| At line 1 changed 4 lines |
| Google Mail requires OAUTH2 for authentication. It requires several steps to configure. |
|
| You will start at the API credentials manager:\\ |
| [https://console.developers.google.com/projectselector/apis/credentials]\\ |
| !Google Mail Integration\\ |
| At line 6 changed one line |
| You first need to make a project. My example calls this CrushFTP-Test.\\ |
| ---- |
| !1. Google App Passwords\\ |
| At line 8 changed one line |
| [attachments|create_project.png]\\ |
| __⚠️ Constraints__: __It is only supported for accounts with 2-Step Verification enabled.__\\ |
| At line 10 changed one line |
| Next select create credentials, and choose the Web Application type.\\ |
| Google App Passwords are intended to provide limited access to less secure apps or legacy systems that cannot use OAuth 2.0 — primarily for Google services that use basic username/password authentication.\\ |
| __⚠️ Note__: Google strongly recommends using OAuth 2.0 for authentication instead of App Passwords. Some access types (e.g., less secure apps) are already blocked unless explicitly allowed.\\ |
| At line 12 changed one line |
| [attachments|create_credentials.png]\\ |
| Service can use __App Passwords__:\\ |
| __SMTP__: smtp.gmail.com\\ |
| __IMAP__: imap.gmail.com\\ |
| __POP3__: pop.gmail.com\\ |
| At line 14 changed one line |
| It will warn you if you don't have an "OAuth Consent" screen configured, so go there and configure that screen too.\\ |
| Create an app password: [Google App Password Link|https://myaccount.google.com/apppasswords]\\ |
| At line 16 changed one line |
| [attachments|oauth_consent.png]\\ |
| {{{ |
| Username: your_email@gmail.com |
| Password: [your generated app password] |
| }}} |
| At line 18 changed 2 lines |
| When configuring the credential, you have to tell Google the domain you will be originating from when creating the auth token, so this is the URL you use for server administration. Just the protocol://dns_or_ip:port Don't have a trailing slash or it will complain.\\ |
| You also need to put in the redirect URL of where google is going to send you back to after approval. This needs to follow the syntax in the example. Specifically your domain needs to end with:\\ |
| ----- |
| !2. Google Mail OAuth 2.0\\ |
| __Google Mail__ through __SMTP__/__IMAP__ requires __OAuth 2.0__ ([OAuth Wikipedia Link|https://en.wikipedia.org/wiki/OAuth]) for authentication. This is part of Google’s effort to enhance security by deprecating less secure app access (basic authentication using just a username and password). OAuth 2.0 offers a more secure, token-based system that supports modern features like multi-factor authentication, granular permission scopes, and token expiration for better protection against credential theft. For technical implementation details, see Google’s documentation here : [Google IMAP-SMTP Link|https://developers.google.com/gmail/imap/imap-smtp].\\ |
| ---- |
| __⚠️ Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domains for Google Mail Authentication: __oauth2.googleapis.com__\\ |
| ---- |
| \\ |
| Start by navigating to Google APIs & Services: [Google APIs & Services Link|https://console.developers.google.com/projectselector/apis/credentials]\\ |
| __⚠️ Important:__ Ensure sure the __GMAIL API__ is enabled at __Enabled APIs & services__. [Google API Library Link|https://console.cloud.google.com/apis/library]\\ |
| \\ |
| [SMTP Google Mail Integration/g_api_services.png]\\ |
| \\ |
| [SMTP Google Mail Integration/gmail_api_enabled.png]\\ |
| \\ |
| Go to the __Credentials__ menu, click on __Create Credentials__, and select __OAuth client ID__:\\ |
| \\ |
| [SMTP Google Mail Integration/create_credentials.png]\\ |
| \\ |
| • Select the application type: __Web application__.\\ |
| • Provide a unique name to identify your OAuth client (e.g., CrushFTP Integration).\\ |
| Then configure the following:\\ |
| • __Authorized JavaScript origins__: Add the base URL of your CrushFTP server (e.g., https://your-domain.com).\\ |
| • __Authorized redirect URIs__: This is the URL Google will redirect to after successful authorization. The Redirect URL must end with: __?command=register_google_mail_api__\\ |
| \\ |
| At line 21 changed one line |
| ?command=register_google_mail_api |
| http://127.0.0.1:9090/?command=register_google_mail_api |
| or |
| https://your.crushftp.domain.com/?command=register_google_mail_api |
| At line 53 added 2 lines |
| Finally, click the __Create__ button.\\ |
| \\ |
| At line 26 changed 3 lines |
| Now if your credentials are setup, and your redirect domains are configured, you can use the credentials in CrushFTP to get your google auth token and get access.\\ |
| In the Preferences -> General Settings -> SMTP Settings, at "SMTP Server Username :" input field put the client_id and secret separated with tilda. |
| Take your google client_id and secret and combine them together with a tilda as separator:\\ |
| After the credentials are created, copy the __Client ID__ and __Client Secret__.\\ |
| \\ |
| [SMTP Google Mail Integration/client_id_secret.png]\\ |
| \\ |
| __⚠️ Note:__ You can configure the __OAuth consent screen__ by clicking the link above the __Authorized JavaScript origins__ section:\\ |
| "The domains you enter in the fields below will be automatically added to your __OAuth consent screen__ as __authorized domains__."\\ |
| Click the link to open the __OAuth consent screen__ settings, complete the configuration, and authorize your __CrushFTP domain.__\\ |
| __Important__: After configuration, don’t forget to click __Publish App__ at __Audience__ page to make it active. Without publishing, the app will remain in __Testing__ mode, which restricts access to authorized test users only.\\ |
| ---- |
| !3. SMTP Settings\\ |
| \\ |
| Navigate to __Server Admin__ -> __Preferences__ -> [General Settings] -> __SMTP Settings__:\\ |
| \\ |
| [SMTP Google Mail Integration/smtp_config.png]\\ |
| \\ |
| __SMTP Server Used for Emailing__: Enter the SMTP server address used for sending emails, such as __smtp.gmail.com__, using the default port __587__.\\ |
| At line 30 changed 2 lines |
| client_id: 725111111110-7kaimtXXXXXXXXXXXXXXXXXXXXX64m4k.apps.googleusercontent.com |
| secret: fEsXXXXXXXXXXXXXXXXPggg7 |
| smtp.gmail.com:587 |
| }}}\\ |
| \\ |
| __SMTP Server Username, Password__:\\ |
| ---- |
| __a.)__ App passwords: [1. Google App Passwords Link|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=SMTP%20Google%20Mail%20Integration#section-SMTP+Google+Mail+Integration-1.GoogleAppPasswords]\\ |
| {{{ |
| SMTP Server Username: your_email@gmail.com |
| SMTP Server Password: [your generated app password] |
| }}}\\ |
| ---- |
| __b.)__ OAtuth 2.0: [2. Google Mail OAuth 2.0 Link|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=SMTP%20Google%20Mail%20Integration#section-SMTP+Google+Mail+Integration-2.GoogleMailOAuth2.0] If the SMTP server address ends with __gmail.com__, the corresponding __Get Refresh Token__ button will appear. Click that button to proceed.\\ |
| __⚠️ Important__: To obtain the __Refresh Token__, the CrushFTP WebInterface’s host and port must match the __Redirect URL__ specified in the __Google APIs & Services__-> __Credentials__ -> __OAuth 2.0 Client IDs__. In our example, it was: http://127.0.0.1:9090 or https://your.crushftp.domain.com/\\ |
| \\ |
| Enter the __Client ID__ , __Client Secret__. Proceed with the authentication and authorization process.\\ |
| __⚠️ Important__: Be sure to sign in with the __Google Account__ that has the __necessary permissions__, as configured in the __Google APIs & Services__-> __Credentials__ -> __OAuth 2.0 Client IDs__. This will automatically configure the __SMTP Server Username__ and __SMTP Server Password__.\\ |
| \\ |
| [SMTP Google Mail Integration/oauth_form.png]\\ |
| \\ |
| If the domain is unverified, a warning message may appear. Click __Advanced__ and choose to proceed:\\ |
| \\ |
| [SMTP Google Mail Integration/not_verified_domain.png]\\ |
| \\ |
| Click on the __Allow__ button:\\ |
| \\ |
| [SMTP Google Mail Integration/allow_form.png]\\ |
| \\ |
| __From email address__: You must also specify the __From__ email address.\\ |
| __⚠️ Imnportant__ The __From__ address must exactly match __the signed-in Google user’s email address__ (i.e., the account used to obtain the refresh token) or the account associated with the App Password. Otherwise, SMTP authentication will fail.\\ |
| \\ |
| Make sure to enable the __SSL/TLS__ flag to ensure a secure connection.\\ |
| \\ |
| ---- |
| !4. PopImapTask\\ |
| \\ |
| Select the __IMAPS__ protocol.\\ |
| See the description: [Google IMAP-SMTP Link|https://developers.google.com/gmail/imap/imap-smtp]\\ |
| \\ |
| [SMTP Google Mail Integration/pop_imap_task.png]\\ |
| \\ |
| __Host:__\\ |
| {{{ |
| imap.gmail.com |
| At line 33 changed one line |
| results in: |
| __Port__: __993__\\ |
| If the __Host__ contains __gmail.com__, the corresponding __Get Refresh Token__ button will appear.\\ |
| \\ |
| __Mail Username, Password__:\\ |
| ---- |
| __a.)__ App passwords: ⚠️ Constraints: It is only supported for accounts with 2-Step Verification enabled. |
| [1. Google App Passwords Link|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=SMTP%20Google%20Mail%20Integration#section-SMTP+Google+Mail+Integration-1.GoogleAppPasswords]\\ |
| At line 35 changed one line |
| 725111111110-7kaimtXXXXXXXXXXXXXXXXXXXXX64m4k.apps.googleusercontent.com~fEsXXXXXXXXXXXXXXXXPggg7 |
| Mail Username: your_email@gmail.com |
| Mail Password: [your generated app password] |
| At line 129 added 3 lines |
| ---- |
| __b.)__ OAtuth 2.0: Configure the [2. Google Mail OAuth 2.0 Link|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=SMTP%20Google%20Mail%20Integration#section-SMTP+Google+Mail+Integration-2.GoogleMailOAuth2.0]\\ |
| __⚠️ Important__: To obtain the Refresh Token, the CrushFTP WebInterface’s host and port must match the __Redirect URL__ specified in the __Google APIs & Services__-> __Credentials__ -> __OAuth 2.0 Client IDs__. In our example, it was: http://127.0.0.1:9090 or https://your.crushftp.domain.com/\\ |
| At line 38 changed one line |
| That whole long string becomes your smtp user name. Copy and paste it into the "SMTP Server Username :" input field. Then click "Get Refresh Token" to get the "SMTP Server Password". Once it is finished the "SMTP Server Password" input field will be filled with the refresh token.\\ |
| Enter the __Client ID__ , __Client Secret__. Proceed with the authentication and authorization process.\\ |
| __⚠️ Important__: Be sure to sign in with the __Google Account__ that has the __necessary permissions__, as configured in the __Google APIs & Services__-> __Credentials__ -> __OAuth 2.0 Client IDs__. This will automatically configure the PopImapTask's __Mail Username__ and __Mail Password__.\\ |
| At line 40 changed one line |
| "From email address :" is also required put your google email address there. It will be used as smtp username for the authentication process.\\ |
| [SMTP Google Mail Integration/oauth_form.png]\\ |
| \\ |
| If the domain is unverified, a warning message may appear. Click __Advanced__ and choose to proceed:\\ |
| \\ |
| [SMTP Google Mail Integration/not_verified_domain.png]\\ |
| \\ |
| Click on the __Allow__ button:\\ |
| \\ |
| [SMTP Google Mail Integration/allow_form.png]\\ |
| \\ |
| __⚠️ Important:__ Since the email address is required after obtaining the refresh token, the Mail Username field must be adjusted.\\ |
| Enter your email address followed by a tilde (~) at the beginning of the Mail Username field.\\ |
| \\ |
| {{{ |
| Mail Username : <<your email address>>~<<what was before>> |
| }}} |
| \\ |
| ---- |
| For more information, see the general POP/IMAP Task description: [POP/IMAP Task – CrushFTP Documentation Link| https://www.crushftp.com/crush11wiki/Wiki.jsp?page=CrushTask#section-CrushTask-POP3IMAP]\\ |
| ---- |
| \\ |
|
