Draft: Why use OAuth authentication

  |   Lukas Pokorny

This post shows how to authenticate to Gmail mailbox with OAuth 2.0 token using Rebex Secure Mail.

Download sample project (you have to register your app at Google for OAuth 2.0 and allow IMAP protocol at user's mailbox first).

Motivation

If you want to access a Gmail account from your application you have two choices:

  1. Log in using username and password. However, this requires the account to have the Less secure apps option enabled. If it is disabled, you will receive "Please log in via your web browser: https://support.google.com/mail/accounts/answer/78754 (Failure) (NO)." exception.

  2. Log in using OAuth 2.0 token. This is considered secure, so enabling the option is not required.

If you are curious why using username and password is considered less secure, see the end of the post.

Why using username and password is considered less secure?

When you have username and password, you have access to whole Google account, not only the Gmail. If the application is not well secured (or 100% trusted), the user credentials can be stolen.

Using OAuth 2.0 has couple of security benefits:

  1. authentication process is not done at the application, but using user's web browser (secured with HTTPS)
  2. the application has access only to API the user agreed
  3. if the access token is stolen, it is valid for limited time
  4. user can always revoke access to any Connected apps

Showcase your application on Rebex.Net

Have you created an interesting application using Rebex components? Would you like to share your development experience with the world? To include your app in our App Showcase, please contact us at support@rebex.net.

See more like this: