What are you doing about gmail forcing 0auth?

Originally posted in the wrong category… This probably affects a good number of ghost self-hosters like myself, but I didn’t see any direct definite answer in the forum yet… if I missed it please tell me.

From google to my inbox today confirming it:

Starting September 30, 2024, Google Workspace accounts will only allow access to apps using OAuth. Password-based access (with the exception of App Passwords) will no longer be supported. POP and IMAP are NOT going away and can still be enabled with apps that connect using OAuth.

All my ghost instances use LSA (less-secure app) passwords to send out one-time emails via my preferred email address. But to my knowledge, there’s no simple way to get 0auth to work with ghost for this issue.

Curious if anyone has already mitigated for this upcoming change and if so, opinions on the absolute simplest way to keep the emails flowing. I’m hoping there’s a way to not have to move email servers.

All my ghost setups are deployed as cloudron apps btw.

I currently use an app password with my gmail account for transactional email off my test server, and it works fine. Are you sure this is a problem?

Source: Google Workspace Updates: Beginning September 30, 2024: third-party apps that use only a password to access Google Accounts and Google Sync will no longer be supported

I do too, for multiple ghost sites. It’s not a problem yet, but later this year, if google keeps its word, app passwords for “less secure apps” which include ghost, is getting disabled

We’re not reading the same text in the same way, I think.

I agree the wording feels like conflicting info. Honestly I hope I’m the one reading it wrong.

It explicitly says less secure apps are getting cut off in September, but then later says app passwords is not going away…

Here’s the full official post from google

I read the part that says that if you can’t use oauth you can still use an app password. So I’m optimistic it’s going to be ok!

But if it’s not… If you have mailgun set up for newsletters already, using it for transactional emails is pretty easy and avoids setting up a mail server if you don’t already have one setup. $1 per thousand emails (first thousand free) might make a lot more sense than configuring a mail server with enough deliverability to at least hit the promotions inbox.

That’s a good point, and probably the simplest solution for a quick fix if google end up breaking things in September.

1 Like