Wheee.
- If you don't have IMAP + OAuth 2 you're locked out. Unless:
- You change a Big Scary Setting "Allow less secure apps". The activation of which also generates a Big Scary Email to let you know you've done it. But then:
- Your failed attempts triggered another lock on your account, which you need to inspect the IMAP negotiation to see. The first claims "Web login required! go to http://blahblah/100char-long-url", but, surprise! visiting the URL doesn't unlock you.
- The second directs you to https://support.google.com/mail/answer/78754 where you learn about https://www.google.com/accounts/DisplayUnlockCaptcha which, when visited, does NOT display a CAPTCHA, but does unlock your account.
- OAuth 2 is so ridiculously overdesigned the main editor of the spec loudly quit.
- All of this could have been handled using client side certificates, without requiring any changes to the @#$% mail clients.
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1
owGbwMvMwCSYyMCz7/ket1DG0+JJDCGBPvHuqSUK+WlpCrmVCjmJ5Xl6XB1uLAyC
TAxsrEwgaQYuTgGYHmsehgV/ekp/rlgx7dujh3trJkrvClXyWv+AYcGRNO89b/xt
xVd7q/u4lR2pjozkUwMA
=rXE4
-----END PGP MESSAGE-----
Some relevant URLs:
- Google's user-facing documentation
- Google's developer-facing documentation
- Mailing list discussion I was able to find