Xero Redirect URI for OAuth2 and Desktop Apps

This post is about Xero OAuth2 for desktop apps, but the same concepts generally apply to all other applications (REST API apps) using OAuth2. What many developers don’t initially realize (if new to OAuth2) is that an “App” needs to be defined in the developer portal for the service (i.e. Xero in this case).   For Xero, you would login to […]

GMail IMAP OAuth2 – A Walkthrough

This blog post covers from start to finish the process for getting a desktop application working with GMail using the IMAP protocol with OAuth2 authentication. Start here:  https://console.developers.google.com/apis/credentials (1) The first step is to create credentials.  Your app is a desktop application.  HOWEVER, you will be creating credentials as if your app is a web app. See this YouTube video […]

OAuth2 Request Access Token w/ Basic Authentication

Some OAuth2 token endpoints want the Client ID/Client Secret to be included using HTTP Basic Authentication. For example, we can look at the documentation for the GoToMeeting API at https://goto-developer.logmeininc.com/how-get-access-token-and-organizer-key You’ll see this under the “2 – Request Access Token”  in the GoTo API documentation linked above: curl -X POST “https://api.getgo.com/oauth/v2/token” \ -H “Authorization: Basic {Base64 Encoded consumerKey and consumerSecret}” […]

O365 IMAP Authentication: OAuth and MFA Solution

There is much confusion and worry about Microsoft’s plans to disable standard password authentication for the IMAP, and POP3  protocols. Here is the announcement posted on 20-Sept-2019 on the Office 365 blog: https://developer.microsoft.com/en-us/office/blogs/end-of-support-for-basic-authentication-access-to-exchange-online-apis-for-office-365-customers/ Chilkat already supports OAuth2 for the IMAP, POP3, and SMTP protocols. (Microsoft will continue to support basic auth for SMTP)  In all three protocols, an application can […]

Getting OAuth2 Token in Desktop App vs. Web App

Question: I have done some Dataflex development for the UK ‘Making Tax Digital’ functions that require oAuth2 authorisation. I’ve used your example code for the Windows work but I now need to get this working for a Dataflex Web based version. That communication part will all take place from the Web server. Any pointers on how to get oAuth to […]

GMail “Allow Access for Less Secured Apps”

Question: I created a Gmail account and I am SendEmailAsync to send email via that Gmail account through a VB6 program. I had to turn on “allow access for less secured apps” for that Gmail account but otherwise, I am able to get everything working. However, after some weeks of inactivity, Google would automatically turn disable access for less secured […]

Explaining OAuth2.StartAuth

This post explains the OAuth2 flow for desktop apps.   It begins by calling OAuth2.StartAuth. The oauth2.StartAuth method does two things: 1) Returns a URL that should be displayed in a browser. 2) Starts a background thread to receive the redirect callback from the browser. The flow of control is like this: 1) The browser (popped up and displayed by the […]


Question: I am trying to send email via GMail using the SMTP protocol.  I am sending the correct GMail login credentials, but I get this error: … smtpAuthenticate: login_method: LOGIN auth_login: smtpSendGet2: sendCmdToSmtp: SmtpCmdSent: AUTH LOGIN –sendCmdToSmtp readSmtpResponse: SmtpCmdResp: 334 VXNlcm5hbWU6 –readSmtpResponse –smtpSendGet2 sendCmdToSmtp: SmtpCmdSent: *** –sendCmdToSmtp readSmtpResponse: SmtpCmdResp: 334 UGFzc3dvcmQ6 –readSmtpResponse sendCmdToSmtp: SmtpCmdSent: {PasswordOrCredentials} –sendCmdToSmtp readSmtpResponse: SmtpCmdResp: 534-5.7.14 <https://accounts.google.com/signin/continue?sarp=1&scc=1&plt=AKgnsbsG […]

PayPal REST API OAuth2 Authentication

There’s a lot of confusion about exactly what login/password (or clientID/clientSecret) is to be used for obtaining an OAuth2 access token for PayPal REST API calls. PayPal uses simple HTTP Basic authentication (protected by a TLS connection) to obtain an access token.   Using the Chilkat Rest library, your application would provide the credentials in this way (in pseudo-code) rest.SetAuthBasic(“CLIENT_ID”, […]