Google will ban less secure sign in methods, is PHPMailer affected?

[ryuukk]

Hello

I am using PHPMailer in my server to forward some log message to some email adresses

https://support.google.com/accounts/answer/6010255?hl=en

HN discussion:

https://news.ycombinator.com/item?id=30513825

I use SMTP login with the email + password, as described in the example

I am not familiar with that kind of stuff, i wanted to know if that ban affects the way i use PHPMailer? Do i need to change anything?

Thanks

[Synchro]

If you're using a regular password login, yes, you will need to change it. PHPMailer supports the XOAUTH2 authentication mechanism, which is painful to set up, but will stay working in future. Google's app passwords will also work (described in your first link), and you'll probably find that easier to set up than XOAUTH2. There is a wiki article about setting up gmail auth.

[Synchro]

That's not a valid URL?

[nelwa]

I removed my domain part in the post above.

This is where I'm redirected after giving access via the google prompts. I don't know if I can change that?

[Synchro]

Yes, but where it is redirected to is on your own server, and if that is denying you access, that's a problem in your own config, not google's.

[nelwa]

I'm not sure I follow you, but let me try & explain what happens (note that everything is the same as in the sample script):

Part 1:
$authUrl = $provider->getAuthorizationUrl($options); $_SESSION['oauth2state'] = $provider->getState(); header('Location: ' . $authUrl);

This works as expected, and I'm passed to google for authorization.

Part 2:
unset($_SESSION['provider']); //Try to get an access token (using the authorization code grant) $token = $provider->getAccessToken( 'authorization_code', [ 'code' => $_GET['code'] ] ); $rtoken = $token->getRefreshToken(); var_dump($rtoken); die();

I never even get to part two. After I give authorization in the Google prompts, I'm returned to that erroneous URL. It seems that the "scope" part of the url is not urlencoded. How can I change that?

Thanks for your help so far!

[nelwa]

Thank you for pointing me in the right direction. It was an apache mod security rule that caused the problem.