Oauth 2.0 Support?

My employer recently did a security audit. One of the results of this audit was the majority of third-party apps can no longer integrate with our work Google account. Big Mail is, unfortunately, one of the affected apps. I reached out to my work’s IT department and received the following response.

Sean, I’m sorry but we do not have that information for individual/specific applications. As part of our ongoing cybersecurity efforts, we have had a security audit performed on our district GAFE services. Among several recommendations was to disallow insecure applications from authenticating to Google accounts. Unfortunately, this doesn’t specify WHICH applications Google has deemed insecure.
Google has also released this notice: Transition from less secure apps to OAuth - Google Workspace Admin Help regarding the deprecation of several connection protocols this coming summer. From the looks of it, if your application allows for Oauth2 authentication, that may allow you to get it back in the game for your use.

Thanks for flagging Sean and requesting some more info from your IT dept.

Big Mail is OAuth 2.0 compatible so as long as you sign in using the Google option you should still be good to go. If you’re signing in using the ‘manual’ option with username and password, then it sounds like that will no longer be allowed.

Let me know if that’s not the case though?

I get the error when trying to sign in using Gooogle. Attached is a screenshot of the error. Below that are the details that are provided if I click the link in the error.

Screenshot 2023-10-29 at 6.46.57 AM1179×2556 210 KB

Error 400: admin_policy_enforced
Request details: access_type=offline response_type=code client_id=615965187653-17hhd7qijm5uoucicibd0gptapa5u6a0.apps.googleusercontent.com o2v=2 continue=https://accounts.google.com/signin/oauth/consent?authuser=unknown&part=AJi8hAN4UH52xbX-RCGRcLqhoY5zZzKu3QQTAIbJjSSp9rZh-bRyZGIJO7tASCEeM2oJ12JdJ2V_HHNxI-A4z-ieSfFEWUuieRGVGSVZxxhs6vCK6mT8cBhOC0BRJ0jK2JbVnjo-oiYgo4FgXCf4Vjo9tcvBoiaHwOYGSWT608sWcd20OHDSu5hWu5_Xq8zcnDHhE8u0AbmI4uIZ8UqOLyIdMT4JCiQDw9ccTyLLrue_ieCiSCg2pBUz3uxAyRaZYkOwWup2y0tUMGlsSEx8y0L16-Cjc9huoDhWtdlFxZF2iDHeB5etS3LKkEX9ZOsJU33KmyCpUif93A9cTFNY7TOBpIDFx5RC4rlt75vNU5G0AiUcFWdrJ6ympfMi3pFriqu1rQNS_Z83aPU_oVOpY8DrWuddFJIch3CFm-QUGlyILYMtOEpTM1kF94pDXCmoSMZ4xgUbIyhQ&as=S-603463899%3A1698576354084987&client_id=615965187653-17hhd7qijm5uoucicibd0gptapa5u6a0.apps.googleusercontent.com&theme=glif# redirect_uri=com.googleusercontent.apps.615965187653-17hhd7qijm5uoucicibd0gptapa5u6a0:/oauth scope=https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email https://mail.google.com openid

Thanks for the extra info Sean.

I have Google Workspace for our domain so was able to test this out just now. For this error it seems like your admin(s) would have had to explicitly mark Big Mail as “Blocked”.

In the Workspace console Big Mail does show as verified so admins can see that it has been audited by Google and meets their new OAuth requirements (which bizarrely Mail.app on iOS and macOS don’t seem to…!)

Screenshot 2023-10-29 at 11.17.061080×578 52.8 KB

Your admins will need to mark Big Mail as “Trusted” (or just return Big Mail back to Google’s default settings) for you to be able to sign in again.

It’s possible your admins disabled Big Mail as in theory you could have signed in with your username and password, but the “less secure apps” behaviour can be disabled separately, so it seems unnecessary if that’s the case.

I would suggest reaching back out to them and asking for clarification as unfortunately I don’t think there’s anything I can do my end. I’m also happy to provide any additional information if that’s helpful.

Thanks! I’ll reach out to my IT department tomorrow and see if they can provide any clarification.