Author |
|
juris Groupie
Joined: 27 June 2011 Location: Italy
Online Status: Offline Posts: 72
|
Posted: 12 June 2024 at 11:58pm | IP Logged
|
|
|
https://mail.google.com/ scope now require CASA Tier 2 security assessment. How can we get around this obstacle?
My users must have the ability to read, write, send and permanently delete all emails from Gmail. What alternative scope can I use?
Regards, Lello
Quote:
========================
Hello Google Developer,
Thank you for your patience while we reviewed your submission for project xxxxxxxxxxxx. We need you to address the following items for us to continue your app’s verification:
You are required to complete a CASA Tier 2 security assessment for your application (project number: xxxxxxxxxxx) by the following date: 2024-09-10. This assessment is required annually; to learn more, please visit the CASA website.
CASA assessment is done on a "first-come-first-serve" basis. This can take up to 6 weeks depending on how engaged and responsive you are in the whole process. Hence we strongly suggest you get started with the assessment as soon as possible. To know how, please read the instructions below.
You have the following options to complete your assessment:
1 - Tier 2 Authorized Lab Scan
For your Tier 2 CASA assessment you may contact our CASA authorized preferred partner TAC Security, with whom we have negotiated a discounted rate for Tier 2 CASA assessments. Alternatively, you may also contact any other CASA authorized lab to conduct your Tier 2 CASA Assessment.
2 - Tier 3 CASA Assessment
You can also opt-in to complete a Tier 3 assessment, by contacting CASA authorized TAC Security, or any other CASA authorized lab.
CASA Tier 3 is a comprehensive assessment that tests the application, the application deployment infrastructure and any user data storage location.
Tier 3 assessments have the following benefits:
Conducted and validated by the authorized labs giving your application high assurance of compliance with CASA standard
If your application is listed on the Google WorkSpace Marketplace you will receive an independent security verification badge
For any questions on the Tier 2 or Tier 3 Authorized Lab Scan/Assessment, or if you need a due date extension, please reach out to your CASA authorized lab.
Useful resources
Refer to the following documentation for more information:
CASA Website
CASA Tiering
Other Tiers Process
Important! Once you have addressed the issues above, reply directly to this email to confirm. You must reply to this email after fixing the highlighted issues to continue with the app verification process.
Need to make changes to your verification request?
Please make direct changes on the Cloud Console. Save and submit the changes when finished.
No longer need access to these scopes?
Please reply to this email to cancel the verification request.
Need other help?
For more information on OAuth Verification, you can read the terms or policies for the APIs or products your app uses, as well as the following resources:
Link to OAuth Verification FAQ
Thank you,
The Third Party Data Safety Team
|
|
|
|
Back to Top |
|
|
Igor AfterLogic Support
Joined: 24 June 2008 Location: United States
Online Status: Online Posts: 6104
|
Posted: 13 June 2024 at 1:12am | IP Logged
|
|
|
If you're looking for an alternative to OAuth2, I can only think of the use of app passwords - however, such an option requires the use of 2-Step Verification. Frankly, never tried such a combination myself, but still it's worth a shot.
--
Regards,
Igor, Afterlogic
|
Back to Top |
|
|
juris Groupie
Joined: 27 June 2011 Location: Italy
Online Status: Offline Posts: 72
|
Posted: 13 June 2024 at 2:23am | IP Logged
|
|
|
Hi Igor,
Can you provide a C# code example for me and other MailBeee users? Google has opened a review for all projects. I think an example can be useful for everyone.
Regards Lello
|
Back to Top |
|
|
Igor AfterLogic Support
Joined: 24 June 2008 Location: United States
Online Status: Online Posts: 6104
|
Posted: 13 June 2024 at 2:28am | IP Logged
|
|
|
With app password enabled, it would be the exact same way you'd authenticate with username and password on any other IMAP server, except a special password is used instead of the email account's password, for example Imap.Login Method. With 2-step verification enabled, however, I'm not sure that's going to work non-interactively.
--
Regards,
Igor, Afterlogic
|
Back to Top |
|
|
juris Groupie
Joined: 27 June 2011 Location: Italy
Online Status: Offline Posts: 72
|
Posted: 13 June 2024 at 10:41pm | IP Logged
|
|
|
16-digit passcode only appears with mobile apps. 16-digit passcode does not appear with desktop applications (windows browsers). Do you have any other idea?
Quote:
If you’ve set up 2-Step Verification but can’t find the option to add an app password, it might be because:
Your Google Account has 2-Step Verification set up only for security keys.
You’re logged into a work, school, or another organization account.
Your Google Account has Advanced Protection.
|
|
|
|
Back to Top |
|
|
Igor AfterLogic Support
Joined: 24 June 2008 Location: United States
Online Status: Online Posts: 6104
|
Posted: 13 June 2024 at 11:54pm | IP Logged
|
|
|
I see, seems OAuth2 remains the only option then. Unfortunately, I don't think there's a way around using "https://mail.google.com/" scope as long as you require IMAP and SMTP access to Gmail account. Perhaps, going along with the security assessment is still worth it, this discussion thread may offer some valuable pointers. Thank you.
--
Regards,
Igor, Afterlogic
|
Back to Top |
|
|
juris Groupie
Joined: 27 June 2011 Location: Italy
Online Status: Offline Posts: 72
|
Posted: 14 June 2024 at 12:50am | IP Logged
|
|
|
Is it possible to Login in using a Google backup code (11 digits)?
I tried but it doesn't work.
Quote:
AuthenticationMethods authMethods = checkBoxTrySecureAuth.Checked ? AuthenticationMethods.Auto : AuthenticationMethods.Regular;
await imp.LoginAsync(textBoxImapUser.Text, BACKUP_CODE_11_DIGITS, authMethods);
|
|
|
|
Back to Top |
|
|
Igor AfterLogic Support
Joined: 24 June 2008 Location: United States
Online Status: Online Posts: 6104
|
Posted: 14 June 2024 at 12:54am | IP Logged
|
|
|
Per my understanding, backup codes don't do the authentication, they can only be used if you no longer have access to 2-Step Verification and need to skip that one. So you would still need to authenticate the usual way.
--
Regards,
Igor, Afterlogic
|
Back to Top |
|
|
juris Groupie
Joined: 27 June 2011 Location: Italy
Online Status: Offline Posts: 72
|
Posted: 14 June 2024 at 5:01am | IP Logged
|
|
|
This operation must be done from a mobile device otherwise "App Password" will not appear
Igor wrote:
If you're looking for an alternative to OAuth2, I can only think of the use of app passwords - however, such an option requires the use of 2-Step Verification. Frankly, never tried such a combination myself, but still it's worth a shot.
--
Regards,
Igor, Afterlogic |
|
|
|
Back to Top |
|
|