Google SMTP using OAuth2 since september 30 will be deprecated the less secure app function

Hi. Since Google announced that will no longer allow Less Secure App authentication for SMTP or IMAP connection using Google Workspace starting the next 30 of september, I think will be very useful to create a tutorial like this: How to configure a Microsoft OAuth Provider :: SuiteCRM Documentation
to achieved that being Google Workspace one of the most common service provider of Mail Hosting in the world.

I will make it, starting today but any help or corrections will be very appreciated.


I’ve been using an app password for my regular gmail account. Are they doing away with both less secure apps AND app passwords?

It seems that kind of method is still allowed: Will "Application Passwords" still be supported after September 30 2024? - Google Account Community
Still, I will try to connect through the mentioned method because eventually will be the only way to interact with the google workspace account of the users who only work with that provider.

1 Like

Hi. Thanks much for your post and for your plans to create a tutorial for how to configure a Google Workspace OAuth provider. My company has just started using SuiteCRM and will need your tutorial. Please let me know if I can assist you as you develop this guide or test it. Thanks again!

Hi… I will try to divide this “tutorial” (mostly a collaboration post) in three parts, this first one is related with the creation of the credentials for the API interaction in the Google Cloud Platform.

I am assuming that you have a Google Workspace account and a Google Cloud Console account, otherwise, you can follow this tutorial:
Google Workspace: Sign up for a free Google Workspace trial  |  Google Workspace Knowledge Center
Google Cloud Platform: Google Cloud Documentation

Once you have a fully functional account in Google Cloud Platform follow the next screenshots:

Go to the site

The next post will use these tokens and ids to try to make a OAuth Provider in SuiteCRM.


In case anyone is wondering the reason why google is stopping “less secure apps”, it’s because these are apps (phone, PC, web, or server apps) which save your actual google account password in clear text, and use transmit it to google to login and send/receive mail (or perform actions with other areas of your google account). Saving your cleartext password in many “less secure apps” is incredibly risky. This is why the upgrade to app passwords, and OAuth2.