New Security Measures taken by Google concerning “Loopback IP Adresses” or “OAuth out-of-band (oob)”

Question:  I would like to know if Chilkat is affected by the new security measures taken by Google concerning “Loopback IP Adresses” or “OAuth out-of-band (oob)” Answer:   Chilkat does not use “oob”, so it’s not an issue. The loopback address, such as “http://localhost:port/”, remains valid if you define your app in the Google Developers Console as a “Desktop […]

SMTP / Office 365 / OAuth2 : SmtpCmdResp: 535 5.7.3 Authentication unsuccessful

Question: A customer wants to send emails with Office 365 and OAuth2 Authentication. The setup of the application in Azure is OK. It works for one user. For another user we have the following error: SmtpCmdResp: 535 5.7.3 Authentication unsuccessful [****.****] For authentication I use the example: What is surprising is that for the second user on same PC, […]

GMail IMAP OAuth2 – A Walkthrough

This blog post covers from start to finish the process for getting a desktop application working with GMail using the IMAP protocol with OAuth2 authentication. Start here: (1) The first step is to create credentials.  Your app is a desktop application.  HOWEVER, you will be creating credentials as if your app is a web app. See this YouTube video […]

OAuth2 Request Access Token w/ Basic Authentication

Some OAuth2 token endpoints want the Client ID/Client Secret to be included using HTTP Basic Authentication. For example, we can look at the documentation for the GoToMeeting API at You’ll see this under the “2 – Request Access Token”  in the GoTo API documentation linked above: curl -X POST “” \ -H “Authorization: Basic {Base64 Encoded consumerKey and consumerSecret}” […]