tarickb
commented
1 month ago I'm not an expert in this space either but I'd expect that disabling the client secret would cause token refreshes to fail -- it won't prevent existing tokens from working. Tokens seem to last about an hour for Gmail.
If you wanted to immediately invalidate a token and prevent Postfix from sending mail, you'd have to visit the account security page for whatever account you authenticated as during token creation, find the list titled "Your connections to third-party apps & services", and then "delete all connections" with sasl-xoauth2.
Hello!
I am encountering a somewhat strange behavior, probably because I do not yet fully understand the subject. Perhaps someone can shed some light on this issue. When I go to Google Cloud Platform and disable the OAuth client secret that my server is using, the server still manages to send emails. Moreover, even when I delete the OAuth 2.0 client, Postfix continues to send emails. How is this possible? If, for example, I want to prevent the server from sending emails, can I only do it through the server itself? Can't the token access be cut off from Google Cloud Platform? What I cannot do if I disable the secret is generate a new token (this I understand). But when the token is used, there's some way to disable form the google cloud platform? I know the question goes beyond the scope of the XOAUTH Postfix client, but if anyone knows why this happens, I would be very grateful.