Implement OAuth to support GMail/GSuite accounts

I had suggested in #55 that it be made generic instead of Google-specific; I don't much would need to be changed to make it generic.

I think we need a plugin system and we ship 2 plugins:

• Username and Password
• OAuth Authentication

Then we can extend in the future or 3rd-party are able to add their additional plugins

Anyone to test the MR?

Tests are not yet fixed. I wonder if it works for you with GMail

@sadashiv, @DamienMcKenna, @rivimey,

The solution proposed in the MR is based on #65 but allows the SMTP auth to be configured based on plugins. That would allows to easily add other plugins, for other auth types, in the future. Also, a 3rd party is able to add their own without changing this module

Do you think this architectural change is what we need?

The D10.1 test fails because we're using a method, deprecated in D9 and removed in D10. Will fix that if we have an agreement on the architectural change.

I don't have time to test it right now, but the merge request is excellent work, and solves many of the problems of the patches.

My only comment is that some of the class names don't follow CamelCase very well, e.g. GmailXOAuth2.

I just bumped into this in Drupal Slack. It looks like this work is well along, however if you have need for a plugin based generic Oauth client system that leverages the League's Oauth2 Client library, you might consider the OAuth2 Client → module which I maintain and that has a D10 release. A developer can extend a base plugin and have a working client pretty quickly. Optional Key → module support as well.

A stop-gap solution:

Install Google API Client → :

composer require 'drupal/google_api_client:^4.3'

and apply the following patch:

    "patches": {
        "drupal/smtp": {
            "#3102055: Allow OAuth Authentication": "https://www.drupal.org/files/issues/2023-06-06/3102055-implement-oauth-for-google-gmail-84.patch"
        }
    },

@FatherShawn and @claudiucristea,

(Also @Ali_W and @imclean re: Azure)

I'm thinking of getting this set up for Microsoft Azure (although I have never programmatically connected to an OAuth before)

@FatherShawn, is there a way I can do this generically for Google, Microsoft, Amazon, etc. using the OAuth2 Client module?

Or would I (we) still need to create a separate plugin for Microsoft, Amazon, etc. in addition to the Google one?

Note: here's a sample of what's necessary for the Google client:

https://git.drupalcode.org/project/smtp/-/blob/4d576b5d2d38decdee6a6c962...

The base implementation is one Oauth2 Client plugin per service with associate client id and secret. Looking over the interface you could implement and perhaps create a multi-service deriver if that doesn't work for you?

The MR !27 is work in progress

@Nathan Tsai, yes, normally, each type of SMTP would need their own plugin. It would be great if you can test my plugin system solution.

@FatherShawn, I have no idea whether we can use a generic Oauth2 client. If that is possible, I wonder why Google is maintaining their own auth PHP library? But feel free

• This can be tested with the new plugin system (changes from MR)
• There's a good Wordpress writeup on how to configure on Google side https://wpmailsmtp.com/docs/how-to-set-up-the-gmail-mailer-in-wp-mail-smtp/
• Still needs tests. But how to test?
• The new submodule needs documentation including how to get the client ID/secret from Google API
• Credentials are saved in config. Maybe we need to make them $settings, so that they don't get leaked in code or database dumps?

Does anyone know how to get smtp working of outlook.office365.com ?
I run D9.5.x

Does anyone know how to get smtp working of outlook.office365.com ?
I run D9.5.x

Its likely the oauth2 approach will not be supported on Office.
https://learn.microsoft.com/en-us/answers/questions/1044899/smtp-xoauth2...

Here is the page on setting up classic SMTP support:
https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchang...

FYI I found out that Hubspot supports SMTP for transactional emails if you set up an OAuth connection, so I'll see if I can test this out for that use case, maybe it could be useful for sites that use Hubspot for newsletters.

@DamienMcKenna, I'm not sure Gmail uses a standard OAuth2 process. Maybe it does but I'm not too knowledgeable in OAuth2. I came to this conclusion because I saw they are indicating to use their OAuth2 lib and not a generic one. While creating this MR, I've been inspired by the Wordpress https://wpmailsmtp.com plugin and that uses also the Google libraries.

I have to say that I'm already using this MR in production and works.

But, regardless of what SMTP provider or API we use, we should first switch to a plugin based system that allows to create new transports.

It would be extremely helpful if people needing Gmail can test the MR. @Nathan Tsai I see you've already provided a stop-gap solution, meaning you're using the Gmail to deliver emails. Could you, please, review the solution from MR?

I see there's a lot of hesitancy on testing the MR and having some feedback. Maybe we have the split the plugin system refactoring in a separate issue and get that done first. I would do that but first I need the module maintainer approval that they are OK with this refactoring and will help with review and merge, otherwise it's just a waste of time. Any thoughts, @japerry?

#84

when I want to send a test email from the admin/config/system/smtp page

TypeError: Drupal\google_api_client\Service\GoogleApiClientService::setGoogleApiClient(): Argument #1 ($google_api_client) must be of type Drupal\google_api_client\GoogleApiClientInterface, null given, called in /home/*web/modules/contrib/smtp/src/Plugin/smtp/SmtpAuthentication/GoogleOAuth.php on line 212 in Drupal\google_api_client\Service\GoogleApiClientService->setGoogleApiClient() (line 110 of /home/*/web/modules/contrib/google_api_client/src/Service/GoogleApiClientService.php).
Severity Error

Do I need to configure the google_api_client module somehow?

I also see this message all the time

Warning message
Disabled fields are overridden in site-specific configuration file.

I'm not completely certain this belongs here, so feel free to disregard.

When looking for a solution to the upcoming Google/GMail Oauth2 issue, I came across PHPMailer OAuth2 → , which is a plugin for PHPMailer SMTP. It addresses Azure, not Google/GMail, but it provides a roadmap for developing an Oauth2 plugin that works with PHPMailer SMTP.

I've now written such a module. I lack the credentials to make it available as a Drupal module (I may work on that), so I've placed it on GitHub at https://github.com/iagsdc/phpmailer_gmail_oauth2. It cannot be installed by composer, but it can be dropped into either the /web/modules/contrib or /web/modules/custom directory. It requires a Google provider library (league/oauth2-google) that can be found at https://oauth2-client.thephpleague.com/providers/league/, and it requires the PHPMailer SMTP module.

It's only been tested on Drupal 10. As I said, I'm not sure this belongs here, but maybe it will help someone out.

There is now a second module, available at https://github.com/iagsdc/oauth2_client_gmail_plugin, that's written as a plugin to Drupal module OAuth2 Client. OAuth2 Client is designed to handle backend functionality for retrieval and storage of OAuth2 tokens. Both modules (the new one, and the one at https://github.com/iagsdc/phpmailer_gmail_oauth2) require a Google provider library (league/oauth2-google) available at https://oauth2-client.thephpleague.com/providers/league/, and both also require the PHPMailer SMTP module. Neither module can be installed with composer.

I thought I'd searched exhaustively for a Drupal module that authenticates to Gmail using OAuth2, but I guess not. Yesterday I came across Gmail API ( https://www.drupal.org/project/gmail → ). I installed it, and it seems to work fine; no need to write another.

Hi, I have created a new patch based on the latest code in the merge request as I couldn't get the merge request patch to apply.

While we aren't actually using the Gmail Oauth I was trying to add support for using the Key module to provide a more secure way to store the SMTP username and password see https://www.drupal.org/project/smtp/issues/3134249 → .

This module allows me to add a simple submodule that just provides another SmtpProvider so while I am not testing the Gmail Oauth side I am testing the SmtpProvider system and it works like a charm!

One suggestion I would make is to not make the Google APIClient a requirement in the composer file but a hook_requirement() in the smtp_gmail_api submodule:

diff --git a/composer.json b/composer.json
index 030217e..4685a9b 100644
--- a/composer.json
+++ b/composer.json
@@ -8,7 +8,6 @@
     "issues": "https://www.drupal.org/project/issues/smtp"
   },
   "require": {
-    "google/apiclient": "^2.14",
     "phpmailer/phpmailer": "^6.1.7"
   },
   "extra": {
diff --git a/modules/smtp_gmail_api/smtp_gmail_api.install b/modules/smtp_gmail_api/smtp_gmail_api.install
new file mode 100644
index 0000000..4b7de79
--- /dev/null
+++ b/modules/smtp_gmail_api/smtp_gmail_api.install
@@ -0,0 +1,17 @@
+<?php
+/**
+ * Implements hook_requirements().
+ */
+function smtp_gmail_api_requirements($phase) {
+  $requirements = [];
+  if ($phase == 'install') {
+    if (!class_exists('\Google\Client')) {
+      $requirements['google_apiclient_library'] = [
+        'description' => t('Google Gmail API SMTP provider requires the "google/apiclient" library. Please install first from https://github.com/googleapis/google-api-php-client'),
+        'severity' => REQUIREMENT_ERROR,
+      ];
+    }
+  }
+
+  return $requirements;
+}

so that projects not using the submodule don't get the library installed regardless.