Organization Mail configuration
How to setup Oauth2 on your Gmail account so that Tint is able to send emails on your behalf.
Tint is using Oauth2 to authenticate to your email service and send emails on your behalf. Yet, it requires you share with us some OAuth2 credentials for your email account, including a clientId, a clientSecret and a refresh token.

Creating a new app

To start go to Google Cloud Console. Make sure you are logged with the mail you want Tint to use. Select a Project in the top menu. Depending on if you have already created a project or not, the text might be different but the drop-down menu should be there.
When clicking on the drop-down you should see this screen:
Here enter the name you wish like tint-mail (for this example we will use mail-demo), and select your organization and location if the default ones are not correct. Click Create.
You will have an empty project:
Click on API & Services and select OAuth consent screen on the left side.
Set User Type to internal. You want only members of your organization to be able to connect to this application to generate OAuth token. Click on Create.
Here enter the app name: you can use your project name here. You must also fill out the support mail and the Developer contact information. Since this app will be internal and only used to generate credentials for Tint, it does not really matter.
Do not add any app domain or authorized domain. Click on SAVE AND CONTINUE
Next, we need to add the scope of the application (the actions that Tint will be able to perform with your credentials).
Here you want to add the scope to handle mail. This scope does not appear in the table so you need to add it manually. Type in the bottom input and click on ADD TO TABLE.
The scope to handle mail will be added to the table and automatically selected:
In order to be able to send mails using SMTP, we need the full right on the mails.
Click on UPDATE
You will see the summary of the consent screen configuration:

Setup OAuth credentials

Next, go to the Credentials page:
Here click on CREATE CREDENTIALS then OAuth client ID.
Set the application type to Web application, and set the name you want like `Tint Mail`. Add as the authorized redirect URI. We will use OAuth playground to generate the refresh token later.
Click on CREATE
A modal will appear with the app client ID and client Secret: save those.
Click OK to finalize the OAuth application.

Getting OAuth Refresh Token

Next, you need to use Google OAuth playground to connect to your app and generate a refresh token.
Here, type the scope of your app ( in the Input your own scopes input next to the Authorize APIs button.
Next click on the cog button to configure the OAuth credential.
Tick Use Your own Oauth Credentials and enter the client ID and client secret you got when you created the app credentials. Then click on the Authorize Apis button.
You will see google's authentification modal. Connect using the same google account you set up the app on. Then click on Allow to give access to the app:
You will go to Step 2 with the Authorization Token filled, just click on Exchange authorization code for tokens to get the refresh token. We do not need the authorization token nor the access token.
Now that you have the client ID, client secret, and refresh token, transfer them to us along with the email of the account. These credentials are sensitive information since they allow those who know them to send mail on your behalf. To securely send them to us you can use to generate a one-time link that you can paste into our slack channel.
With these credentials, Tint will now be able to authenticate and send mail on your behalf. At any moment you are able to revoke our access by either deleting the app, the credential, or simply by resetting the client secret from the google cloud console.