{"id":936,"date":"2010-06-28T21:44:43","date_gmt":"2010-06-28T19:44:43","guid":{"rendered":"http:\/\/www.limilabs.com\/blog\/?p=936"},"modified":"2023-08-05T10:02:31","modified_gmt":"2023-08-05T08:02:31","slug":"oauth-with-imap","status":"publish","type":"post","link":"https:\/\/www.limilabs.com\/blog\/oauth-with-imap","title":{"rendered":"OAuth 1.0 with IMAP (deprecated)"},"content":{"rendered":"\n<p>OAuth is an open protocol to allow secure API authorization for <a href=\"\/mail\">Mail.dll email client<\/a> in a simple and standard method from desktop and web applications.<\/p>\n\n\n\n<div class=\"well\"><strong>OAuth 1.0 is deprecated, switch to OAuth 2.0:<\/strong>\n<p>&nbsp;<\/p>\n<ul>\n<li><a href=\"\/blog\/oauth2-gmail-imap-web-applications\">OAuth 2.0 with Gmail over IMAP for web applications (Google.Apis)<\/a><\/li>\n<li><a href=\"\/blog\/oauth2-gmail-imap-installed-applications\">OAuth 2.0 with Gmail over IMAP for installed applications (Google.Apis)<\/a><\/li>\n<li><a href=\"\/blog\/oauth2-gmail-imap-service-account\">OAuth 2.0 with Gmail over IMAP for service account (Google.Apis)<\/a><\/li>\n<\/ul>\n\n<ul>\n<li><a href=\"\/blog\/oauth2-password-grant-office365-exchange-imap-pop3-smtp\">\nOAuth 2.0 with Office365 for daemons\/services: Password grant<\/a><\/li>\n\n<li><a href=\"\/blog\/oauth2-client-credential-flow-office365-exchange-imap-pop3-smtp\">\nOAuth 2.0 with Office365 for daemons\/services: Client credential flow<\/a><\/li>\n\n<li><a href=\"\/blog\/oauth2-web-flow-office365-exchange-imap-pop3-smtp\">\nOAuth 2.0 with Office365 for web apps<\/a><\/li>\n\n<li><a href=\"\/blog\/oauth2-device-flow-office365-exchange-imap-pop3-smtp\">\nOAuth 2.0 with Office365 for standalone devices<\/a><\/li>\n\n<li><a href=\"\/blog\/oauth2-office365-exchange-imap-pop3-smtp\">\nOAuth 2.0 with Office365 for desktop apps<\/a><\/li>\n<\/ul>\n\n<\/div>\n\n\n\n<p>The following code makes <strong>several HTTP requests<\/strong> to authenticate your application. It also <strong>fires up the web browser, so the user can allow or deny<\/strong> the application to access his emails.<\/p>\n\n\n\n<p>Remember to add reference to Mail.dll .NET email component and appropriate namespaces.<\/p>\n\n\n\n<p>1.<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: csharp; title: ; notranslate\" title=\"\">\n\/\/ C#\n\nusing Limilabs.Client.Authentication;\nusing Limilabs.Client.IMAP;\n\nconst string consumerKey = \"anonymous\";\nconst string consumerSecret = \"anonymous\";\n\n\/\/ Get request token\nParameterList parameters1 = OAuth.ForUrl(\n        \"https:\/\/www.google.com\/accounts\/OAuthGetRequestToken\")\n    .Consumer(consumerKey, consumerSecret)\n    .AddParameter(\"scope\", \"https:\/\/mail.google.com\/\")\n   .AddParameter(OAuthParameterName.OAuthCallback, \"oob\")\n    .Sign()\n    .ExecuteWebRequest();\n\n\/\/ Authorize token\nstring url2 = OAuth.ForUrl(\n        \"https:\/\/www.google.com\/accounts\/OAuthAuthorizeToken\")\n   .Consumer(consumerKey, consumerSecret)\n   .Token(parameters1.GetValue(OAuthParameterName.OAuthToken))\n   .TokenSecret(parameters1.GetValue(OAuthParameterName.OAuthTokenSecret))\n   .Sign()\n   .GetUrl();\n\n\/\/ Fire up the browser.\nProcess.Start(url2);\n\/\/ You can use Response.Redirect(url) in ASP.NET\n\n<\/pre><\/div>\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img decoding=\"async\" src=\"\/blog\/wp-content\/uploads\/2010\/06\/OAuth_Login.png\" alt=\"\" title=\"OAuth - Login\"\/><\/figure><\/div>\n\n\n\n<p>2.<br>The user needs now to log-in to Gmail account (note that user does not enter credentials in your application):<br><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img decoding=\"async\" src=\"\/blog\/wp-content\/uploads\/2010\/06\/OAuth_Allow.png\" alt=\"\" title=\"OAuth - Allow\"\/><\/figure><\/div>\n\n\n\n<p>3.<br>Then he needs to allow your application to access Gmail:<br><\/p>\n\n\n\n<p>4.<br>If you<strong> don&#8217;t specify callback<\/strong> parameter, user will have to <strong>manually <\/strong>copy&amp;paste the token to your application:<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img decoding=\"async\" src=\"\/blog\/wp-content\/uploads\/2011\/10\/GmailOAuth_OOBAuthorize.png\" alt=\"\" title=\"GmailOAuth - OOBAuthorize\"\/><\/figure><\/div>\n\n\n\n<p>In case of a <strong>web project<\/strong>, instead of <strong>oob<\/strong> value as OAuthCallback parameter, you can specify<strong> a web address on your website<\/strong>. oauth_verifier will be included as the redirection url parameter.<\/p>\n\n\n\n<p>After the redirection, your website\/application needs to<strong> read oauth_verifier query parameter<\/strong>:<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img decoding=\"async\" src=\"\/blog\/wp-content\/uploads\/2011\/10\/GmailOAuth_Redirect.png\" alt=\"\" title=\"GmailOAuth - Redirect\"\/><\/figure><\/div>\n\n\n\n<p>5.<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: csharp; title: ; notranslate\" title=\"\">\n\/\/ C#\n\nConsole.WriteLine(\"Please enter the key: \");\nstring oauth_verifier = Console.ReadLine();\n\/\/ You can use Request&#x5B;\"oauth_verifier\"].ToString() in ASP.NET\n\n\/\/ Get access token\nParameterList parameters3 = OAuth.ForUrl(\n        \"https:\/\/www.google.com\/accounts\/OAuthGetAccessToken\")\n   .Consumer(consumerKey, consumerSecret)\n   .Token(parameters1.GetValue(OAuthParameterName.OAuthToken))\n   .TokenSecret(parameters1.GetValue(OAuthParameterName.OAuthTokenSecret))\n   .AddParameter(\"oauth_verifier\", oauth_verifier)\n   .Sign()\n   .ExecuteWebRequest();\n\n\/\/ Log-in to IMAP server using XOAuth\nusing (Imap client = new Imap())\n{\n    client.ConnectSSL(\"imap.gmail.com\");\n\n    string imapUrl = string.Format(\n        \"https:\/\/mail.google.com\/mail\/b\/{0}\/imap\/\", userEmailAccount);\n\n    string oauthImapKey = OAuth.ForUrl(imapUrl)\n        .Consumer(consumerKey, consumerSecret)\n        .Token(parameters3.GetValue(OAuthParameterName.OAuthToken))\n        .TokenSecret(parameters3.GetValue(OAuthParameterName.OAuthTokenSecret))\n        .Sign()\n        .GetXOAuthKey();\n\n    client.LoginOAUTH(oauthImapKey);\n\n    \/\/ Now you can access user's emails.\n    \/\/...\n\n    client.Close();\n}\n<\/pre><\/div>\n\n\n<p>Here&#8217;s the VB.NET version of the code samples:<\/p>\n\n\n\n<p>Remember to add reference to Mail.dll and appropriate namespaces.<\/p>\n\n\n\n<p>1.<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: vb; title: ; notranslate\" title=\"\">\n' VB.NET\n\nimport Limilabs.Client.Authentication\nimport Limilabs.Client.IMAP\n\nConst  consumerKey As String = \"anonymous\"\nConst  consumerSecret As String = \"anonymous\"\n\n' Gget request token\nDim parameters1 As ParameterList = OAuth _\n\t.ForUrl(\"https:\/\/www.google.com\/accounts\/OAuthGetRequestToken\") _\n\t.Consumer(consumerKey, consumerSecret) _\n\t.AddParameter(\"scope\", \"https:\/\/mail.google.com\/\") _\n\t.AddParameter(OAuthParameterName.OAuthCallback, \"oob\") _\n\t.Sign() _\n\t.ExecuteWebRequest()\n\n' Authorize token\nDim url2 As String = OAuth _\n\t.ForUrl(\"https:\/\/www.google.com\/accounts\/OAuthAuthorizeToken\") _\n\t.Consumer(consumerKey, consumerSecret) _\n\t.Token(parameters1.GetValue(OAuthParameterName.OAuthToken)) _\n\t.TokenSecret(parameters1.GetValue(OAuthParameterName.OAuthTokenSecret)) _\n\t.Sign() _\n\t.GetUrl()\n\n' Fire up the browser\nProcess.Start(url2)\n' You can use Response.Redirect(url) in ASP.NET\n<\/pre><\/div>\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img decoding=\"async\" src=\"\/blog\/wp-content\/uploads\/2010\/06\/OAuth_Login.png\" alt=\"\" title=\"OAuth - Login\"\/><\/figure><\/div>\n\n\n\n<p>2.<br>First the user needs to log in to Gmail account (note that user does not enter credentials in your application):<br><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img decoding=\"async\" src=\"\/blog\/wp-content\/uploads\/2010\/06\/OAuth_Allow.png\" alt=\"\" title=\"OAuth - Allow\"\/><\/figure><\/div>\n\n\n\n<p>3.<br>Then he needs to allow your application to access Gmail:<br><\/p>\n\n\n\n<p>4.<br>If you<strong> don&#8217;t specify callback<\/strong> parameter, user will have to <strong>manually <\/strong>copy&amp;paste the token to your application:<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img decoding=\"async\" src=\"\/blog\/wp-content\/uploads\/2011\/10\/GmailOAuth_OOBAuthorize.png\" alt=\"\" title=\"Gmail OAuth - OOBAuthorize\"\/><\/figure><\/div>\n\n\n\n<p>In case of a <strong>web project<\/strong>, instead of <strong>oob<\/strong> value as OAuthCallback parameter, you can specify<strong> a web address on your website<\/strong>. oauth_verifier will be included as the redirection url parameter.<\/p>\n\n\n\n<p>After the redirection, your website\/application needs to<strong> read oauth_verifier query parameter<\/strong>:<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img decoding=\"async\" src=\"\/blog\/wp-content\/uploads\/2011\/10\/GmailOAuth_Redirect.png\" alt=\"\" title=\"Gmail OAuth - Redirect\"\/><\/figure><\/div>\n\n\n\n<p>5.<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: vb; title: ; notranslate\" title=\"\">\n' VB.NET\n\nConsole.WriteLine(\"Please enter the key: \")\nDim oauth_verifier As String = Console.ReadLine().Trim()\n' You can use Request(\"oauth_verifier\").ToString() in ASP.NET\n\n' Third: get access token\nDim parameters3 As ParameterList = OAuth _\n\t.ForUrl(\"https:\/\/www.google.com\/accounts\/OAuthGetAccessToken\") _\n\t.Consumer(consumerKey, consumerSecret) _\n\t.Token(parameters1.GetValue(OAuthParameterName.OAuthToken)) _\n\t.TokenSecret(parameters1.GetValue(OAuthParameterName.OAuthTokenSecret)) _\n\t.AddParameter(\"oauth_verifier\", oauth_verifier) _\n\t.Sign() _\n\t.ExecuteWebRequest()\n\n' Log-in to IMAP server using XOAuth\nUsing client As New Imap()\n\tclient.ConnectSSL(\"imap.gmail.com\")\n\n\tDim imapUrl As String = String.Format(\"https:\/\/mail.google.com\/mail\/b\/{0}\/imap\/\", userEmailAccount)\n\n\tDim oauthImapKey As String = OAuth.ForUrl(imapUrl) _\n\t\t.Consumer(consumerKey, consumerSecret) _\n\t\t.Token(parameters3.GetValue(OAuthParameterName.OAuthToken)) _\n\t\t.TokenSecret(parameters3.GetValue(OAuthParameterName.OAuthTokenSecret)) _\n\t\t.Sign() _\n\t\t.GetXOAuthKeyForImap()\n\n\tclient.LoginOAUTH(oauthImapKey)\n\n\t' Now you can access user's emails.\n\t' ...\n\n\tclient.Close()\nEnd Using\n<\/pre><\/div>","protected":false},"excerpt":{"rendered":"<p>OAuth is an open protocol to allow secure API authorization for Mail.dll email client in a simple and standard method from desktop and web applications. OAuth 1.0 is deprecated, switch to OAuth 2.0: &nbsp; OAuth 2.0 with Gmail over IMAP for web applications (Google.Apis) OAuth 2.0 with Gmail over IMAP for installed applications (Google.Apis) OAuth [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[15,28,77,41,57,68],"class_list":["post-936","post","type-post","status-publish","format-standard","hentry","category-mail-dll","tag-c","tag-imap","tag-imap-component","tag-oauth","tag-vb-net","tag-xoauth"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/posts\/936"}],"collection":[{"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/comments?post=936"}],"version-history":[{"count":19,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/posts\/936\/revisions"}],"predecessor-version":[{"id":6510,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/posts\/936\/revisions\/6510"}],"wp:attachment":[{"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/media?parent=936"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/categories?post=936"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/tags?post=936"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}