15664: [feature request] OAuth implementation - LimeSurvey bugs and feature requests

ID	Project	Category	View Status	Date Submitted	Last Update

15664	Feature requests	Security	public	2019-12-17 12:50	2019-12-18 16:01

Reporter	Indispirit	Assigned To
Priority	none	Severity	feature
Status	new	Resolution	open

Summary	15664: [feature request] OAuth implementation
Description	Implement OAuth for LS email settings Email providers are shifting to OAuth to allow app access so requesting that LS support OAuth in email settings. Example: LS currently accesses Gsuite from Google by taking the login details of a Gsuite account in LS global email settings. Gsuite classifies applications that do this as 'LSAs' - Less Secure Applications and to allow LS to access Gsuite this way currently, you have to provide an extra permission. Google plans to turn off access for LSAs and only permit access via OAuth: " Access to LSAs will be turned off in two stages: 1. June 15, 2020 - Users who try to connect to an LSA for the first time will no longer be able to do so. This includes third-party apps that allow password-only access to Google calendars, contacts, and email via protocols such as CalDAV, CardDAV and IMAP. Users who have connected to LSAs prior to this date will be able to continue using them until usage of all LSAs is turned off. 2. February 15, 2021 - Access to LSAs will be turned off for all G Suite accounts."
Tags	No tags attached.

Date Modified	Username	Field	Change
2019-12-17 12:50	Indispirit	New Issue
2019-12-18 16:01	DenisChenu	Note Added: 55069

DenisChenu 2019-12-18 16:01 developer ~55069	It's one of the reason to rewrite mail system in 4 and extend clearly PHPMailer. https://github.com/LimeSurvey/LimeSurvey/blob/3ca1be07878d3e3953a7aa38bf7fb5f85345ccb8/application/core/LimeMailer.php#L495 Sample plugin : https://github.com/LimeSurvey/LimeSurvey/tree/develop/application/core/plugins/mailSenderToFrom (more easy this one)