Joomla-cms: E-mail through Google Suite with OAuth

Thanks for the info, hopefully someone come up with a PR till the end of 2020.

I recently created a new site and can no longer send mail. I do not can pass identification. Perhaps it will be for old sites from 2021, but I already have a problem - I can not send letters from my new website.

Can you implement OAuth 2.0 as soon as possible?

@sanek4life did you follow the instructions because it works perfectly for me https://docs.joomla.org/How_do_I_use_Gmail_as_my_mail_server%3F

@brianteeman Any chance you can provide an update on this as to whether or not Joomla will eventually support OAuth2 for mail sending?
If so, what is the potential timeline?

Also tagging @mbabker @wilsonge

I don't get email notifications on this repository anymore but randomly pinging people in hopes that it will expedite a feature request in an entirely volunteer driven software platform isn't going to get you an answer any faster or the request completed any sooner. You're basically at the mercy of hoping someone volunteers to give up their time to either provide a fix to the upstream PHPMailer library or give up their time to provide a fix to the Joomla application.

@mbabker WOW, Someone woke up on the wrong side of the bed today. I didn't randomly ping anyone, I knew exactly who I was pinging. I knew of your involvement with the Joomla project but was unaware you were no longer associated with it in any official capacity. I am also well aware that Joomla is Open Source and volunteer driven. It was only a question, not intended to pressure anyone. I did not demand anything, and I was not looking for an expedited feature request. I was only asking a simple question for an official response on the issue since the issue was opened 20 days ago and didn't yet have one. In any case, sorry to have bothered you.

About the issue, thanks to the help of a friend, I found that Joomla already supports OAuth2.
libraries/vendor/phpmailer/phpmailer/class.phpmaileroauth.php
However, there is no interface for it in Global Configuration when selecting PHP for sending mail.

@sanek4life did you follow the instructions because it works perfectly for me https://docs.joomla.org/How_do_I_use_Gmail_as_my_mail_server%3F

@brianteeman I use this instruction and all the settings that are indicated there, but I can not send a test letter from my website.

I recently created a new website and did everything as usual, but letters are not sent.

I use G Suite https://gsuite.google.com/, and it does not support Application Specific Password (ASP):

On the "Signing in to Google" panel, choose App Passwords. If you don’t see this option:

2-Step Verification is not set up for your account.
2-Step Verification is set up for security keys only.
Your account is through work, school, or other organization.
You’ve turned on Advanced Protection for your account.

Source: https://support.google.com/accounts/answer/185833

Thus, I can’t set up sending letters from my website if I use two-factor authorization in G Suite.

I cannot create a password here: https://myaccount.google.com/apppasswords
It says that this setting is not available for my account.

OAuth 2.0 Mechanism: https://developers.google.com/gmail/imap/xoauth2-protocol

@sanek4life I forgot to update this after I had replied previously. I was able to speak with a Google G Suite support representative about this because I have a non-profit client that uses G Suite. Long story short,

App Passwords are considered to be a sub component of OAuth2, therefore they are compliant.

All you need to do to be able to use App Passwords is to turn on 2-Step Verification. Once you turn on 2-SV you will see the option to create an App Password. Then you can add that App Password to the mail settings of your Joomla site and everything will continue to work fine. Though a word of caution here, once you enable 2-SV, it will automatically disable Less Secure Apps, which means your Joomla website will not be able to send mail on behalf of your domain via G Suite until you create an App Password and add it to the mail settings in the sites Global Configuration.

So moving forward the best practice would be that if someone is going to use a Google mail service for sending mail from Joomla, whether it is G Suite or a Gmail email account, they should enable 2-Step Verification, and create an App Password for use with the mail settings in the Global Configuration. Once this is officially mandatory by Google, this will be the only way unless something changes with Joomla.

Also tagging @jjnxpct @HLeithner @brianteeman

@N8Solutions At last! I was able to send a message from my website! I turned on two-factor authorization at G Suite, and then created the application password.

But in G Suite it is more difficult to enable two-factor authorization than in a regular Gmail account. I think it will be possible to supplement this instruction - https://docs.joomla.org/How_do_I_use_Gmail_as_my_mail_server%3F

@sanek4life it is a wiki so feel free to update it

Hi! We also are able to send mail after turning on 2FA (always good to do to make it more secure) and creating an app-password. Once you know how to do this it's not that hard:

1) Enable 2FA for the account (in the user account or as admin in Google Suite)
2) Create an app-password (In Google account -> 'Log in with Google' -> 'App-passwords'. Then select 'Other', fill out a name ('Website' for example) and generate the password.
3) Use this password to set up the mail in the CMS settings. So instead of the account password you use this app-password. use the SMTP settings provided by Google.

But I do think OAuth would be more secure. Google states: "_App Passwords aren’t recommended and are unnecessary in most cases. To help keep your account secure, use "Sign in with Google" to connect apps to your Google Account._"

I am not a programmer so I can't get this done. So maybe someone else can have a look at this. In the mean time the app password is the way to go if the 'less secure apps' option does not work anymore. (I believe it's already disabled for new users).

I think this work the same for Office 365. But I have not tried this. I also don;t know if implementing OAUTH would work similar for other e-mail services. I think it will....