I implemented OAuth2 for SMTP for two providers Google and Microsoft.
It works so far. The only difference is that if I call Microsoft, I'm not allowed/forced to submit a client secret. If I use Google, I'm forced to use a client secret.
As far as I understood, Google sees my application as a confidential client. Microsoft sees me as a public client.
Sadly, I found no way to make my Google protocol also a public client without using a client secret. I found no setting in the Web-GUI of google to do so. And I found no information for my URLs or scopes to call to indicate a public client. Except of the URLs and scopes, the implementation is identical.
What is needed to make my Google app also a public client?