I was trying to get form data to my gmail account so I get to know about 'nodemailer' package but the problem is that it is asking for my gmail password also I have to make my gmail account less secure for this.
Is there any way to get mail without my password?
Use an 'App Password' for this purpose. This is "a 16-digit passcode that gives a less secure app or device permission to access your Google Account". See https://support.google.com/accounts/answer/185833?hl=en
Related
I used gmail account to send email notification when my script fails. Since May 30, 2022, Gmail stops supporting access over Less secure app access
This setting is no longer available.
From Google support:
To help keep your account secure, from May 30, 2022, Google no longer supports the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password.
I am receiving python error even my user and password is OK (tested by logging to my account):
Authentication error. Wrong user or password.
smtplib.SMTPAuthenticationError: (535, b'5.7.8 Username and Password not accepted. Learn more at\n5.7.8 https://support.google.com/mail/?p=BadCredentials u2-20020a1709061da200b0072f42ca2934sm7507815ejh.148 - gsmtp')
What is the best way how to use google account for notification emails or is there better way or tool how to be notified?
When you want to send email over Gmail SMTP, google enable you to set up App password. You have to have set up 2-Step verification in your google account. Once 16 digit password are generated, you just replace password for login (username is your email address, that does not change).
Sources:
Google: Sign in with App Passwords
Stackoverflow: What's solution for sending emails from python while gmail " the less secure apps " is not enabled anymore
Hello I made a NodeJs backend and I implemented nodemailer. The only issue is I get the error with Invalid Login, because I don't have less secure apps turned on. I know, but I went to google and I clicked on the less secure app section and this is what I get
This setting is no longer available. Learn more
Does anyone solved the error different way and is able to send emails?
When you want to send email over Gmail SMTP, google enable you to set up App password. You have to have set up 2-Step verification in your google account. Once 16 digit password are generated, you just replace password for login (username is your email address, that does not change).
Sources:
Google: Sign in with App Passwords
Here's my question. To access our app, the users must be invited.
This means, we use an admin web app to create the user account in Firebase and we send him an invite to download the app and use it.
Now the next phase, how can we send to the newly created user his credentials?
Our first idea was to use a temporary password. We could send the password by email to the user and ask him to redefine his password at his first logging.
His this a good idea? I guess it's not
Is there a better way?
Thanks for the help.
T
There is no way to prevent users from authenticating with Firebase Authentication. So instead of depending on pre-creating of the accounts, you should ensure that only authorized users have access to the data.
For example, when using the Firebase Database, you could keep a list of authorized users in the database:
/authorizedEmails
t4ncr3d3#hisdomain,com: true
puf#hisdomain,com: true
And then you'd check the auth.email variable against this list in the database's security rules.
Instead of pre-creating the account, you could then simply email the user an invite to the app. E.g. an email with a link like http://myapp.mydomain.com/signup.html?email=t4ncr3d3#hisdomain.com
Then when they click the link, pre-populate the sign-up form with the email address you sent the message to and call createUserWithEmailAndPassword().
You could use the new (as of Nov 2016) firebase-admin library (java or node) to programmatically create users from your server side - see this link for details.
After that, you could send the email and password to the user via email, and allow only email based password logins. Unfortunately, you can't force uninvited people to stop authenticating with your app, as they could manually invoke the APIs used to create a new account on their own, as you see on the same page. However, you are under no obligation to provide a login mechanism via your UI. They would have to use their browser to type and invoke the JS needed to create the account.
If you are OK with people forcibly creating accounts, but you would like to lock down their access, you could do something similar to what Frank mentions in another answer by using admin control of the database to restrict access to those users you have created and invited with a special flag in the database (that only you can modify using the admin SDK) that acts as a gateway into your app. If you perform the security properly, that should prevent those whom you didn't invite from using the app, even if they can effectively authenticate with it.
I have already generate test tokens to sign in to my Slack account from the following link; https://api.slack.com/docs/oauth-test-tokens
When I use API Methods, I add the token to URL.
Now I want to integrate users accounts. Are they going to generate test tokens from this url and I will get that generated tokens? I don't think so. Not so practical.
How can I authenticate them? By getting their username and password and basic Node.js https call with BASIC Authentication as it is in; https://dzone.com/articles/nodejs-call-https-basic
When I read the documentation for authentication it suggests; https://api.slack.com/docs/oauth
Should I get all information; client_id, scope, redirect_uri, state, team from the user? How will they know their client_id?
How can I sign in to users account in the Slack integration? I'm little confused..
If you want to authenticate Slack users with your external app you should use Sign-In with Slack. It will prompt the user to sign in to their Slack team with username and password and return their Slack identify to your app. You will also receive an individual Slack token which you can store for future use if you want to keep users "signed-on".
See here for a great explanation on how this feature works.
If you just want a bot or slash command to work with your Slack team, you don't need to authenticate each user. The token you receive after using the "Add to Slack" workflow will be sufficient. Also, The "test token" you can generate on the Slack API page will work. However, this "shortcut" is only supposed to be used for testing.
How is Quora able to show me an invite page with all my Gmail contacts without even me logging into Gmail? Is there a way to pull email addresses without a password? Or is it that they are storing my address book, when I initially logged in?
IMHO, you don't have to be logged in into Gmail for OAuth to work (which Quora is most probably using).
You need to be logged in at the moment of authorizing Quora via Oauth, afterwards you don't need to be logged in, since Quora keeps Oauth authorization internally, tied with your account. So until your OAuth gets invalidated, Quora most probably has access to Gmail contacts and entire Google shebang.
You are likely already logged into Gmail, and when you click "Find Contacts", what Quora does is communicate with Gmail via OAuth. Google then asks you if you are sure you want to grant Quora access to your account data, which they will then send to Quora if you click allow.
If you weren't already logged into Gmail (or had a cookie saved) then Google would have to ask you to authenticate yourself first.