SMTP Setup (Gmail & App Passwords)
Configure SMTP correctly for email OTP and password reset flows.
Email-based OTP and password reset flows in Tzylo Auth CE rely on SMTP. Incorrect SMTP configuration is one of the most common setup issues.
This guide explains how to configure SMTP correctly, with a focus on Gmail and app passwords.
When SMTP is needed
SMTP configuration is required for:
- Email OTP login
- Account verification
- Password reset flows
If you do not use these features, SMTP is not required.
Why your Gmail password does not work
Gmail does not allow regular account passwords to be used for SMTP access.
Even if your email and password are correct, Gmail will reject the login.
This is a security restriction enforced by Google.
What is an App Password?
An App Password is a special password generated by Google for applications that need SMTP access.
- Always 16 characters long
- Different from your Gmail account password
- Can be revoked at any time
How to generate a Gmail App Password
- Enable 2-Step Verification on your Google account
- Go to Google Account → Security → App passwords
- Select app: Mail
- Select device: Other
- Generate the password
Google will generate a 16-character password. This is the value you must use as SMTP_PASSWORD.
SMTP environment variables
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_USERNAME=your-email@gmail.com
SMTP_PASSWORD=abcd efgh ijkl mnopSpaces in the app password are optional and can be removed.
Common SMTP errors
- Authentication failed → wrong password or not an app password
- Connection timeout → outbound SMTP blocked
- Emails not received → check spam folder
Testing tips
- Use a separate email account for testing
- Start with password reset flow to verify delivery
- Check server logs for SMTP errors