Mail app rainloop app google LSA support being turned off feb 2021

hi folks,

so for the current mail app or rainloop app to work you need smtp/pop/imap, normally works well with e.g. gmail. However, since sometime you would need to enable LSA (less secure app) in gmail for the nextcloud mail app to be able to connect to gmail (for the authentication). You can actually find many ppl that faced issues when LSA was turned on and their mail app was not working and they had to find out to turn off LSA in google.
Now google postponed to turn of LSA completely but it will happen at the end of Feb this year:
https://workspaceupdates.googleblog.com/2019/12/less-secure-apps-oauth-google-username-password-incorrect.html

so feb 2021 LSA for all g accounts turned off, then these app will stop working. Nextcloud has an oauth app, can that be used to authenticate within the mail/rainloop app to gmail? at the moment not, any ideas what to do?

I run NC 20.0.05 on arch linux with php7.3

1 Like

thanks for the heads-up @jody!

what if one uses an app password with LSA off? IIRC that this is also a mitigation strategy.

FYI @kesselb recently looked into Support strong authentication · Issue #3146 · nextcloud/mail · GitHub and oauth was the one authentication method that we would consider useful just because of Gmail/Google. However we are not sure how much Google adheres to the standard and/or how much adding this specialized authentication method would be.

thank you for your input, so you mean e.g. when using mail app and in smtp authentication to use an gmail app generated password? I have not tried that but I believe I had read somewhere in the forums while looking for people using oauth nc app for mail authentication that someone had tried but it didn’t work. I have a free google account and with that you cannot create app passwords
maybe this will be useful Account linking with OAuth-based Google Sign-in "Streamlined" linking

1 Like

Are you sure? Check https://myaccount.google.com/apppasswords

yes, that is the URL i checked. I have multiple free google accounts, same behavior for all, gmail

Okay, so maybe that only shows for accounts that use 2FA …

I did some research and I think you are right. It used to be different but now google forces you to use 2FA if you want to use app password function.
I do not like this at all. I do not want to have to carry around a usb key nor give google my phone number. i think there are many other ppl that share the same sentiment. Doesn’t look good for mail app usage going forward in nc

1 Like

you know you can use TOTP with google and any totp app? There is ways to use 2FA without any special devices nor giving google your phone number.

no, I did not know that but started looking into it, thank you for the tip

1 Like