From: Matthew Ogilvie <mmogilvi+fml@zoho.com>
Date: Sat, 3 Jun 2017 17:57:22 -0600
Subject: FAQ: list gmail options including oauthbearer and app password
Git-repo: https://gitlab.com/fetchmail/fetchmail.git
Git-commit: dbeee6a0c0fc5392953f38d6f0dcffdeeb8ae141

---
 fetchmail-FAQ.html |   24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

Index: fetchmail-6.5.1/fetchmail-FAQ.html
===================================================================
--- fetchmail-6.5.1.orig/fetchmail-FAQ.html
+++ fetchmail-6.5.1/fetchmail-FAQ.html
@@ -1956,12 +1956,28 @@ authentication schemes based on OAuth 2.
 users to jump through quite a few hoops, and use web browsers for
 signing in, and software vendors to hand in their software for
 sometimes paid reviews. Such is not going to happen for fetchmail.
+ 
+If this hinders access to your account through fetchmail, you have some
+options:</p>
+<ul>
+  <li>You can generate and use an
+      <a href="https://support.google.com/accounts/answer/185833">App Password</a>.
+      This is probably best unless you are on a "G-Suite" account and the
+      administrator has disabled this option.</li>
+  <li>You can use separate tools to generate and renew oauth2 access
+      tokens.  Then configure fetchmail to use "auth oauthbearer" and use
+      a current access token as the password.  See comments and --help in
+      contrib/fetchmail-oauth2.py from the fetchmail source tree
+      for more information.  This is derived from Google's
+      <a href="https://github.com/google/gmail-oauth2-tools/wiki/OAuth2DotPyRunThrough">OAuth2DotPyRunThrough</a>,
+      associated code, RFC-7628, and RFC-6750.</li>
+  <li>You may turn on access for "less secure apps" at
+      <a href="https://www.google.com/settings/security/lesssecureapps">https://www.google.com/settings/security/lesssecureapps</a>,
+      or see <a href="https://support.google.com/accounts/answer/6010255">https://support.google.com/accounts/answer/6010255</a>.
+      But G-suite administrators are more likely to have disabled
+      this option than "App Password"s.</li>
+</ul>
 
-If this hinders access to your account through fetchmail, you may
-need to turn on access for "less secure apps", or create an application or service specific password.
-	       
-For Google, this - at some point in time - used to live at <a
-    href="https://myaccount.google.com/lesssecureapps">https://myaccount.google.com/lesssecureapps</a>.<br/>
 It is disputable whether an application that does not include web
 browsing capabilities or heavy-weight libraries is "less secure" as
 Google claims.</p>