Monday, May 23, 2022

Gmail OAuth2 Support

We silently released OAuth2 support for Gmail. In the old days, one could just use their user name and password to log into IMAP. However, this is considered not safe by Google and soon, users will not be able to connect their third party apps like Group Office to Gmail anymore.

A well-known and more secure way to connect to Gmail is through the OAuth2 protocol. This is an industry-wide authorization protocol. As per version 6.6.90, we have built in support for Gmail over OAuth2. 

Setting up Gmail in Group Office, Short Version

  1. Read the documentation on the Google Developer site;
  2. Read our own documentation for the long version of this HOWTO;
  3. Create an App on the Google Developer dashboard;
  4. Configure the OAuth2 client in the Group Office System Settings;
  5. In the email account panel, configure your Gmail account to use the configured OAuth2 client.
Steps 1 through 4 have to be done by the administrator, whereas with the proper permissions, any user can connect to their own Gmail account as long as the Google App allows this.

We decided not to share a Group Office Gmail app. Doing this in the official way requires a draconian number of steps (A movie? Seriously?) and in certain cases costs several thousands of US dollars. Not only do we not have this, it feels a bit like extortion. Keeping these apps small and personal-ish by not using any branding or other customization circumvents this.

Other OAuth2 Clients

In the near future we intend to build support for Microsoft environments as well. Other environments will follow as needed.