This post shows how to authenticate to Gmail mailbox with OAuth 2.0 token using Rebex Secure Mail.
If you want to access a Gmail account from your application you have two choices:
Log in using username and password. However, this requires the account to have the Less secure apps option enabled. If it is disabled, you will receive "Please log in via your web browser: https://support.google.com/mail/accounts/answer/78754 (Failure) (NO)." exception.
Log in using OAuth 2.0 token. This is considered secure, so enabling the option is not required.
If you are curious why using username and password is considered less secure, see the end of the post.
Why using username and password is considered less secure?
When you have username and password, you have access to whole Google account, not only the Gmail. If the application is not well secured (or 100% trusted), the user credentials can be stolen.
Using OAuth 2.0 has couple of security benefits:
- authentication process is not done at the application, but using user's web browser (secured with HTTPS)
- the application has access only to API the user agreed
- if the access token is stolen, it is valid for limited time
- user can always revoke access to any Connected apps