On 2021-09-26, Hokan <hokan.ho...@gmail.com> wrote: > Don't app-specific password act like second passwords and give full > access to your Google account (not just mail)?
When you create the app-specific password it asks what type of app it is. For mine, I selected "mail", so hopefully that only allows acces to mail (haven't tested that). > If so the granularity of oauth access would make it the better > choice. I think the granularity of oauth2 might be finer, but hopefully app-specific passwords are granular enough. > While you may need a GSuite (or whatever they call it now) account > to create the project, once created it can be used outside that > domain, including for a regular gmail account. I don't think that's the domain I'm talking about. I'm talking about the domain name you provide as part of your application's support and privacy URLs when you create the "application" for which you download oauth2 credentials. AFAICT, that's completely unrelated to the Google/GMail account where you're creating the project/application. I read somewhere that if you just use 'localhost' it'll let you slide by. > I created one and use it for regular Gmail and for accounts across > half a dozen Gsuite domains (school, work, nonprofit, personal, > etc.) This email is being sent from Mutt using Oauth2. What did you provide for your application's URLs when you create the application for use with mutt? -- Grant
