Joomla Gmail Authentication Plugin

Since version 1.5, the Joomla CMS contains a Gmail authentication plugin. Its main purpose was to illustrate how you can build a Joomla authentication plugin for an external service with a ‘real world’ example. The web has changed dramatically since then, but not this plugin. The technique the plugin is using is not anymore state of the art and less secure.

Nowadays applications should authorize on Google through the OAuth 2.0 protocol. But the plugin uses Basic authentication where the username and password are sent in plain text. Google has disabled that authentication method per default in 2014. If you want to take the risk, then you actually have to enable a setting on your account by accepting "Less secure apps" as described here.

In our Extensions Directory you will find many plugins which do offer login functionality for Google or social media platforms like Facebook or Twitter. They use the latest standards for a secure authentication and offer more possibilities and configuration options as the Gmail plugin does. So we invite our users to start switching to another authentication method as soon as they can.

Considering all the points above and our commitment to provide a secure CMS by not supporting an extension that forces you to enable less security, it is a logical step to remove the Gmail plugin as of Joomla 4.0.