How to set up Oauth2 in Claws Mail?

Forum Forums General Tips and Tricks How to set up Oauth2 in Claws Mail?

  • This topic has 8 replies, 4 voices, and was last updated Jun 12-4:47 pm by Robin.
Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
  • #144821

      Since google makes it not really easy to use its Pop and IMAP interfaces with Email Clients not produced by huge enterprises or big organisations, here some hints how to set up OAuth2 access for your google email account properly in Claws Mail. All what you need on antiX is a the Mail account itself. (Tested on antiX 23.1 full runit 64 bit live, works all the same on 32 bit.)

      1.) Open in your Web browser the Google-Cloud-Console.
      2.) Create a new Project.
      3.) Select from their library the mail access tool called “Gmail API, view and manage Gmail mailbox data”.
      (001) Select the tool from Library

      4.) From the left Menuborder select “OAuth Consent Screen”. Enter data to all the marked fields, then click “Save and continue”.
      (002) Welcome Screen

      5.) Add a “scope”:
      (003) Select Scopes

      6.) Select the scope “http​s://” with the description “Read, compose, send, and permanently delete all your email from Gmail”. Save and continue.
      (004) Add scope “Email access”

      7.) Click “Add users”:
      (005) Add test user

      8.) Add your own email address as test user you want to access by Pop or IMAP:
      (006) Enter your your own googlemail email address

      9.) Check all data. Edit if needed. When done, save and proceed to Credentials
      (007) Check and proceed to Credentials

      10.) Click “Create Credentials”, select “OAuth Client ID”.
      Add credentials

      11.) Select a project type from the list:
      Select Program type

      12.) Enter another name of your choice and let the credentials create:
      Give it a console name

      13.) From the Popup copy both, the Client ID and the Client Secret to the entry fields in Claws mail. Make sure to keep both in a safe place, you’ll need them later on for occasional authentification renewal. For renewing the authentification token you don’t have to repeat all the former steps again and again, the ID and the Secret will stay valid.
      Copy client ID and secret

      14.) Paste the ID and the Secret into the respective Fields in Claws Mail account setup window and either copy the resulting link manually to your Browser by clicking “Copy link”, or click “Open default web browser with the authentification request”. Keep the Email Client open in the very state, it waits now for the authorisation token from Google to be sent back.
      Paste client ID and secret to Claws Mail open link in Browser

      15.)In the browser now check data and click the Email address for which you want to set up OAuth2 access to Google in Claws mail:
      Select account to proceed

      16.) Reassure that you trust yourself and continue:
      Trust yourself.

      17.) Again Check data and continue (How often? Is there some kind of galopping consent Inflation in Google? I reckon a single concise consent page would be sufficient…) Clicking Continue will send the authorisation token directly to your waiting Claws Mail Client.
      Again trust yourself.

      18.) A confirmation should show up in your Browser now, that the code was sent directly to Claws Mail.
      authorisation Code was sent to Claws Mail directly.

      19.) Make sure the authorisation token is present in the respective line and all the former Entries are still untouched. Click the “Authorise” Button, then click “Apply” to make the settings permanent.
      Complete authorisation

      20.) Leave with OK or recheck the other OAuth2 relevant sections:
      – “Receive”:
      Tick the box “Authenticate before POP connection”. From the Method pulldown select “OAuth2”
      – “Send”
      Tick the box SMTP authentification (SMTP AUTH) and also here select the Method “OAuth2” from the pulldown.

      You are done. Enjoy Pop or IMAP access to your Google mail account in Claws Mail.

      Windows is like a submarine. Open a window and serious problems will start.


        Thank you very much Robin for this excellent tutorial.


          Additional hint: Please open the above screenshots (from context menu, by right clicking them) in a new browser tab or window so you can zoom in by pressing Ctrl + and Ctrl – keys in order to read the microwriting google uses on its website. Alternatively you might want to save them to disk and read them in a more potent viewer program than a browser, e.g. feh.

          Please note, all the displayed credentials (including the mail address and the project name) found in the screenshots are simulated merely as sample/example entries to show you what precisely is expected in these fields. For sure you have to chose your own entries analog to the examples.

          And then, a warning. You might easily get lost in this google website labyrinth if clicking accidentally another button or entry other than the ones marked in the screenshot. If I say labyrinth, I mean it. Take the above as your Ariadne’s thread of survival 😉

          Windows is like a submarine. Open a window and serious problems will start.


            Another option, maybe easier or maybe not, is to use an app password instead of OAuth2.

            This is a specially generated password for your Gmail account that only works for one application.

            Google’s instructions are here:


            I use an app password with K-9 Mail on my phone since it didn’t support OAuth when I first set it up (though it does now, I think). It’s worked for me.


              I second anti-apXos suggestion of using an app password instead of OAuth2. Its a lot easier and faster. Doing an OAuth2 authentication each time you want to check your mail uses noticeably more processing power on old systems.


                Another option, maybe easier or maybe not, is to use an app password instead of OAuth2.

                Currently this works probably still, but I guess it is inevitable to switch to Oauth2:
                As stated there, they simply drop their third party app password support at September 30, 2024.

                Windows is like a submarine. Open a window and serious problems will start.


                  That page seems to be describing something else (but who knows what?) since the suggested link for more information has this nugget of wisdom:

                  If the app you are using does not support OAuth, you will need to switch to an app that offers OAuth or create an app password to access these apps.


                  But yes, even if this particular date is not the end of Google app passwords (or maybe it is?), I do assume that it’s only a matter of time.

                  To be honest, I’m looking forward to it as the thing that will finally make my sorry ass stop relying on Google.


                    @anti-apXos : Your link even states new users and users who had not activated the LSA settings in their account can’t activate it any longer after June 15, 2024 already, since they remove it from the Account management console, while people having set it up before already can use it until the date I had originally named above.

                    Access to Less Secure Apps (LSA) will be turned off in two stages:

                    Beginning June 15, 2024:
                    The LSA settings will be removed from the Admin console and can no longer be changed. Enabled users can connect during this time, but disabled users will no longer be able to access LSAs. This includes all third-party apps that require password-only access to Gmail, Google Calendar, Contacts via protocols such as CalDAV, CardDAV, IMAP, SMTP, and POP.
                    The IMAP enable/disable settings will be removed from users’ Gmail settings.
                    If you’ve been using LSAs prior to this date, you can continue using them until September 30, 2024.

                    but who knows what?

                    “LSA” in the eyes of google is all kind of programs not designed by themselves. All Email applications, all access tools for gdrive /google sync etc will be affected from the change.
                    See this listing which “third party apps” are affected.

                    They list Apple Mail, IOS Mail, Outlook, Mozilla Thunderbird, Printer- and Scanner hardware. But Claws Mail and all other programs not listed explicitly are subsumed under the line “Any other app – Request that the app developer update the app to use OAuth 2.0”.

                    Which leads to the question @PPC : Does your script for mounting google drives in antiX already work with OAuth2 ?

                    Windows is like a submarine. Open a window and serious problems will start.


                      Which leads to the question @PPC : Does your script for mounting google drives in antiX already work with OAuth2 ?

                      Can answer that myself now, having installed and tested it (works great, btw) : rclone, which does the job in the background, already has switched to OAuth2 processing. So no issues here from June 15. to expect.

                      Windows is like a submarine. Open a window and serious problems will start.

                    Viewing 9 posts - 1 through 9 (of 9 total)
                    • You must be logged in to reply to this topic.