New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Detecting G Suite domains for OAuth2 flow #1425
Comments
i think, most of the work is in the core, not on the android-site. there is mainly dc_get_oauth2_url() that needs some adaption. @rrthomas are you up on helping in the rust-core to push that forward? doing a pr to core-rust? |
Thanks for sending this issue in the correct direction. I don't know any Rust, or indeed much about DNS. However, if you subscribe me to the relevant issue and I find it becomes an itch I'd like to scratch, then I might have a go. I quite understand that I can't expect someone else to do it for me! |
great that you want to try to push that forward - i think the relevant issue is this one :) i move it to the rust-core, in theory, as said, there are no adaptions needed for it on android - eg. also gmail and yandex are not handled differently in android, so i would assume also for gsuite that there are no adaptions needed. the relevant code part is at https://github.com/deltachat/deltachat-core-rust/blob/master/src/oauth2.rs#L51
@rrthomas note, that we devs hang out frequently on irc freenode #deltachat - you are very welcome there :) |
for testing the change wrt returning OAUTH2_GMAIL unconditionally, in the cli-client, follow the steps from https://github.com/deltachat/deltachat-core-rust#using-the-cli-client - but before the
this shows a url you have to open in the browser, authenticate with google there, once done you are redirected to a url like the
this should do the job. maybe try this first with a normal gmai.com address, to see how it should work normally. |
Many thanks for the tips, I'll try to have a look at some point! |
Do a lookup based on domain's MX servers. G Suite domains are expected to have at least 'aspmx.l.google.com' listed in MXs. See https://support.google.com/a/answer/140034 fixes deltachat#1425
@rrthomas for the time being I've enabled less secure apps in G Suite, created an app password for DC, and logged in after setting servers in the advanced configuration. In the REPL it would be like:
|
@mmoya thanks for the tip. |
Do a lookup based on domain's MX servers. G Suite domains are expected to have at least 'aspmx.l.google.com' listed in MXs. See https://support.google.com/a/answer/140034 fixes deltachat#1425
Do a lookup based on domain's MX servers. G Suite domains are expected to have at least 'aspmx.l.google.com' listed in MXs. See https://support.google.com/a/answer/140034 fixes #1425
Do a lookup based on domain's MX servers. G Suite domains are expected to have at least 'aspmx.l.google.com' listed in MXs. See https://support.google.com/a/answer/140034 fixes #1425
As requested by @hpk42, I'm opening an issue to describe how to detect G Suite domains so that they can use the OAuth2 flow.
This Google page describes how to set up MX records for a G Suite domain. I checked the domain I use and the MX records match those on this page.
So, would it be possible to check the MX for the given email address, and if it matches
ASPMX.L.GOOGLE.COM
, then assume a G Suite account? (It might even be reasonable to guess a G Suite account if the MX simply endsgoogle.com
?)The text was updated successfully, but these errors were encountered: