Update FAQ regarding OAuth2 for GMail

jstedfast · jstedfast · commit 5b4dc6d4adba · 2024-10-16T09:51:50.000-04:00
diff --git a/FAQ.md b/FAQ.md
@@ -291,7 +291,7 @@ GMail Settings page and set your options to look like this:
 
 ### <a id="gmail-access">Q: How can I access GMail using MailKit?</a>
 
-As of the end of May, 2022, Google no longer allows enabling "Less secure apps".
+As of September 30th, 2024, authentication using only a username and password is [no longer supported by Google](https://support.google.com/accounts/answer/6010255?hl=en).
 
 There are now only 2 options to choose from:
 
@@ -342,17 +342,20 @@ var codeFlow = new GoogleAuthorizationCodeFlow (new GoogleAuthorizationCodeFlow.
     // Cache tokens in ~/.local/share/google-filedatastore/CredentialCacheFolder on Linux/Mac
     DataStore = new FileDataStore ("CredentialCacheFolder", false),
     Scopes = new [] { "https://mail.google.com/" },
-    ClientSecrets = clientSecrets
+    ClientSecrets = clientSecrets,
+    LoginHint = GMailAccount
 });
 
+// Note: For a web app, you'll want to use AuthorizationCodeWebApp instead.
 var codeReceiver = new LocalServerCodeReceiver ();
 var authCode = new AuthorizationCodeInstalledApp (codeFlow, codeReceiver);
+
 var credential = await authCode.AuthorizeAsync (GMailAccount, CancellationToken.None);
 
-if (credential.Token.IsExpired (SystemClock.Default))
+if (credential.Token.IsStale)
     await credential.RefreshTokenAsync (CancellationToken.None);
 
-var oauth2 = new SaslMechanismOAuth2 (credential.UserId, credential.Token.AccessToken);
+var oauth2 = new SaslMechanismOAuthBearer (credential.UserId, credential.Token.AccessToken);
 
 using (var client = new ImapClient ()) {
     await client.ConnectAsync ("imap.gmail.com", 993, SecureSocketOptions.SslOnConnect);
diff --git a/GMailOAuth2.md b/GMailOAuth2.md
@@ -74,6 +74,7 @@ var clientSecrets = new ClientSecrets {
 };
 
 var codeFlow = new GoogleAuthorizationCodeFlow (new GoogleAuthorizationCodeFlow.Initializer {
+    // Cache tokens in ~/.local/share/google-filedatastore/CredentialCacheFolder on Linux/Mac
     DataStore = new FileDataStore ("CredentialCacheFolder", false),
     Scopes = new [] { "https://mail.google.com/" },
     ClientSecrets = clientSecrets,
@@ -89,7 +90,7 @@ var credential = await authCode.AuthorizeAsync (GMailAccount, CancellationToken.
 if (credential.Token.IsStale)
     await credential.RefreshTokenAsync (CancellationToken.None);
 
-var oauth2 = new SaslMechanismOAuth2 (credential.UserId, credential.Token.AccessToken);
+var oauth2 = new SaslMechanismOAuthBearer (credential.UserId, credential.Token.AccessToken);
 
 using (var client = new ImapClient ()) {
     await client.ConnectAsync ("imap.gmail.com", 993, SecureSocketOptions.SslOnConnect);
@@ -154,7 +155,7 @@ public async Task AuthenticateAsync ([FromServices] IGoogleAuthProvider auth)
     GoogleCredential? googleCred = await auth.GetCredentialAsync ();
     string token = await googleCred.UnderlyingCredential.GetAccessTokenForRequestAsync ();
     
-    var oauth2 = new SaslMechanismOAuth2 ("UserEmail", token);
+    var oauth2 = new SaslMechanismOAuthBearer ("UserEmail", token);
     
     using var emailClient = new ImapClient ();
     await emailClient.ConnectAsync ("imap.gmail.com", 993, SecureSocketOptions.SslOnConnect);
