Use Oauth 2.0 to access SMTP Gmail in 2024

If you are a developer and your application uses SMTP to use Gmail to send out emails to your users, you need to read this. Traditionally, using Gmail worked by turning on LESS SECURE APPS in the Gmail account that you are using. Then in 2022 Google announced that this will no longer be allowed. Well Google has hemmed and hawed but in 2024 they are actually starting to phase out LESS SECURE APPS in favor of what is called OAuth 2.0.

What is SMTP?

Simple Mail Transfer Protocol, or SMTP, allows web application to send mail. With Less Secure Apps enabled you can currently enter your Google email details in to an SMTP app or plugins. And it will allow you use your email account to send emails through your website. But as of June 2024 this will no longer be possible. It will be replaced by Oauth 2.0.

How can I implement Gmail SMTP using OAuth 2.0 in my own applications?

As a developer in 2024, if you are using WordPress in your site, there are GMAIL SMTP plugins for this. If you are developing your own application, you have to code it yourself using Google’s API. On the Gmail side, you have to obtain what is called a Client ID and a Client Secret which your application will need to access Gmail. To obtain this, you have to create a Google API Project.

You can read more about the Less Secure Apps update here.

Google is a pain in the back. What is my alternative?

True that. To continue using the traditional SMTP settings without OAuth, you can just change your email provider to Mailgun or some other provider that does not require you to do extra work. Bear in mind though, that Gmail is the industry standard.