How can I get PLAIN authentication working with Google's IMAP server?

Question

So for a while I've been relying on the PLAIN support for logging into Google's IMAP server in my email client. Recently they started blocking that and return an error (despite listing it as a supported authentication method).

For instance take this example:

Connected to 'imap.gmail.com:993' using SSL
A0001 CAPABILITY
* OK Gimap ready for requests from ##.##.##.## cd6mb38777249ieb
* CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 XYZZY SASL-IR AUTH=XOAUTH2 AUTH=PLAIN AUTH=PLAIN-CLIENTTOKEN AUTH=XOAUTH
A0001 OK Thats all she wrote! cd6mb38777249ieb
A0002 AUTHENTICATE PLAIN
+
####################################
* NO [WEBALERT https://accounts.google.com/ContinueSignIn?sarp=1&scc=1&plt=AKgnsbszktZSU6iVmh...snip....] Web login required.
A0002 NO [ALERT] Please log in via your web browser: http://support.google.com/mail/accounts/bin/answer.py?answer=78754 (Failure)
SSL connection closed.
ScribeImap_Thread.cpp:647 - Connect to imap.gmail.com:993 failed.

I've tried opening the "https://accounts.google.com/ContinueSignIn..." URL in my browser:

And I get redirected to https://myaccount.google.com/ but the next login attempt fails as well. So it doesn't seem to change the authentication at all.

Is the PLAIN authentication just blocked completely or am I doing it wrong?

Alternatively is there a authentication method that works and DOESN'T need a browser component to log in? (XOAUTH2 seems to need a web login as well)

Answer 1

I see that this is an old post, but after fighting with Outlook for over a year to get my mail, I FINALLY got it working again.

The first thing I had to do was log into my my Gmail account and turn off the button labeled "Less secure apps" as Outlook is in that category. Go to the "Less secure apps" section in My Account. Next to "Access for less secure apps," selectTurn on. (Note to Google Apps users: This setting is hidden if your administrator has locked less secure app account access.) And if you have 2-step verification on (as I did), it will still make Outlook fail. So the next thing you have to do is create an app password which will generate a password for you, and you use that in Outlook for it to sync correctly.

Visit your App password page. You may be asked to sign in to your Google Account. At the bottom, click Select app and choose the app you’re using. Click Select device and choose the device you’re using. Since Outlook will not be listed, select Other and type in Outlook for future reference. Select Generate. Follow the instructions to enter the App password (the 16 character code in the yellow bar) on your device. Select Done. Copy the password that was generated. Open Outlook and paste the password in the Password section. DO NOT use your regular password. Your mail will sync without anymore issues. (Hopefully) Once you are finished, you won’t see that App password code again. However, you will see a list of apps and devices you’ve created App passwords for.

I hope this helps everyone who is having an issue. And I hope these directions are easy to follow! Good luck everyone! :-)

Answer 2

It's pretty official:
http://googledevelopers.blogspot.com.au/2015/04/a-final-farewell-to-clientlogin-oauth.html

They have shut off PLAIN login completely and it's not coming back.

So there are two options:

1. Turn on "less secure apps".
2. Implement OAUTH2.

I've decided to implement OAUTH2 support (which isn't too far off working actually). Initially I thought I would need an embedded browser component in my app, but it turns out that I can launch the system browser and the user can copy the token across in a some what manual process.

Interestingly for those working on OAUTH2 support in their software, Google have setup a playground to see the whole process in practice:
https://developers.google.com/oauthplayground/