goalert icon indicating copy to clipboard operation
goalert copied to clipboard

Published 20 hours ago verified publisher icon target

Support for OAuth 2.0 Authentication for SMTP

Open RinorRafuna opened this issue 7 months ago • 1 comments

As Google is enhancing its security settings and plans to deprecate the "Allow less secure apps" feature, GoAlert needs to support OAuth 2.0 for SMTP authentication to ensure continued compatibility with Gmail and G Suite email services.

Context: Google has announced that they will no longer support "Less secure apps" starting from a specified date, as detailed in their documentation: https://support.google.com/a/answer/14114704?hl=en. This change is part of their efforts to enhance security and protect user accounts.

Currently, GoAlert's SMTP configuration relies on the "Allow less secure apps" setting for Gmail accounts, which uses basic authentication (username and password). With the upcoming changes, this method will no longer be viable, and users will face issues sending email notifications from GoAlert through Gmail's SMTP server.

Impact: If GoAlert does not support OAuth 2.0 for SMTP authentication, users who rely on Gmail for email notifications will experience the following issues:

  • Inability to Authenticate: Gmail will reject authentication attempts using basic authentication, leading to failed email deliveries.
  • Service Disruptions: Critical alerts and notifications that depend on email delivery will be disrupted, potentially impacting business operations and response times.
  • User Inconvenience: Users will need to seek alternative email providers or workarounds, which may not be as convenient or reliable as Gmail.

Request: To ensure that GoAlert remains functional and compliant with Google's security policies, we request the addition of OAuth 2.0 support for SMTP authentication. This will involve:

  • OAuth 2.0 Integration: Implementing OAuth 2.0 authentication flow within GoAlert to obtain and refresh access tokens for Gmail's SMTP server.
  • Configuration Options: Providing configuration options in GoAlert for users to enter their OAuth 2.0 Client ID, Client Secret, and Refresh Token.
  • Backward Compatibility: Ensuring backward compatibility with existing SMTP configurations to support other email providers that still use basic authentication.

RinorRafuna avatar Jul 09 '24 15:07 RinorRafuna