[offlineimap] google/gmail blocks offlineimap due to security (#228)

Chris Coleman notifications at github.com
Mon Aug 17 20:07:38 BST 2015

I've just been thru this with another project.
The recommended approach is, do not save plaintext password with the application.
Instead, save a revokable OAUTH2 token, which is possible to generate from the google OAUTH playground page.
The app (offlineimap, etc) can save the token on local disk file, and provide the token to gmail when gmail prompts for password.  gmail will then login ok.
The user can revoke this token at any time via their google account - in case their machine suffered a security breach - the bad guys won't have stolen their plaintext password - only the token - which the user will revoke and prevent further loss of data or financial money accounts (google wallet.. google adwords.. etc).

Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/offlineimap-project/attachments/20150817/1da4ac72/attachment-0003.html>

More information about the OfflineIMAP-project mailing list