1

I am trying to log into my Gmail account manually using OpenSSL in my terminal. But for some reason, Gmail doesn't authorize my login even if the password is correct. Here's a rundown of my terminal:

openssl s_client -crlf -connect imap.googlemail.com:993
CONNECTED(00000003)
.......
# Some stuff displayed here
.......
* OK Gimap ready for requests from <my-ip> f75mb26659817ybg
01 login [email protected] password
01 NO [AUTHENTICATIONFAILED] Invalid credentials (Failure)

Why does it fail? Also, I am a beginner with this and am very curious about doing this, therefore a few article suggestions regarding this would be great.

I tried searching for related articles myself but was unable to do so even after pages of searching.

Improve this question
5
  • 1
    I was able to achieve my goal using Gmail API and OAuth2 authorization. Took quite some bash scripting. Here are the results: My Reddit post. I'm still not solving this question as marked because the solution I've found is just a workaround.
    – Utkarsh Verma
    Commented Jan 20, 2019 at 14:06
  • 1
    how about adding the solution specifics you found from that post as an answer with more and precise detail? I think that'd be much better than this comment with just the link and you saying "check the answer here" and then a year down the road that link gets trashed, etc. If you post the content and the link as an answer, it will be much much better and helpful to that that also need that same answer but quicker if you share the specifics that are to the point about the solution you potentially found. Choo Choo!!!
    – Vomit IT - Chunky Mess Style
    Commented Jan 26, 2019 at 4:17
  • Second that. Workarounds are completely acceptable answers, especially when a direct solution is not available.
    – I say Reinstate Monica
    Commented Jan 26, 2019 at 14:03
  • @TwistyImpersonator It's been quite some time and I have provided my own workaround below since this question would have had received an answer if it was meant to by now. Please have a read and tell me if I need to add something more.
    – Utkarsh Verma
    Commented Jan 26, 2019 at 15:20
  • @PimpJuiceIT I've added the workaround as an answer. Please have a read and tell me if it needs something more.
    – Utkarsh Verma
    Commented Jan 26, 2019 at 15:21

2 Answers 2

Reset to default
2

After several tries, it seemed to me that Gmail has dropped support for basic IMAP login as it is "less secure". So I ended up using OAuth2 for the authentication process. I also found that my goal, to fetch unread email count, could also be achieved using Gmail API afterwards. To implement it, I wrote a script in bash.

Here's what the script does in summary:

  • Create credentials for a client with access to the Gmail API and necessary scopes set.

  • Use those credentials to generate an authorization code for the user's account.

    During this, the terminal opens a user consent webpage which asks the user if he/she authorizes the client or not. Once authorized, the OAuth2 authorization code is sent to localhost at the specified port(I used 5000) which is then caught by the TCP listener, which the script runs in background temporarily, and stored.

  • Once the authorization code is stored, generate the API access token and store it somewhere for use.

  • Make curl requests like this to access the API:

    curl -H "Authorization: Bearer <the access token>" <the request>

Here are the relevant links:

Improve this answer
2
  • 1
    Now this is the way you are supposed to write an answer and keep it clear and concise and with clear links plus the nice formatting as well. Nice answer!! Keep up the good work!! +1
    – Vomit IT - Chunky Mess Style
    Commented Jan 26, 2019 at 15:30
  • I wrote something similar but used perl and jq. See github.com/jay/curl_google_oauth
    – Jay
    Commented Jan 16, 2023 at 22:23
0

Works for me. Make sure to Let less secure apps access your account though since otherwise plain login (user + password) might not work.

Improve this answer
3
  • 1
    Isn't there some way to make this approach more secure instead of making my account more vulnerable by allowing access to less secure apps? Saying this because I don't have a GSuite account and hence can't enable less secure apps to log in.
    – Utkarsh Verma
    Commented Jan 19, 2019 at 9:21
  • 1
    @UtkarshVerma: sure, you can use the more secure authentication method: SASL XOAUTH2. But this means that you will not be able to just use login user pass in IMAP but that the process is more complex (and more secure). See the documentation for details. You might also use application specific passwords.
    – Steffen Ullrich
    Commented Jan 19, 2019 at 9:51
  • That's what I was looking for. I don't mind complexity since it gives me the opportunity to get to know more. I'll go over it and post my updates here once done.
    – Utkarsh Verma
    Commented Jan 19, 2019 at 9:57

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .