)
yag = yagmail.SMTP(sender_email, 'your_app_specific_password', soft_email_validation=False)
Would you guys suggest I just remove OAuth2 support in yagmail and make people go for app specific password?
Or did you find yagmail specifically by e.g. "gmail oauth2"?
Please do not remove oauth2 I cannot use app password as I use this to send emails from a managed email.
https://developers.google.com/identity/protocols/oauth2#expiration Here is the refresh token policy of google api. Need to manually register an app and publish it. Therefore the refresh token you get will be a long lived refresh token.
Please do not remove oauth2 I cannot use app password as I use this to send emails from a managed email.
mb I mostly meant remove it from README (as a recommended way), wouldn't remove the support completely, but just prefer people to use app-specific pws
I, too, have the same problem. I will probably be switching to app specific Passwords, but I do miss the security of OAuth. After searching online, though, I found that google provided their own python package which does apparently support refreshing access tokes. It might be worth a look. If this were implemented into yagmail to automatically refresh the access token, I would be very happy.
@Leo-vF Which Google package are you referring to?
Maybe a note in the Readme that app-specific passwords are still possible, and people should not use OAuth would help. I know that I started using OAuth because I thought app-specific were considered not strong enough!
I've started using yagmail a while ago, and after being very happy at the beginning I discovered something that seems wrong.
After a few days of sending emails, Gmail starts to refuse to send them with the following as part of the stack trace:
I've solved it once in the past by regenerating the
credentials.json
locally on my machine and uploading to the server. But now i stopped working again and I'm wondering: am I doing something that's obviously wrong?The code that I use is straightforward:
and the contents of the credentials.json file also seem standard:
Can anybody recommend something that can be done? Thanks!