!Google Mail Integration\\
\\
----
!1. Google App Passwords\\
\\
__⚠️ Constraints__: __It is only supported for accounts with 2-Step Verification enabled.__\\
\\
Google App Passwords are intended to provide limited access to less secure apps or legacy systems that cannot use OAuth 2.0 — primarily for Google services that use basic username/password authentication.\\
__⚠️ Note__: Google strongly recommends using OAuth 2.0 for authentication instead of App Passwords. Some access types (e.g., less secure apps) are already blocked unless explicitly allowed.\\
\\
Service can use __App Passwords__:\\
__SMTP__: smtp.gmail.com\\
__IMAP__: imap.gmail.com\\
__POP3__: pop.gmail.com\\
\\
Create an app password: [Google App Password Link|https://myaccount.google.com/apppasswords]\\
\\
{{{
Username: your_email@gmail.com
Password: [your generated app password]
}}}
\\
-----
!2. Google Mail OAuth 2.0\\
__Google Mail__ through __SMTP__/__IMAP__ requires __OAuth 2.0__ ([OAuth Wikipedia Link|https://en.wikipedia.org/wiki/OAuth]) for authentication. This is part of Google’s effort to enhance security by deprecating less secure app access (basic authentication using just a username and password). OAuth 2.0 offers a more secure, token-based system that supports modern features like multi-factor authentication, granular permission scopes, and token expiration for better protection against credential theft. For technical implementation details, see Google’s documentation here : [Google IMAP-SMTP Link|https://developers.google.com/gmail/imap/imap-smtp].\\
----
__⚠️ Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domains for Google Mail Authentication: __oauth2.googleapis.com__\\
----
\\
Start by navigating to Google APIs & Services: [Google APIs & Services Link|https://console.developers.google.com/projectselector/apis/credentials]\\
__⚠️ Important:__ Ensure sure the __GMAIL API__ is enabled at __Enabled APIs & services__. [Google API Library Link|https://console.cloud.google.com/apis/library]\\
\\
[SMTP Google Mail Integration/g_api_services.png]\\
\\
[SMTP Google Mail Integration/gmail_api_enabled.png]\\
\\
Go to the __Credentials__ menu, click on __Create Credentials__, and select __OAuth client ID__:\\
\\
[SMTP Google Mail Integration/create_credentials.png]\\
\\
• Select the application type: __Web application__.\\
• Provide a unique name to identify your OAuth client (e.g., CrushFTP Integration).\\
 Then configure the following:\\
• __Authorized JavaScript origins__: Add the base URL of your CrushFTP server (e.g., https://your-domain.com).\\
• __Authorized redirect URIs__: This is the URL Google will redirect to after successful authorization. The Redirect URL must end with: __?command=register_google_mail_api__\\ 
\\
{{{
http://127.0.0.1:9090/?command=register_google_mail_api
or
https://your.crushftp.domain.com/?command=register_google_mail_api
}}}\\
\\
Finally, click the __Create__ button.\\
\\
[attachments|credential_config.png]\\
\\
After the credentials are created, copy the __Client ID__ and __Client Secret__.\\
\\
[SMTP Google Mail Integration/client_id_secret.png]\\
\\
__⚠️ Note:__ You can configure the __OAuth consent screen__ by clicking the link above the __Authorized JavaScript origins__ section:\\
"The domains you enter in the fields below will be automatically added to your __OAuth consent screen__ as __authorized domains__."\\
Click the link to open the __OAuth consent screen__ settings, complete the configuration, and authorize your __CrushFTP domain.__\\
----
!3. SMTP Settings\\
\\
Navigate to __Server Admin__ -> __Preferences__ -> [General Settings] -> __SMTP Settings__:\\
\\
[SMTP Google Mail Integration/smtp_config.png]\\
\\
__SMTP Server Used for Emailing__: Enter the SMTP server address used for sending emails, such as __smtp.gmail.com__, using the default port __587__.\\
{{{
    smtp.gmail.com:587
}}}\\
\\
__SMTP Server Username, Password__:\\
----
__a.)__ App passwords: [1. Google App Passwords Link|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=SMTP%20Google%20Mail%20Integration#section-SMTP+Google+Mail+Integration-1.GoogleAppPasswords]\\
{{{
SMTP Server Username: your_email@gmail.com
SMTP Server Password: [your generated app password]
}}}\\
----
__b.)__ OAtuth 2.0: [2. Google Mail OAuth 2.0 Link|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=SMTP%20Google%20Mail%20Integration#section-SMTP+Google+Mail+Integration-2.GoogleMailOAuth2.0] If the SMTP server address ends with __gmail.com__, the corresponding __Get Refresh Token__ button will appear. Click that button to proceed.\\
__⚠️ Important__: To obtain the __Refresh Token__, the CrushFTP WebInterface’s host and port must match the __Redirect URL__ specified in the __Google APIs & Services__-> __Credentials__ -> __OAuth 2.0 Client IDs__. In our example, it was: http://127.0.0.1:9090 or https://your.crushftp.domain.com/\\
\\
Enter the __Client ID__ , __Client Secret__. Proceed with the authentication and authorization process.\\
__⚠️ Important__: Be sure to sign in with the __Google Account__ that has the __necessary permissions__, as configured in the __Google APIs & Services__-> __Credentials__ -> __OAuth 2.0 Client IDs__. This will automatically configure the __SMTP Server Username__ and __SMTP Server Password__.\\
\\
[SMTP Google Mail Integration/oauth_form.png]\\
\\
If the domain is unverified, a warning message may appear. Click __Advanced__ and choose to proceed:\\ 
\\
[SMTP Google Mail Integration/not_verified_domain.png]\\
\\
Click on the __Allow__ button:\\
\\
[SMTP Google Mail Integration/allow_form.png]\\
\\
__From email address__: You must also specify the __From__ email address.\\
 __⚠️ Imnportant__ The __From__ address must exactly match __the signed-in Google user’s email address__ (i.e., the account used to obtain the refresh token) or the account associated with the App Password. Otherwise, SMTP authentication will fail.\\ 
\\
Make sure to enable the __SSL/TLS__ flag to ensure a secure connection.\\
\\
----
!4. PopImapTask\\
\\
Select the __IMAPS__ protocol.\\
See the description: [Google IMAP-SMTP Link|https://developers.google.com/gmail/imap/imap-smtp]\\
\\
[SMTP Google Mail Integration/pop_imap_task.png]\\
\\
__Host:__\\
{{{
    imap.gmail.com
}}}
__Port__: __993__\\
If the __Host__ contains __gmail.com__, the corresponding __Get Refresh Token__ button will appear.\\
\\
__Mail Username, Password__:\\
----
__a.)__ App passwords: ⚠️ Constraints: It is only supported for accounts with 2-Step Verification enabled.
 [1. Google App Passwords Link|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=SMTP%20Google%20Mail%20Integration#section-SMTP+Google+Mail+Integration-1.GoogleAppPasswords]\\
{{{
Mail Username: your_email@gmail.com
Mail Password: [your generated app password]
}}}\\
----
 __b.)__ OAtuth 2.0: Configure the [2. Google Mail OAuth 2.0 Link|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=SMTP%20Google%20Mail%20Integration#section-SMTP+Google+Mail+Integration-2.GoogleMailOAuth2.0]\\
__⚠️ Important__: To obtain the Refresh Token, the CrushFTP WebInterface’s host and port must match the __Redirect URL__ specified in the __Google APIs & Services__-> __Credentials__ -> __OAuth 2.0 Client IDs__. In our example, it was: http://127.0.0.1:9090 or https://your.crushftp.domain.com/\\
\\
Enter the __Client ID__ , __Client Secret__. Proceed with the authentication and authorization process.\\
__⚠️ Important__: Be sure to sign in with the __Google Account__ that has the __necessary permissions__, as configured in the __Google APIs & Services__-> __Credentials__ -> __OAuth 2.0 Client IDs__. This will automatically configure the PopImapTask's __Mail Username__ and __Mail Password__.\\
\\
[SMTP Google Mail Integration/oauth_form.png]\\
\\
If the domain is unverified, a warning message may appear. Click __Advanced__ and choose to proceed:\\ 
\\
[SMTP Google Mail Integration/not_verified_domain.png]\\
\\
Click on the __Allow__ button:\\
\\
[SMTP Google Mail Integration/allow_form.png]\\
\\
__⚠️ Important:__ Since the email address is required after obtaining the refresh token, the Mail Username field must be adjusted.\\
Enter your email address followed by a tilde (~) at the beginning of the Mail Username field.\\
\\
{{{
Mail Username : <<your email address>>~<<what was before>> 
}}}
\\
----
For more information, see the general POP/IMAP Task description: [POP/IMAP Task – CrushFTP Documentation Link| https://www.crushftp.com/crush11wiki/Wiki.jsp?page=CrushTask#section-CrushTask-POP3IMAP]\\
----
\\