OAuth with IMAP
OAuth is an open protocol to allow secure API authorization in a simple and standard method from desktop and web applications.
If you are using Gmail please read OAuth authentication with Gmail.
The following code makes several HTTP requests to authenticate your application. It also fires up the web browser, so the user can allow or deny the application to access his emails.
Remember to add reference to Mail.dll and appropriate namespaces.
1.
// C#
using Limilabs.Client.Authentication;
using Limilabs.Client.IMAP;
const string consumerKey = "anonymous";
const string consumerSecret = "anonymous";
// Get request token
ParameterList parameters1 = OAuth.ForUrl(
"https://www.google.com/accounts/OAuthGetRequestToken")
.Consumer(consumerKey, consumerSecret)
.AddParameter("scope", "https://mail.google.com/")
.AddParameter(OAuthParameterName.OAuthCallback, "oob")
.Sign()
.ExecuteWebRequest();
// Authorize token
string url2 = OAuth.ForUrl(
"https://www.google.com/accounts/OAuthAuthorizeToken")
.Consumer(consumerKey, consumerSecret)
.Token(parameters1.GetValue(OAuthParameterName.OAuthToken))
.TokenSecret(parameters1.GetValue(OAuthParameterName.OAuthTokenSecret))
.Sign()
.GetUrl();
// Fire up the browser.
Process.Start(url2);
// You can use Response.Redirect(url) in ASP.NET
2.
The user needs now to log-in to Gmail account (note that user does not enter credentials in your application):
3.
Then he needs to allow your application to access Gmail:
4.
If you don’t specify callback parameter, user will have to manually copy&paste the token to your application:
In case of a web project, instead of oob value as OAuthCallback parameter, you can specify a web address on your website. oauth_verifier will be included as the redirection url parameter.
After the redirection, your website/application needs to read oauth_verifier query parameter:
5.
// C#
Console.WriteLine("Please enter the key: ");
string oauth_verifier = Console.ReadLine();
// You can use Request["oauth_verifier"].ToString() in ASP.NET
// Get access token
ParameterList parameters3 = OAuth.ForUrl(
"https://www.google.com/accounts/OAuthGetAccessToken")
.Consumer(consumerKey, consumerSecret)
.Token(parameters1.GetValue(OAuthParameterName.OAuthToken))
.TokenSecret(parameters1.GetValue(OAuthParameterName.OAuthTokenSecret))
.AddParameter("oauth_verifier", oauth_verifier)
.Sign()
.ExecuteWebRequest();
// Log-in to IMAP server using XOAuth
using (Imap client = new Imap())
{
client.ConnectSSL("imap.gmail.com");
string imapUrl = string.Format(
"https://mail.google.com/mail/b/{0}/imap/", userEmailAccount);
string oauthImapKey = OAuth.ForUrl(imapUrl)
.Consumer(consumerKey, consumerSecret)
.Token(parameters3.GetValue(OAuthParameterName.OAuthToken))
.TokenSecret(parameters3.GetValue(OAuthParameterName.OAuthTokenSecret))
.Sign()
.GetXOAuthKeyForImap();
client.LoginOAUTH(oauthImapKey);
// Now you can access user's emails.
//...
client.Close();
}
Here’s the VB.NET version of the code samples:
Remember to add reference to Maill.dll and appropriate namespaces.
1.
' VB.NET
import Limilabs.Client.Authentication
import Limilabs.Client.IMAP
Const consumerKey As String = "anonymous"
Const consumerSecret As String = "anonymous"
' Gget request token
Dim parameters1 As ParameterList = OAuth _
.ForUrl("https://www.google.com/accounts/OAuthGetRequestToken") _
.Consumer(consumerKey, consumerSecret) _
.AddParameter("scope", "https://mail.google.com/") _
.AddParameter(OAuthParameterName.OAuthCallback, "oob") _
.Sign() _
.ExecuteWebRequest()
' Authorize token
Dim url2 As String = OAuth _
.ForUrl("https://www.google.com/accounts/OAuthAuthorizeToken") _
.Consumer(consumerKey, consumerSecret) _
.Token(parameters1.GetValue(OAuthParameterName.OAuthToken)) _
.TokenSecret(parameters1.GetValue(OAuthParameterName.OAuthTokenSecret)) _
.Sign() _
.GetUrl()
' Fire up the browser
Process.Start(url2)
' You can use Response.Redirect(url) in ASP.NET
2.
First the user needs to log in to Gmail account (note that user does not enter credentials in your application):
3.
Then he needs to allow your application to access Gmail:
4.
If you don’t specify callback parameter, user will have to manually copy&paste the token to your application:
In case of a web project, instead of oob value as OAuthCallback parameter, you can specify a web address on your website. oauth_verifier will be included as the redirection url parameter.
After the redirection, your website/application needs to read oauth_verifier query parameter:
5.
' VB.NET
Console.WriteLine("Please enter the key: ")
Dim oauth_verifier As String = Console.ReadLine().Trim()
' You can use Request("oauth_verifier").ToString() in ASP.NET
' Third: get access token
Dim parameters3 As ParameterList = OAuth _
.ForUrl("https://www.google.com/accounts/OAuthGetAccessToken") _
.Consumer(consumerKey, consumerSecret) _
.Token(parameters1.GetValue(OAuthParameterName.OAuthToken)) _
.TokenSecret(parameters1.GetValue(OAuthParameterName.OAuthTokenSecret)) _
.AddParameter("oauth_verifier", oauth_verifier) _
.Sign() _
.ExecuteWebRequest()
' Log-in to IMAP server using XOAuth
Using client As New Imap()
client.ConnectSSL("imap.gmail.com")
Dim imapUrl As String = String.Format("https://mail.google.com/mail/b/{0}/imap/", userEmailAccount)
Dim oauthImapKey As String = OAuth.ForUrl(imapUrl) _
.Consumer(consumerKey, consumerSecret) _
.Token(parameters3.GetValue(OAuthParameterName.OAuthToken)) _
.TokenSecret(parameters3.GetValue(OAuthParameterName.OAuthTokenSecret)) _
.Sign() _
.GetXOAuthKeyForImap()
client.LoginOAUTH(oauthImapKey)
' Now you can access user's emails.
' ...
client.Close()
End Using
October 14th, 2010 at 07:40
Hi,
I was trying this stuff in vs2008 but while incorporating it i am getting an error
for this part
ParameterList parameters1 = OAuth
since i dont know “ParameterList, and OAuth” uses(refers to) which dll .
Can u help me with this.
I had added reference to ur Mail.dll,MailBrowserControl.cll,ProtocalEx.dll
But still it is not working .
Please can u mail me the entire code It would be an great help..
Lokng forward to ur reply at “swaranaik2@gmail.com”
Thanks in advance.. 🙂
October 14th, 2010 at 08:03
Hi,
I tried this code but its redirecting me to gmail page and asking me for username and password to generate the Key.
But this is not what the code say..
what i thought was if i provide my email id it will revert back my gmail details(inbox mails etc)
Please help me with this as i want to try this out.
Looking forward for ur reply..
Please mail me at “swaranaik2@gmail.com”
October 14th, 2010 at 11:47
@Swara
> Since i dont know “ParameterList, and OAuth” uses(refers to) which dll
ParameterList and OAuth are classes from Mail.dll assembly (http://www.limilabs.com/mail/download).
You only need to reference this assembly.
> But still it is not working.
Are you getting any exception?
> I tried this code but its redirecting me to gmail page and
> asking me for username and password to generate the Key.
Yes, this is correct behavior.
You need to log in to Gmail in order to validate your request.
Please note that you are not giving your credentials to the application,
but only to Gmail’s web interface using web browser.
October 18th, 2010 at 13:04
thank u for ur reply.
But i ned to ask u this As was written above
@quote:
“The key advantage of this method is that it allows an application to access users email without knowing user’s password.”
It asks me for my password that means the above @quote stays untrue
Can u pls reply on the same..
Thanks.
October 20th, 2010 at 12:26
> It asks me for my password that means the above @quote stays untrue
No – It is GMail that asks the user, if he allows the application to access his mailbox.
The application itself does not have access to the user name nor the password.
October 23rd, 2010 at 10:29
thanks gotta… 🙂
October 29th, 2010 at 14:36
Very Nice article.. how do you setup this for a web application??
January 16th, 2014 at 21:13
I’m trying to do in asp.net, is giving error in command
Dim oauth_verifier As String = Request(“oauth_verifier”).ToString()
Error: Object reference not set to an instance of an object.
January 17th, 2014 at 11:54
@Wagner,
1. Consider using OAuth 2.0:
http://www.limilabs.com/blog/oauth2-gmail-imap-web-applications
2.
Examine the request object. Does it contain “oauth_verifier” parameter?