OAuth with IMAP

OAuth is an open protocol to allow secure API authorization in a simple and standard method from desktop and web applications.

This article describes generic OAuth class.
If you are using Gmail please read OAuth authentication with Gmail.

The following code makes several HTTP requests to authenticate your application. It also fires up the web browser, so the user can allow or deny the application to access his emails.

Remember to add reference to Mail.dll and appropriate namespaces.

1.

// C#

using Limilabs.Client.Authentication;
using Limilabs.Client.IMAP;

const string consumerKey = "anonymous";
const string consumerSecret = "anonymous";

// Get request token
ParameterList parameters1 = OAuth.ForUrl(
        "https://www.google.com/accounts/OAuthGetRequestToken")
    .Consumer(consumerKey, consumerSecret)
    .AddParameter("scope", "https://mail.google.com/")
   .AddParameter(OAuthParameterName.OAuthCallback, "oob")
    .Sign()
    .ExecuteWebRequest();

// Authorize token
string url2 = OAuth.ForUrl(
        "https://www.google.com/accounts/OAuthAuthorizeToken")
   .Consumer(consumerKey, consumerSecret)
   .Token(parameters1.GetValue(OAuthParameterName.OAuthToken))
   .TokenSecret(parameters1.GetValue(OAuthParameterName.OAuthTokenSecret))
   .Sign()
   .GetUrl();

// Fire up the browser.
Process.Start(url2);
// You can use Response.Redirect(url) in ASP.NET

2.
The user needs now to log-in to Gmail account (note that user does not enter credentials in your application):

3.
Then he needs to allow your application to access Gmail:

4.
If you don’t specify callback parameter, user will have to manually copy&paste the token to your application:

In case of a web project, instead of oob value as OAuthCallback parameter, you can specify a web address on your website. oauth_verifier will be included as the redirection url parameter.

After the redirection, your website/application needs to read oauth_verifier query parameter:

5.

// C#

Console.WriteLine("Please enter the key: ");
string oauth_verifier = Console.ReadLine();
// You can use Request["oauth_verifier"].ToString() in ASP.NET

// Get access token
ParameterList parameters3 = OAuth.ForUrl(
        "https://www.google.com/accounts/OAuthGetAccessToken")
   .Consumer(consumerKey, consumerSecret)
   .Token(parameters1.GetValue(OAuthParameterName.OAuthToken))
   .TokenSecret(parameters1.GetValue(OAuthParameterName.OAuthTokenSecret))
   .AddParameter("oauth_verifier", oauth_verifier)
   .Sign()
   .ExecuteWebRequest();

// Log-in to IMAP server using XOAuth
using (Imap client = new Imap())
{
    client.ConnectSSL("imap.gmail.com");

    string imapUrl = string.Format(
        "https://mail.google.com/mail/b/{0}/imap/", userEmailAccount);

    string oauthImapKey = OAuth.ForUrl(imapUrl)
        .Consumer(consumerKey, consumerSecret)
        .Token(parameters3.GetValue(OAuthParameterName.OAuthToken))
        .TokenSecret(parameters3.GetValue(OAuthParameterName.OAuthTokenSecret))
        .Sign()
        .GetXOAuthKey();

    client.LoginOAUTH(oauthImapKey);

    // Now you can access user's emails.
    //...

    client.Close();
}

Here’s the VB.NET version of the code samples:

Remember to add reference to Maill.dll and appropriate namespaces.

1.

' VB.NET

import Limilabs.Client.Authentication
import Limilabs.Client.IMAP

Const  consumerKey As String = "anonymous"
Const  consumerSecret As String = "anonymous"

' Gget request token
Dim parameters1 As ParameterList = OAuth _
	.ForUrl("https://www.google.com/accounts/OAuthGetRequestToken") _
	.Consumer(consumerKey, consumerSecret) _
	.AddParameter("scope", "https://mail.google.com/") _
	.AddParameter(OAuthParameterName.OAuthCallback, "oob") _
	.Sign() _
	.ExecuteWebRequest()

' Authorize token
Dim url2 As String = OAuth _
	.ForUrl("https://www.google.com/accounts/OAuthAuthorizeToken") _
	.Consumer(consumerKey, consumerSecret) _
	.Token(parameters1.GetValue(OAuthParameterName.OAuthToken)) _
	.TokenSecret(parameters1.GetValue(OAuthParameterName.OAuthTokenSecret)) _
	.Sign() _
	.GetUrl()

' Fire up the browser
Process.Start(url2)
' You can use Response.Redirect(url) in ASP.NET

2.
First the user needs to log in to Gmail account (note that user does not enter credentials in your application):

3.
Then he needs to allow your application to access Gmail:

4.
If you don’t specify callback parameter, user will have to manually copy&paste the token to your application:

In case of a web project, instead of oob value as OAuthCallback parameter, you can specify a web address on your website. oauth_verifier will be included as the redirection url parameter.

After the redirection, your website/application needs to read oauth_verifier query parameter:

5.

' VB.NET

Console.WriteLine("Please enter the key: ")
Dim oauth_verifier As String = Console.ReadLine().Trim()
' You can use Request("oauth_verifier").ToString() in ASP.NET

' Third: get access token
Dim parameters3 As ParameterList = OAuth _
	.ForUrl("https://www.google.com/accounts/OAuthGetAccessToken") _
	.Consumer(consumerKey, consumerSecret) _
	.Token(parameters1.GetValue(OAuthParameterName.OAuthToken)) _
	.TokenSecret(parameters1.GetValue(OAuthParameterName.OAuthTokenSecret)) _
	.AddParameter("oauth_verifier", oauth_verifier) _
	.Sign() _
	.ExecuteWebRequest()

' Log-in to IMAP server using XOAuth
Using client As New Imap()
	client.ConnectSSL("imap.gmail.com")

	Dim imapUrl As String = String.Format("https://mail.google.com/mail/b/{0}/imap/", userEmailAccount)

	Dim oauthImapKey As String = OAuth.ForUrl(imapUrl) _
		.Consumer(consumerKey, consumerSecret) _
		.Token(parameters3.GetValue(OAuthParameterName.OAuthToken)) _
		.TokenSecret(parameters3.GetValue(OAuthParameterName.OAuthTokenSecret)) _
		.Sign() _
		.GetXOAuthKeyForImap()

	client.LoginOAUTH(oauthImapKey)

	' Now you can access user's emails.
	' ...

	client.Close()
End Using

Tags:      

Questions?

Consider using our Q&A forum for asking questions.

9 Responses to “OAuth with IMAP”

  1. Swara Says:
    October 14th, 2014 at 05:40

    Hi,
    I was trying this stuff in vs2008 but while incorporating it i am getting an error
    for this part

    ParameterList parameters1 = OAuth

    since i dont know “ParameterList, and OAuth” uses(refers to) which dll .

    Can u help me with this.

    I had added reference to ur Mail.dll,MailBrowserControl.cll,ProtocalEx.dll
    But still it is not working .

    Please can u mail me the entire code It would be an great help..

    Lokng forward to ur reply at “swaranaik2@gmail.com”

    Thanks in advance.. 🙂

  2. Swara Says:
    October 14th, 2014 at 06:03

    Hi,
    I tried this code but its redirecting me to gmail page and asking me for username and password to generate the Key.

    But this is not what the code say..
    what i thought was if i provide my email id it will revert back my gmail details(inbox mails etc)

    Please help me with this as i want to try this out.

    Looking forward for ur reply..

    Please mail me at “swaranaik2@gmail.com”

  3. Limilabs support Says:
    October 14th, 2014 at 09:47

    @Swara
    > Since i dont know “ParameterList, and OAuth” uses(refers to) which dll
    ParameterList and OAuth are classes from Mail.dll assembly (http://www.limilabs.com/mail/download).
    You only need to reference this assembly.

    > But still it is not working.
    Are you getting any exception?

    > I tried this code but its redirecting me to gmail page and
    > asking me for username and password to generate the Key.
    Yes, this is correct behavior.
    You need to log in to Gmail in order to validate your request.

    Please note that you are not giving your credentials to the application,
    but only to Gmail’s web interface using web browser.

  4. Swara Says:
    October 18th, 2014 at 11:04

    thank u for ur reply.
    But i ned to ask u this As was written above

    @quote:
    “The key advantage of this method is that it allows an application to access users email without knowing user’s password.”

    It asks me for my password that means the above @quote stays untrue

    Can u pls reply on the same..

    Thanks.

  5. Limilabs support Says:
    October 20th, 2014 at 10:26

    > It asks me for my password that means the above @quote stays untrue
    No – It is GMail that asks the user, if he allows the application to access his mailbox.
    The application itself does not have access to the user name nor the password.

  6. Swara Says:
    October 23rd, 2014 at 08:29

    thanks gotta… 🙂

  7. Luciano Says:
    October 29th, 2014 at 12:36

    Very Nice article.. how do you setup this for a web application??

  8. Wagner Says:
    January 16th, 2018 at 19:13

    I’m trying to do in asp.net, is giving error in command

    Dim oauth_verifier As String = Request(“oauth_verifier”).ToString()

    Error: Object reference not set to an instance of an object.

  9. Limilabs support Says:
    January 17th, 2018 at 09:54

    @Wagner,

    1. Consider using OAuth 2.0:
    http://www.limilabs.com/blog/oauth2-gmail-imap-web-applications

    2.
    Examine the request object. Does it contain “oauth_verifier” parameter?