Nodemailer: response: '535-5.7.8 Username and Password not accepted

Question

With the shut down of Less secure apps by Google on May 30, 2022, using Gmail with nodemailer now throws an error that says response: '535-5.7.8 Username and Password not accepted. Learn more at\n' + '535 5.7.8 https://support.google.com/mail/?p=BadCredentials. The Nodemailer docs appears to not be updated yet regarding this issue of Less secure apps but suggest to use another delivery provider. I used to just turn on LSA, store the credentials in an environment variable and let nodemailer do its thing, with this change, how can one still use gmail with nodemailer? There are no youtube tutorials to fix this yet and looking at the google documentation, it doesn't show nodemailer

score 26 · Accepted Answer · edited Jun 03 '22 at 02:53

26

Solved it by creating App password inside Google account. You must have 2-step verification actived.

2-step actived

App password created

edited Jun 03 '22 at 02:53

Jeremy Caney

7,102
69
48
77

answered Jun 02 '22 at 19:43

Gustavo Pinto

466
4
7

Have you tested that this works? The point of this change is that google doesnt want us using login and password to access users accounts. the better option is to use Xoauth2 – Linda Lawton - DaImTo Jun 02 '22 at 21:09
Yes i did the test, have around 4 apis, after the correction all are fine – Gustavo Pinto Jun 02 '22 at 21:14
@GustavoPinto have tested and implemented it. It works. Thanks dude – Nugget Jun 05 '22 at 06:39
@GustavoPinto It works by replacing the old with the new -16 characters- generated app password. Thanks for troubleshooting this! – George Gotsidis Jun 08 '22 at 06:11
Another tip. App passwords cannot be seen until you have already activated the 2-step verification. It appears below it after – Nugget Jun 09 '22 at 02:41

Abdul Haseeb · Answer 2 · 2022-08-11T22:42:58.663

3

Open Mail > Settings > See all Settings > Forwarding and POP/IMAP.
Enable POP download: & Enable IMAP access: (then save the settings). Mail Settings Image
Open Your Gmail Account > security > 2-step verification(enable it).
Go to App Passwords > select device > select app(you can create any custom app).
Copy App Password and use it in your application.

edited Aug 11 '22 at 22:42

answered Aug 11 '22 at 22:39

Abdul Haseeb

31
3

score 2 · Answer 3 · answered Jun 02 '22 at 21:12

2

You should look into xoauth Nodemailer appears to support serval oauth options

let transporter = nodemailer.createTransport({
  host: "smtp.gmail.com",
  port: 465,
  secure: true,
  auth: {
    type: "OAuth2",
    user: "user@example.com",
    clientId: "000000000000-xxx0.apps.googleusercontent.com",
    clientSecret: "XxxxxXXxX0xxxxxxxx0XXxX0",
    refreshToken: "1/XXxXxsss-xxxXXXXXxXxx0XXXxxXXx0x00xxx",
    accessToken: "ya29.Xx_XX0xxxxx-xX0X0XxXXxXxXXXxX0x",
    expires: 1484314697598,
  },
});

answered Jun 02 '22 at 21:12

Linda Lawton - DaImTo

106,405
32
180
449

1

I used OAuth2 to solve the issue I followed this tutorial https://dev.to/chandrapantachhetri/sending-emails-securely-using-node-js-nodemailer-smtp-gmail-and-oauth2-g3a – zribi yacine Jun 08 '22 at 20:54
Xoauth2 is the more secure option really. There is no telling how long apps password will continue to work. Im happy you got it working – Linda Lawton - DaImTo Jun 09 '22 at 06:32

Nodemailer: response: '535-5.7.8 Username and Password not accepted

3 Answers3

Linked

Related