Error authenticate using R.3.6.1

[RozennGZ]

I use gmailr in a shiny application, deployed in shinyapps.io. I used a .json file for authentification.

Everything is fine using R version 3.5.1, but using R 3.6.1 the json is not recognized and I can't authenticate after deployment.

Have you a solution ?

Thanks in advance,

Rozenn.

[hahannah22]

Hello all,

I'm experiencing the same issue running code that worked perfectly and authenticated before, but now gives me the following warning: "Sign in with Google temporarily disabled for this app
This app has not been verified yet by Google in order to use Google Sign In." Authentication no longer works for me on either version of R.

Thanks in advance - would love to have this fixed as soon as possible as we use gmailr to support routine public health work!
Haylea

[joshcrowhurst]

Same issue here - hoping for an update to address this so I can continue to make use of this amazing package :)

Thanks,
Josh

[BroVic]

Well, I'm coming to this package for the first time and encountered this issue. I'm encouraged to see from the preceding comments that people have actually been using this package and that it is highly recommended. I hope this issue is fixed asap.

Cheers,
Victor

[robertpdx]

This was working in my application until this morning. I hope it can be resolved soon.

[hahannah22]

Does anyone know if there are plans to fix it or of any workarounds in the meantime? Feeling desperate to get our program running correctly!

[BroVic]

@hahannah22 considering the urgency of your situation, you should use maintainer("gmailr") to draw attention... Good luck.

[judgelord]

gmailr is not alone. Google seems to have revoked authentication processes used by a number of apps. Possibly related to this security review.

I don't have a fix, but here are a few leads if someone has time:

• This rbloggers post on using google and Oauth2 oauth2.0_token() to authenticate.

• This solution for a different app

For refrence from gmailr.R:

  myapp <- oauth_app("google", id, secret)

  scope_urls <- c(read_only = "https://www.googleapis.com/auth/gmail.readonly",
                  modify = "https://www.googleapis.com/auth/gmail.modify",
                  compose = "https://www.googleapis.com/auth/gmail.compose",
                  full = "https://mail.google.com/")
  scope <- scope_urls[match.arg(scope, several.ok=TRUE)]

  the$token <- oauth2.0_token(oauth_endpoints("google"), myapp, scope = scope)

@jimhester, this package is fantastic, and if you have any tips or fixes, we would be so grateful.

[mmagoo6]

Same issue here. Would love to hear of any updates or workarounds.

[meisterluk]

+1 suffering from this issue since Friday

[bobmuscarella]

+1 here

[meisterluk]

In my case, I am just sending a few emails from my computer to my email account programmatically. So I don't bother about Organizations, websites with Privacy Consents and alike. It seems that How can I mark my app as internal-only so it doesn't require verification? addresses this usecase. But I cannot see any ‘Application type’ ‘Internal’ as described in the answer.

I created new credentials on console.developers.google.com and chose “Application Data” (not “User Data”) (assuming this is the best match for ‘Internal’), but the resulting JSON will be incompatible. When the browser screen shows up, a 400 HTTP status code is thrown.

Recognize that part 2 of the answer addresses “If you don't see this option” and asks you to create an organziation. I didn't create a Organization before and it seems to be a tedious process (Is it for G Suite? Is it for Cloud Identity? WTH). However, later I might have time to try that.

I wanted to share my results so far.

[thomasgable]

I am having the same issue here. Been using gmailr for the past 1.5 years and it worked great until last Friday...really hope this gets fixed soon!!

[jimhester]

Google has revoked the built in application to gmailr, due to security concerns we can't really fix in an R package.

So going forward you will have to setup your own google application and authenticate it with gmailr.

There are details in how to do this at https://github.com/r-lib/gmailr#setup, and also on https://github.com/jennybc/send-email-with-r#create-a-project-in-google-developers-console.

Then from within R you need to run gmailr::use_secret_file("gmailr-tutorial.json") with the JSON file containing your app secrets to tell gmailr to authenticate with your application rather than the built in application.

Then authenticate as usual with gmailr::gmail_auth(). You may then get a warning from your browser about this being an untrusted application, but that is OK because this is your application that is untrusted, so you can use the dialog to tell the browser to accept the untrusted app.

Once you have done this gmailr should work as before.

[meisterluk]

@jimhester To clarify: Your second link requires verification of the app. With the described process, you will run into a “this app is not verified” error message. As far as I understand, this means that Google needs to hire a third-party to verify compliance of your application with Google's security and content policies with costs starting at 15,000 $ (or do I mix up security assessment and app verification here?).

The first link is ambiguous, because the step “Other fields can be left blank” is wrong. There are options that cannot be left blank and depending on your choice, you will run into different issues.

For me, the question remains how to make authentication work for small users with private/internal source code and a low rate of requests for my own email address…

[jimhester]

If the documentation is wrong please submit a pull request to fix it.

If your app is only going to be used by you the google documentation says you can skip the assessment (https://support.google.com/cloud/answer/9110914#skip)

You do not need to submit your app for review if it's going to be used in any of the following scenarios:

The app is not shared with anyone else.

[EdwinTh]

I am trying to follow the guidelines to which you link, but it seems like the setup of the https://console.developers.google.com/project has changed. I managed to do it through the instructions, but only after some clicking around. Happy to do a PR to update, please confirm that the setup indeed changed.

[jimhester]

Yes, it does seem to have changed since that section of the documentation was last updated in 2016

[EdwinTh]

I did not quite manage to set it up with the new setup, did not get a connection, so I need some help by doing a PR. But is the whole thing going to be changed by the introduction of gargle anyway? If so, I will not bother.

[jimhester]

I re-wrote the docs yesterday, the setup is now more straightforward by taking advantage of google's quickstart docs.

[BroVic]

Thanks!