Dear all
For years I’ve been using cfmail to send mails out of my Lucee apps via google workspace at smtp.gmail.com using basic authentication but:
Starting March 14, 2025, Google Workspace accounts will only allow access to apps using OAuth. Password-based access (with the exception of App Passwords) will no longer be supported. POP and IMAP are NOT going away and can still be enabled with apps that connect using OAuth.
oauth2 is not a complete mystery to me in as much as I have implemented it successfully with some other APIs using Matt Gifford’s library so that part of it doesn’t look too hard, but as far as I can see, to actually send mails, they have to go in a POST containing a json packet containing the multipart MIME message, and these look like they’re fiddly things to create and what I suppose cfmail has always done for me.
So… this is where I hope someone can help:
Can CFMAIL be arranged to connect using OAuth? - If it can, this seems like it might be the simplest solution.
or…
Is there a library out there which does something like CFMAIL but outputs something digestible to google workspace?
or…
Should I abandon google workspace and use another provider to send mails out of my apps using CFMAIL like I always have. If so, then I’d welcome suggestions. (They do need to appear to come from someone@mydomain.com)
Thanks for your help.
Richard
While you and others pursue those options you outlined, did you catch that quite saying that use of “app passwords” is not going away? Have you tried that, whether before or now? It works pretty easily: you create one in Google and use that as “the password” for your mail server configuration in Lucee (or ACF).
PS I do realize this is “kicking the can down the road” and that oauth is better in the long run. I did preface it with “while you” pursue those other options, especially given the fast-approaching deadline. 
1 Like
Thanks, no, I haven’t tried it - I will, today.
Along the same lines, where google say: POP and IMAP are NOT going away, I did come across a snippet of conversation elsewhere which said: you make an HTTP call to their authentication service, and it will spit back a token that expires after a few minutes or a few hours. You then use your normal CFMAIL to send out the message, but use the token as the password instead of the normal password.
Since it usually is fairly easy to get & manage oauth2 access & renewal tokens, this sounds like an even better way of doing it with cfmail than an app password, but I’m not sure I want to spend hours trying to see if this actually works unless someone out there knows it’s a workable solution…
Thanks
Richard
Well, it looks like the App Passwords solution works perfectly well with cfmail, just need to do a few tweaks to existing code and all should be good for a while.
Thanks
Richard
.
1 Like
Great to hear, and glad to have helped. Of course, your original question is still a good one, and perhaps in time others will offer more about that here.