Gmail with IMAP and OAuth 2.0

Question

I love your product and documentation! Wanted to say that.

I have a web app (on azure) and I am currently using OAuth 2.0 with Gmail over IMAP for web applications.

Can I use the code you have for OAuth 2.0 with Gmail over IMAP for installed applications OR for service account (DotNetOpenAuth) with a web app?

I'm a bit confused on which ones I can use. I'd like to not have to refresh the token on a regular basis if possible.

Thank you for your time!

Answer 1

Those 3 scenarios are there for different purposes.

1.
Service account scenario is for domain administrators.

If your domain is administered by Google (in terms of email), you can create an administrator account, that will be able to login to every email account in your domain.

It is impossible to use this scenario for accessing @gmail accounts.

IMAP over OAuth 2.0 for service account:
https://www.limilabs.com/blog/oauth2-gmail-imap-service-account

2.
Installed applications scenario is for standalone apps.

Instead of redirecting to google for authentication and redirecting back to your app (as in web apps scenario), special code is displayed to the user.
This code is then put in your app (or yor app can be smart enough to read this code from browser's window title) and it can log in to the user's account.

IMAP over OAuth 2.0 in installed apps:
https://www.limilabs.com/blog/oauth2-gmail-imap-installed-applications

3.
Web application scenario as you know uses series of browser redirects.

IMAP over OAuth 2.0 in web apps:
https://www.limilabs.com/blog/oauth2-gmail-imap-web-applications

The bottom line is:
Unless you own a domain, you can use 'web application scenario' only, others won't work.