Detecting G Suite domains for OAuth2 flow

[rrthomas]

As requested by @hpk42, I'm opening an issue to describe how to detect G Suite domains so that they can use the OAuth2 flow.

This Google page describes how to set up MX records for a G Suite domain. I checked the domain I use and the MX records match those on this page.

So, would it be possible to check the MX for the given email address, and if it matches ASPMX.L.GOOGLE.COM, then assume a G Suite account? (It might even be reasonable to guess a G Suite account if the MX simply ends google.com?)

[r10s]

i think, most of the work is in the core, not on the android-site.

there is mainly dc_get_oauth2_url() that needs some adaption. @rrthomas are you up on helping in the rust-core to push that forward? doing a pr to core-rust?

[rrthomas]

Thanks for sending this issue in the correct direction. I don't know any Rust, or indeed much about DNS. However, if you subscribe me to the relevant issue and I find it becomes an itch I'd like to scratch, then I might have a go. I quite understand that I can't expect someone else to do it for me!

[r10s]

great that you want to try to push that forward - i think the relevant issue is this one :)

i move it to the rust-core, in theory, as said, there are no adaptions needed for it on android - eg. also gmail and yandex are not handled differently in android, so i would assume also for gsuite that there are no adaptions needed.

the relevant code part is at https://github.com/deltachat/deltachat-core-rust/blob/master/src/oauth2.rs#L51

• as a first try, i would check what happens if OAUTH2_GMAIL is used unconditionally, and if you can log in to your gsuite account with that.

• if that works, the function should check the MX records as describes above.

@rrthomas note, that we devs hang out frequently on irc freenode #deltachat - you are very welcome there :)

[r10s]

for testing the change wrt returning OAUTH2_GMAIL unconditionally, in the cli-client, follow the steps from https://github.com/deltachat/deltachat-core-rust#using-the-cli-client - but before the configure command, do type in:

oauth2

this shows a url you have to open in the browser, authenticate with google there, once done you are redirected to a url like chat.delta:/com.b44t.messenger?code=4/longlonglonglongthng&scope=email%20https://mail.google.com/%20https://www.googleapis.com/auth/userinfo.email%20openid&authuser=1&prompt=consent

the 4/longlonglonglongthng is the part we have to use as the password:

set mail_pw 4/longlonglonglongthng
set server_flags 2
configure

this should do the job. maybe try this first with a normal gmai.com address, to see how it should work normally.

[rrthomas]

Many thanks for the tips, I'll try to have a look at some point!

[mmoya]

@rrthomas for the time being I've enabled less secure apps in G Suite, created an app password for DC, and logged in after setting servers in the advanced configuration. In the REPL it would be like:

set addr user@domain.com
set mail_pw the-app-password
set mail_server imap.gmail.com
set mail_port 993
set send_server smtp.gmail.com
set send_port 465
configure

[rrthomas]

@mmoya thanks for the tip.