| At line 1 removed 4 lines |
| Google Mail requires OAUTH2 for authentication (for more information : [https://developers.google.com/gmail/imap/xoauth2-protocol]). It requires several steps to configure. |
|
| You will start at the API credentials manager:\\ |
| [https://console.developers.google.com/projectselector/apis/credentials]\\ |
| At line 6 changed one line |
| You first need to make a project. My example calls this CrushFTP-Test.\\ |
| !1. Google Mail OAuth 2.0\\ |
| __Google Mail__ through __SMTP__/__IMAP__ requires __OAuth 2.0__ ([OAuth Wikipedia Link|https://en.wikipedia.org/wiki/OAuth]) for authentication. This is part of Google’s effort to enhance security by deprecating less secure app access (basic authentication using just a username and password). OAuth 2.0 offers a more secure, token-based system that supports modern features like multi-factor authentication, granular permission scopes, and token expiration for better protection against credential theft. For technical implementation details, see Google’s documentation here : [Google IMAP-SMTP Link|https://developers.google.com/gmail/imap/imap-smtp].\\ |
| At line 8 changed one line |
| [attachments|create_project.png]\\ |
| ---- |
| __⚠️ Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domains for Google Mail Authentication: __oauth2.googleapis.com__\\ |
| ---- |
| At line 10 changed one line |
| Next select create credentials, and choose the Web Application type.\\ |
| Start by navigating to Google APIs & Services: [Google APIs & Services Link|https://console.developers.google.com/projectselector/apis/credentials]\\ |
| __⚠️ Note:__ Ensure sure the __GMAIL API__ is enabled at __Enabled APIs & services__. [Google API Library Link|https://console.cloud.google.com/apis/library]\\ |
| At line 12 changed one line |
| [attachments|create_credentials.png]\\ |
| [SMTP Google Mail Integration/g_api_services.png]\\ |
| At line 14 changed one line |
| It will warn you if you don't have an "OAuth Consent" screen configured, so go there and configure that screen too.\\ |
| [SMTP Google Mail Integration/gmail_api_enabled.png]\\ |
| At line 16 changed one line |
| [attachments|oauth_consent.png]\\ |
| Go to the __Credentials__ menu, click on __Create Credentials__, and select __OAuth client ID__:\\ |
| At line 18 changed 2 lines |
| When configuring the credential, you have to tell Google the domain you will be originating from when creating the auth token, so this is the URL you use for server administration. Just the protocol://dns_or_ip:port Don't have a trailing slash or it will complain.\\ |
| You also need to put in the redirect URL of where google is going to send you back to after approval. This needs to follow the syntax in the example. Specifically your domain needs to end with:\\ |
| [SMTP Google Mail Integration/create_credentials.png]\\ |
| \\ |
| Select the application type: __Web application__. Provide a unique name. Then, configure the __Authorized redirect URI__—this is where Google will redirect you after authorization.\\ |
| The Redirect URL must end with __?command=register_google_mail_api__.\\ |
| \\ |
| At line 21 changed one line |
| ?command=register_google_mail_api |
|
| http://127.0.0.1:9090/?command=register_google_mail_api |
| or |
| https://your.crushftp.domain.com/?command=register_google_mail_api |
| At line 30 added 2 lines |
| Finally, click the __Create__ button.\\ |
| \\ |
| At line 26 changed 3 lines |
| Now if your credentials are setup, and your redirect domains are configured, you can use the credentials in CrushFTP to get your google auth token and get access.\\ |
| In the Preferences -> General Settings -> SMTP Settings, at "SMTP Server Username :" input field put the client_id and secret separated with tilda. |
| Take your google client_id and secret and combine them together with a tilda as separator:\\ |
| After the credentials are created, copy the __Client ID__ and __Client Secret__.\\ |
| \\ |
| [SMTP Google Mail Integration/client_id_secret.png]\\ |
| \\ |
| __⚠️ Note:__ You can configure the __OAuth consent screen__ by clicking the link above the __Authorized JavaScript origins__ section:\\ |
| "The domains you enter in the fields below will be automatically added to your __OAuth consent screen__ as __authorized domains__."\\ |
| Click the link to open the __OAuth consent screen__ settings, complete the configuration, and authorize your __CrushFTP domain.__\\ |
| ---- |
| !2. SMTP Settings\\ |
| \\ |
| Navigate to __Server Admin__ -> __Preferences__ -> [General Settings] -> __SMTP Settings__:\\ |
| \\ |
| [SMTP Google Mail Integration/smtp_config.png]\\ |
| \\ |
| __SMTP Server Used for Emailing__: Enter the SMTP server address used for sending emails, such as __smtp.gmail.com__, using the default port __587__.\\ |
| At line 30 changed 6 lines |
| client_id: 725111111110-7kaimtXXXXXXXXXXXXXXXXXXXXX64m4k.apps.googleusercontent.com |
| secret: fEsXXXXXXXXXXXXXXXXPggg7 |
| }}} |
| results in: |
| {{{ |
| 725111111110-7kaimtXXXXXXXXXXXXXXXXXXXXX64m4k.apps.googleusercontent.com~fEsXXXXXXXXXXXXXXXXPggg7 |
| smtp.gmail.com:587 |
| At line 38 changed one line |
| That whole long string becomes your smtp user name. Copy and paste it into the "SMTP Server Username :" input field. Then click "Get mail refresh token" to get the "SMTP Server Password". Once it is finished the "SMTP Server Password" input field will be filled with the refresh token.\\ |
| __SMTP Server Username, Password__: If the SMTP server address ends with __gmail.com__, the corresponding __Get Refresh Token__ button will appear. Click that button to proceed.\\ |
| __!!! Note__: To obtain the __Refresh Token__, the CrushFTP WebInterface’s host and port must match the __Redirect URL__ specified in the __Google APIs & Services__-> __Credentials__ -> __OAuth 2.0 Client IDs__. In our example, it was: http://127.0.0.1:9090 or https://your.crushftp.domain.com/\\ |
| At line 40 changed one line |
| "From email address :" is also required. Put your google email address there. It will be used as smtp username for the authentication process.\\ |
| Enter the __Client ID__ , __Client Secret__. Proceed with the authentication and authorization process. __!!! Note__: Be sure to sign in with the __Google Account__ that has the __necessary permissions__, as configured in the __Google APIs & Services__-> __Credentials__ -> __OAuth 2.0 Client IDs__. This will automatically configure the __SMTP Server Username__ and __SMTP Server Password__.\\ |
| At line 42 changed one line |
| [attachments|smtp_config.png]\\ |
| [SMTP Google Mail Integration/oauth_form.png]\\ |
| At line 60 added 52 lines |
| If the domain is unverified, a warning message may appear. Click __Advanced__ and choose to proceed:\\ |
| \\ |
| [SMTP Google Mail Integration/not_verified_domain.png]\\ |
| \\ |
| Click on the __Allow__ button:\\ |
| \\ |
| [SMTP Google Mail Integration/allow_form.png]\\ |
| \\ |
| __From email address__: You must also specify the __From__ email address. __!!! Imnportant__ The __From__ address must exactly match __the signed-in Google user’s email address__ (i.e., the account used to obtain the refresh token). Otherwise, SMTP authentication will fail.\\ |
| \\ |
| Make sure to enable the __SSL/TLS__ flag to ensure a secure connection.\\ |
| \\ |
| ---- |
| !3. PopImapTask\\ |
| \\ |
| Select the __IMAPS__ protocol.\\ |
| See the description: [Google IMAP-SMTP Link|https://developers.google.com/gmail/imap/imap-smtp]\\ |
| \\ |
| [SMTP Google Mail Integration/pop_imap_task.png]\\ |
| \\ |
| __Host:__\\ |
| {{{ |
| imap.gmail.com |
| }}} |
| __Port__: __993__\\ |
| If the __Host__ contains __gmail.com__, the corresponding __Get Refresh Token__ button will appear.\\ |
| Configure the __1. Google Mail OAuth 2.0__ [Link|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=SMTP%20Google%20Mail%20Integration#section-SMTP+Google+Mail+Integration-1.GoogleMailOAuth2.0]\\ |
| \\ |
| __⚠️ Note__: To obtain the Refresh Token, the CrushFTP WebInterface’s host and port must match the Redirect URL specified in the __Google APIs & Services__-> __Credentials__ -> __OAuth 2.0 Client IDs__. In our example, it was: http://127.0.0.1:9090 or https://your.crushftp.domain.com/\\ |
| \\ |
| Enter the __Client ID__ , __Client Secret__. Proceed with the authentication and authorization process. __!!! Note__: Be sure to sign in with the __Google Account__ that has the __necessary permissions__, as configured in the __Google APIs & Services__-> __Credentials__ -> __OAuth 2.0 Client IDs__. This will automatically configure the PopImapTask's __Mail Username__ and __Mail Password__.\\ |
| \\ |
| [SMTP Google Mail Integration/oauth_form.png]\\ |
| \\ |
| If the domain is unverified, a warning message may appear. Click __Advanced__ and choose to proceed:\\ |
| \\ |
| [SMTP Google Mail Integration/not_verified_domain.png]\\ |
| \\ |
| Click on the __Allow__ button:\\ |
| \\ |
| [SMTP Google Mail Integration/allow_form.png]\\ |
| \\ |
| __⚠️ Note:__ Since the email address is required after obtaining the refresh token, the Mail Username field must be adjusted.\\ |
| Enter your email address followed by a tilde (~) at the beginning of the Mail Username field.\\ |
| \\ |
| {{{ |
| Mail Username : <<your email address>>~<<what was before>> |
| }}} |
| \\ |
| For more information, see the general POP/IMAP Task description: [POP/IMAP Task – CrushFTP Documentation Link| https://www.crushftp.com/crush11wiki/Wiki.jsp?page=CrushTask#section-CrushTask-POP3IMAP]\\ |
| \\ |
|
