FiveTech Software tech support forums

Posted: **Thu Dec 12, 2024 4:46 pm**

I have an application where I send multiple emails that are generated without user input and am horrified that gmail will no longer allow less secure apps to send using a gmail account. I am very illiterate in this area and I'm wondering if there is any really simple explanation of how one can implement oauth in a harbour application, or is that just not possible?

Posted: **Thu Dec 12, 2024 6:05 pm**

Dear David,

Understanding OAuth in a Nutshell

OAuth allows apps to access email services like Gmail securely by asking users for permission, instead of relying on username/password combinations. With Gmail:

1. You register your app with Google.
2. Google provides a client ID and secret for your app.
3. Your app uses these credentials to request an "access token" from Google.
4. The token is then used to send emails via Gmail.

Steps to Implement OAuth in a Harbour Application

1. Register Your App with Google
Go to the Google Cloud Console.
Create a new project or use an existing one.
Enable the Gmail API for your project.
Set up OAuth consent screen (fill in basic details about your app).
Create OAuth 2.0 client credentials (choose "Desktop app" or similar).

Once done, you'll get:

A Client ID
A Client Secret

Pseudo-code

Code: Select all | Expand

PROCEDURE Main()
   LOCAL clientId := "YOUR_CLIENT_ID"
   LOCAL clientSecret := "YOUR_CLIENT_SECRET"
   LOCAL token := AuthorizeWithGoogle(clientId, clientSecret)
   IF !Empty(token)
      SendEmail(token)
   ELSE
      ? "Authorization failed."
   ENDIF
RETURN

FUNCTION AuthorizeWithGoogle(clientId, clientSecret)
   LOCAL authUrl := "https://accounts.google.com/o/oauth2/auth?...&client_id=" + clientId
   LOCAL tokenUrl := "https://oauth2.googleapis.com/token"
   LOCAL authorizationCode
   LOCAL accessToken

   // Open authUrl in browser and get authorizationCode
   RunBrowser(authUrl)
   authorizationCode := GetCodeFromUser()

   // Exchange authorizationCode for accessToken
   accessToken := RequestAccessToken(tokenUrl, clientId, clientSecret, authorizationCode)
RETURN accessToken

FUNCTION SendEmail(token)
   LOCAL smtpServer := "smtp.gmail.com"
   LOCAL smtpPort := 587
   LOCAL fromEmail := "youremail@gmail.com"
   LOCAL toEmail := "recipient@gmail.com"
   LOCAL subject := "Test Email"
   LOCAL body := "This is a test email sent via OAuth."

   hb_smtpConnect(smtpServer, smtpPort, fromEmail, token) // Authenticate with token
   hb_smtpSend(fromEmail, toEmail, subject, body)
RETURN

Posted: **Fri Dec 13, 2024 2:11 am**

Thank you so much Antonio! I think you just saved my life.

Posted: **Sat Dec 14, 2024 5:00 am**

Google Cloud oauth:
https://console.cloud.google.com/auth

Here’s an example of a fully constructed authUrl:
https://accounts.google.com/o/oauth2/v2 ... pe=offline

https://github.com/FiveTechSoft/screens ... g?raw=true

Posted: **Sat Dec 14, 2024 5:11 am**

Code: Select all | Expand

FUNCTION RequestAccessToken(tokenUrl, clientId, clientSecret, authorizationCode)
   LOCAL postData, response, jsonResponse, accessToken := ""

   // Prepare the POST data as a plain string
   postData := "code=" + authorizationCode + "&" + ;
               "client_id=" + clientId + "&" + ;
               "client_secret=" + clientSecret + "&" + ;
               "redirect_uri=urn:ietf:wg:oauth:2.0:oob&" + ;
               "grant_type=authorization_code"

   // Make a POST request to the token URL
   response := hb_curlPost(tokenUrl, postData, { "Content-Type: application/x-www-form-urlencoded" })

   IF !Empty(response)
      // Parse the JSON response to extract the access token
      jsonResponse := hb_jsonDecode(response)
      IF hb_IsObject(jsonResponse)
         accessToken := hb_jsonGet(jsonResponse, "access_token")
      ELSE
         ? "Error parsing JSON response."
      ENDIF
   ELSE
      ? "Error: No response from the token endpoint."
   ENDIF

RETURN accessToken

Posted: **Mon Dec 30, 2024 6:39 pm**

when compiling i get undefined external for the following
runbrowser
getcodefromuser
curlpost
jsondecode
jsonget

Posted: **Tue Dec 31, 2024 11:03 am**

Dear David,

Have you already done steps 1 and 2 ?

1. You register your app with Google.
2. Google provides a client ID and secret for your app.

Do you already have your client ID and secret ?

Posted: **Tue Dec 31, 2024 6:25 pm**

Antonio,

Yes, I have the client id and secret code but it was very confusing. It says you have to have your app verified, is that true? I submitted a request and it said it will take 3 weeks. And it asked for url link and link to privacy statement etc, which I assume is irrelevant for a desktop app.

Anyway, thanks and Happy New Year!

David

Posted: **Wed Jan 01, 2025 8:38 am**

Dear David,

Then we will have to wait three weeks to continue it, I guess

Happy new year!

Posted: **Wed Jan 01, 2025 6:51 pm**

I think maybe Google was bluffing when they said "less secure apps" would no longer be able to use gmail as of January 1 because I was just able to send an email with no problem.

Posted: **Wed Jan 01, 2025 6:53 pm**

very good!

FiveTech Software tech support forums

oauth for dummies

oauth for dummies

Re: oauth for dummies

Re: oauth for dummies

Re: oauth for dummies

Re: oauth for dummies

Re: oauth for dummies

Re: oauth for dummies

Re: oauth for dummies

Re: oauth for dummies

Re: oauth for dummies

Re: oauth for dummies