UPDATE!  Microsoft Outlook is also supported now for OAuth 2.0!

We're happy to announce that MAILTOOL (along with MAILTOOL Plus) has been updated to include the ability to send emails using GMail or Microsoft Outlook and the new OAuth 2.0 authentication process as outlined in this announcement from Google and this article to allow "Less Secure Apps" (at least for the time being) instead of requiring the new OAuth 2.0 authentication.

The reason for this is we have a feeling in the future Google (and possibly Microsoft) will turn off the feature to allow "Less Secure Apps" and wanted to be on top of things when they did.

Because we already have features for authenticating your Google and Microsoft Accounts using OAuth 2.0 with our GreenTools for Google Apps (G4G) and GreenTools for Microsoft Apps (G4MS) applications we were able to integrate this into MAILTOOL to allow this new security feature being implemented by Google and Microsoft for their email/SMTP Accounts.

This will require a little more setup up front, but once done it will ensure the most current security when it comes to access of your Google or Microsoft Accounts.

If you're interested in reading the OAuth 2.0 specs they're easy to find.  But, in a nutshell what it means is that 3rd party apps do not need to store the actual password for the account it is working with.  Instead, it uses Authentication Keys.

What Does This Mean?

This means that when sending emails from your IBM i (AS/400, iSeries, System i) with MAILTOOL using GMail or Microsoft Outlook as your email service, you no longer need to use or store the user id and password for the account in the MAILTOOL command or in a JSON Configuration File.  

Instead, you will set up your GMail or Outlook Account to use OAuth 2.0 Authentication (as shown below) and specify the special value of *G4G_XOAUTH2 (for GMail) or *G4MS_XOAUTH2 (for Outlook) as the SMTP Authentication User ID and leaving the SMTP Authentication Password blank.  This will tell MAILTOOL to use the "from" address as the account to use to validate the account using OAuth 2.0.

Requirements

The requirements for using this new authentication are as follows:

• GreenTools for Google Apps (G4G) v6.02 or higher is installed and in the library list at run time if you're using a GMail Account
• GreenTools for Microsoft Apps (G4MS) v1.20 or higher in installed and in the library list at run time if you're using an Outlook Account.
• For each GMail account you wish to use OAuth 2.0 authentication the GMail SMTP Service (*GMAILSMTP) is registered through G4G.  
• For each Outlook account you wish to use OAuth 2.0 authentication the Outlook SMTP Service (*OUTLOOKSMTP) is registered through G4MS.  
• Because the base G4G and G4MS products handle all of the Access Tokens and top level communications, no separate license key is required for G4G or G4MS.
• Get URI (GETURI) v4.09 or higher is installed and in the library list at run time.  
• GETURI is used for the communications behind the scenes in G4G to keep the OAuth 2.0 Access Tokens up to date.  GETURI will require a separate license.

GMail Set Up

Setting up a GMail Account to use OAuth 2.0 authentication is done using the following steps:

Use the G4G Register Service (G4GRECSVC) command to register the Gmail Service for each GMail account you wish to use.  The service name used will be *GMAILSMTP.

G4GREGSVC ID(fieldexit.com@gmail.com) SERVICE(*GMAILSMTP)

Once this command is run you will be presented with the following display:

You will then copy and paste the text into the location bar of your browser (or click on it if your 5250 emulator makes it into a hot link).  We find that Internet Explorer or FireFox works best for this.  Using Chrome it seems to insert new line characters on the line breaks causing the URL to be corrupt.

Your browser should open up to a page like the following.

After clicking on the link (circles) you should be presented with your Google Account Signon (or a similar page that allows you to select the Google Account to use if you have multiple accounts):

After you've signed in to your Google account you are setting up, you will be asked if you want G4G to be able to access your email as shown in the following page:

In order for this to work you will need to click on the "Accept" Button.  When this is done, you will be presented with an authorization code:

Once the code is displayed, return to your green screen and push the F6 button and the code will be automatically retrieved from our server and setup for your Google account will be complete.. 

The registration is now complete for this user.

Microsoft Outlook Set Up

Setting up a Microsoft Outlook Account to use OAuth 2.0 authentication is done using very similar steps to setting up a GMail Account.

Use the G4MS Register Service (G4MSRECSVC) command to register the Outlook SMTP Service for each Outlook account you wish to use.  The service name used will be *OUTLOOKSMTP.

G4MSREGSVC ID(fieldexit.com@gmail.com) SERVICE(*OUTLOOKSMTP)

Follow the directions on the screen to complete the Outlook registration.

Using OAuth 2.0 in your Configuration or MAILTOOL Command

You can now use the value of *G4MS_XOAUTH2 as the SMTP Authentication User ID either on the MAILTOOL command or in the configuration file you are using for this user.  The SMTP Authentication Password does not need to be specified either.

An example of the JSON Configuration File:

...
	{
		"name":"smtp_auth_user",
		"default":"*G4G_XOAUTH2"
	},
	{
		"name":"smtp_auth_password",
		"default":" "
	},
...

An example of using the MAILTOOL Command:

MAILTOOL TOADDR(jclarkson@topgear.com) FROMADDR(fieldexit.com@gmail.com)
SUBJECT('New Veyron SS') 
MESSAGE('Did you see the new Veryron SS?') 
SENDWITH(*MAILTOOL) MAILRTR(SMTP.GMAIL.COM) USERTR(*ONLY) SSL(*YES) PORT(465) 
AUTHUSER(*G4G_XOAUTH2)

When emails are sent you must remember to have G4G or G4MS and GETURI (as well as MAILTOOL) in your library list.  This is because each time an email is sent the Authorization Key that is used needs to be checked to see if it is expired.  If it is, G4G or G4MS and GETURI are used to communicate with the Google or Microsoft Servers to renew the Authorization Key.