Goals Achieved

• Enhanced the type of message in webview using Type predicates.
• Added predefined imap default configurations for some email services.
• Parsing email and returning the default configuration object appropriate for the type of email provider to make an IMAP connection.
• Dealing with the email that starts or ends with a space.
• Dealing with the email that was written in uppercase.
• Added unit test env (JEST) and tested emailParser function.

Next week

• install IMAP and its requirements and make the first IMAP connection in the plugin.
• Add the manual connection screen.

what happened to the challenges of OAuth?

Until now:

I found there are a number of limitations, specifically in Javascript apps (to get refresh token and other things), so I will be replaced by the App Passwords mechanism. It simply generates a 16-character password for external applications through which to gain access permission.

App-passwords1808×818 66.9 KB

Thus, we can easily monitor mailboxes because there is no expiration time and the password can also be revoked if the user wants this.

For testing this mechanism, I created an email in Gmail, Yahoo, Outlook, AOL, Zoho, and Yandex and successfully connected to IMAP.

without lowering security settings in the email account?

This mechanism has been created because when entering the original password, sometimes it can be dangerous.
Therefore, it gives you another password for external programs and the ability to revoke this password if you want and some email providers like gmail require the user to have 2-Step Verification turned on to increase security.

However, some providers, such as Outlook, do not have any issues with using the original password, so Outlook users can just put in their email and password and connect to the plugin without generating the app password.

This mechanism is the official method that email service providers follow to link more than one account to one account.

just want to double check, I0m referring to Less secure apps & your Google Account - Google Account Help

I mentioned this problem in my proposal in the Gmail problem section. Gmail no longer supports less secure apps (which ask the user to enter the master password) but solves this problem as I explained above by using app passwords. I tested this mechanism and it works very well.

were are speaking about the same things, wanted to double check if it is secure for all mail providers

email providers that I used to test the IMAP connection, I don't see any security problems when taking the generated password and the user can also revoke this password.

But I will recheck if there is a security problem that will occur with any of the providers.

thx, it is appreciated. Better double check than figuring later, that there is a security flaw