oauth for dummies

[dtussman]

I have an application where I send multiple emails that are generated without user input and am horrified that gmail will no longer allow less secure apps to send using a gmail account. I am very illiterate in this area and I'm wondering if there is any really simple explanation of how one can implement oauth in a harbour application, or is that just not possible?

[Antonio Linares]

Dear David,

Understanding OAuth in a Nutshell

OAuth allows apps to access email services like Gmail securely by asking users for permission, instead of relying on username/password combinations. With Gmail:

1. You register your app with Google.
2. Google provides a client ID and secret for your app.
3. Your app uses these credentials to request an "access token" from Google.
4. The token is then used to send emails via Gmail.

Steps to Implement OAuth in a Harbour Application

1. Register Your App with Google
Go to the Google Cloud Console.
Create a new project or use an existing one.
Enable the Gmail API for your project.
Set up OAuth consent screen (fill in basic details about your app).
Create OAuth 2.0 client credentials (choose "Desktop app" or similar).

Once done, you'll get:

A Client ID
A Client Secret

Pseudo-code

Code: Select all | Expand

PROCEDURE Main()
   LOCAL clientId := "YOUR_CLIENT_ID"
   LOCAL clientSecret := "YOUR_CLIENT_SECRET"
   LOCAL token := AuthorizeWithGoogle(clientId, clientSecret)
   IF !Empty(token)
      SendEmail(token)
   ELSE
      ? "Authorization failed."
   ENDIF
RETURN

FUNCTION AuthorizeWithGoogle(clientId, clientSecret)
   LOCAL authUrl := "https://accounts.google.com/o/oauth2/auth?...&client_id=" + clientId
   LOCAL tokenUrl := "https://oauth2.googleapis.com/token"
   LOCAL authorizationCode
   LOCAL accessToken

   // Open authUrl in browser and get authorizationCode
   RunBrowser(authUrl)
   authorizationCode := GetCodeFromUser()

   // Exchange authorizationCode for accessToken
   accessToken := RequestAccessToken(tokenUrl, clientId, clientSecret, authorizationCode)
RETURN accessToken

FUNCTION SendEmail(token)
   LOCAL smtpServer := "smtp.gmail.com"
   LOCAL smtpPort := 587
   LOCAL fromEmail := "youremail@gmail.com"
   LOCAL toEmail := "recipient@gmail.com"
   LOCAL subject := "Test Email"
   LOCAL body := "This is a test email sent via OAuth."

   hb_smtpConnect(smtpServer, smtpPort, fromEmail, token) // Authenticate with token
   hb_smtpSend(fromEmail, toEmail, subject, body)
RETURN
 

[dtussman]

Thank you so much Antonio! I think you just saved my life.

[Antonio Linares]

Google Cloud oauth:
https://console.cloud.google.com/auth

Here’s an example of a fully constructed authUrl:
https://accounts.google.com/o/oauth2/v2 ... pe=offline

https://github.com/FiveTechSoft/screens ... g?raw=true

[Antonio Linares]

Code: Select all | Expand

FUNCTION RequestAccessToken(tokenUrl, clientId, clientSecret, authorizationCode)
   LOCAL postData, response, jsonResponse, accessToken := ""

   // Prepare the POST data as a plain string
   postData := "code=" + authorizationCode + "&" + ;
               "client_id=" + clientId + "&" + ;
               "client_secret=" + clientSecret + "&" + ;
               "redirect_uri=urn:ietf:wg:oauth:2.0:oob&" + ;
               "grant_type=authorization_code"

   // Make a POST request to the token URL
   response := hb_curlPost(tokenUrl, postData, { "Content-Type: application/x-www-form-urlencoded" })

   IF !Empty(response)
      // Parse the JSON response to extract the access token
      jsonResponse := hb_jsonDecode(response)
      IF hb_IsObject(jsonResponse)
         accessToken := hb_jsonGet(jsonResponse, "access_token")
      ELSE
         ? "Error parsing JSON response."
      ENDIF
   ELSE
      ? "Error: No response from the token endpoint."
   ENDIF

RETURN accessToken
 

[dtussman]

when compiling i get undefined external for the following
runbrowser
getcodefromuser
curlpost
jsondecode
jsonget

[Antonio Linares]

Dear David,

Have you already done steps 1 and 2 ?

1. You register your app with Google.
2. Google provides a client ID and secret for your app.

Do you already have your client ID and secret ?

[dtussman]

Antonio,

Yes, I have the client id and secret code but it was very confusing. It says you have to have your app verified, is that true? I submitted a request and it said it will take 3 weeks. And it asked for url link and link to privacy statement etc, which I assume is irrelevant for a desktop app.

Anyway, thanks and Happy New Year!

David

[Antonio Linares]

Dear David,

Then we will have to wait three weeks to continue it, I guess

Happy new year!

[dtussman]

I think maybe Google was bluffing when they said "less secure apps" would no longer be able to use gmail as of January 1 because I was just able to send an email with no problem.

[Antonio Linares]

very good!