When I try to sign in to my GMail account I get the error in the summary and this page:
https://support.google.com/accounts/answer/6010255?hl=en suggests that KMail (Akonadi/IMAP) doesn't support the new, preferred method which according to dvratil would be OAuth.
Steps to Reproduce:
1. Configure GMail account to only use password authentication (not two-factor) at myaccount.google.com
2. Create an IMAP resource for a GMail account
3. Try to sign in
“Password incorrect” error displayed.
Log in without further ado.
This can be circumvented by lowering the requirements somewhere here: myaccount.google.com, but it's not ideal.
Any way OAUTH is being currently considered? Akonadi supports it already for contacts and calendars, however it is missing in KMail.
We have a working code that implements support for Google's XOAUTH mechanism, but it needs integrating into the IMAP resource. Definitely something I'm planning in the future.
Git commit ca4b3f0907b5cbf77a7f081bcd41f328ad066c54 by Daniel Vrátil.
Committed on 08/01/2017 at 15:11.
Pushed by dvratil into branch 'master'.
IMAP: add support for native GMail OAuth authentication
This change adds support for XOAUTH2 authentication method used by
Gmail to the IMAP resource. The XOAUTH2 support is implemented in
a custom SASL plugin. The token request/refresh is done via KGAPI.
When user sets imap.gmail.com as IMAP server in the resource config
dialog, the dialog automatically sets all the configuration to match
the one of Gmail and selects XOAUTH2 as authentication method. The
access and refresh tokens are stored in KWallet like a regular
password, but a special PasswordRequesterInterface implementation is
used to handle the tokens and pass the right data to KIMAP::LoginJob.
With this change it's no longer necessary to have the "Allow less
secure apps" option enabled in Google Account settings and it's no
longer necessary to use app-specific password for accounts with
two-step verification (2FA) enabled. The actual password is no longer
stored in KWallet and has only be typed into Google Auth form once.
CHANGELOG: Implement native Gmail authentication into IMAP resource
M +21 -1 resources/imap/CMakeLists.txt
A +1 -0 resources/imap/config.h.cmake
A +141 -0 resources/imap/gmailpasswordrequester.cpp [License: LGPL (v2+)]
C +20 -23 resources/imap/gmailpasswordrequester.h [from: resources/imap/settingspasswordrequester.h - 051% similarity]
M +13 -1 resources/imap/imapresource.cpp
A +67 -0 resources/imap/passwordrequester.cpp [License: LGPL (v2+)]
A +44 -0 resources/imap/passwordrequester.h [License: LGPL (v2+)]
M +1 -0 resources/imap/resourcestate.cpp
A +24 -0 resources/imap/saslplugin/CMakeLists.txt
A +579 -0 resources/imap/saslplugin/config.h [License: GENERATED FILE] *
A +969 -0 resources/imap/saslplugin/plugin_common.c [License: UNKNOWN] *
A +221 -0 resources/imap/saslplugin/plugin_common.h [License: UNKNOWN] *
A +246 -0 resources/imap/saslplugin/xoauth2plugin.c [License: LGPL (v2+)]
A +53 -0 resources/imap/saslplugin/xoauth2plugin_init.c [License: LGPL (v2+)]
M +5 -27 resources/imap/settings.cpp
M +1 -2 resources/imap/settings.h
M +24 -1 resources/imap/settingspasswordrequester.cpp
M +2 -0 resources/imap/settingspasswordrequester.h
M +41 -6 resources/imap/setupserver.cpp
M +1 -0 resources/imap/setupserver.h
A +32 -0 resources/imap/utils.cpp [License: LGPL (v2+)]
A +32 -0 resources/imap/utils.h [License: LGPL (v2+)]
M +8 -2 resources/imap/wizard/imapwizard.es
The files marked with a * at the end have a non valid license. Please read: http://techbase.kde.org/Policies/Licensing_Policy and use the headers which are listed at that page.