Can OAuth 2.0 bypass "Less secure app" status for desktop application?

+1 vote

Hi,
I'm trying to create a program which can read and write emails of the account login. So a user would log-in (they same way they do with thier own email) and the program would be able to read and write from that email address.

The only problem is that "Less secure apps" won't allow the program to read emails, and I cannot force people to enable this setting.

My point being; Does oAuth2.0 allow the program to read emails WITHOUT people having to enable "Less secure apps"?
And if it doens't, what other option is there?

by

1 Answer

0 votes

Yes, OAuth 2.0 is not affected by this setting as described here:
https://www.limilabs.com/blog/enable-imap-in-gmail

Please note that contrary to what the label says those applications (such as Thunderbird or Outlook) are secure – they use TLS or SSL to secure the client server communication.

The term ‘less secure apps’ is used only because such applications need to store the primary account password to be able to access IMAP.

Alternative would be to use application-specific passwords:
https://www.limilabs.com/blog/enable-imap-in-gmail

by (301k points)
...