What mechanism does Gmail use for user authentication?

Ali Ahmed picture Ali Ahmed · Jul 22, 2011 · Viewed 33.6k times · Source

I want to authenticate myself using my Gmail ID and password on a Gmail SMTP server. I am using the GSASL library. I have a set of mechanisms that my client supports: Anonymous, External, Login, Plain, SecureID, Digest-MD5 and CRAM-MD5. Does somebody know which mechanism Gmail uses for user authentication?

Answer

james.garriss picture james.garriss · Jan 7, 2013

To find out what authentication mechanisms an SMTP server supports, send the EHLO command. If you haven't built your own SMTP client yet, you can test this using TELNET. The server will respond with the ESMTP extensions that it supports, including AUTH. For example, if you send the EHLO command to smtp.gmail.com, you will find that it currently supports 4 mechanisms:

SERVER: 220 mx.google.com ESMTP c10sm612924yhk.4
CLIENT: EHLO AR93684-PC.local
SERVER: 250-mx.google.com at your service, [75.189.236.125]
SERVER: 250-SIZE 35882577
SERVER: 250-8BITMIME
SERVER: 250-AUTH LOGIN PLAIN XOAUTH XOAUTH2
SERVER: 250 ENHANCEDSTATUSCODES

So the answer to your question is Login, Plain, XOAuth, and XOAuth2.

Note that XOAuth has been deprecated in favor of XOAuth2: https://developers.google.com/accounts/docs/OAuth2