Ok, here goes. (I hope I done everything correctly. It's my first open-source project)
https://github.com/rvk01/google-oauth2You can download it with the button on the lower right ("Download Zip").
I kept my Api-credentials in the test-application but of course when you're going to deploy your application you need to create your own. (The consent screen of Google shows my application title) For testing-purposes you can use the one I kept in frmmain.pas.
You need to put libeay32.dll, libssl32.dll and ssleay32.dll in your project directory (I assume you can get your hands on those).
Then the important file is google_oauth2.pas. It implements a TGoogleOAuth2 class which you can use to get access to someones account.
var
gApi: TGoogleOAuth2;
begin
gApi := TGoogleOAuth2.Create(client_id, client_secret);
gApi.GetAccess([goMail], True); // <- get from file
//...
The true in the GetAccess is that the Access and Refresh_tokens are stored in a file named tokens.dat. If you use false then you'll need to store these tokens yourself and set them accordingly.
var
gApi: TGoogleOAuth2;
begin
gApi := TGoogleOAuth2.Create(client_id, client_secret);
gApi.Refresh_token := my_stored_Refresh_token;
gApi.Access_token := my_stored_Access_token;
gApi.GetAccess([goMail], False); // <- do not use the tokens.dat file
// SAVE THESE TOKENS
my_stored_Refresh_token := gApi.Refresh_token;
my_stored_Access_token := gApi.Access_token;
//...
In the test-app you can press "Get GMail access" and it will store tokens in a file. After that you can change the recipient and press "Send mail". If you do this without doing the "Get GMail access" first it will also do the authentication first. So the "Get GMail access" is not strictly necessary. After that there is no more need for authentication. The tokens are stored and reused until they expire in which case the GetAccess will try to refresh them. In case it fails it will automatically ask for authentication again.
Now that the mechanism is in place to get the access_token you can go on to sending the mail. You wanted to do this with Synapse. The problem with TSMTPSend in Synapse is that it doesn't provide you the ability to issue your own commands during connection build-up.
And for sending mail via smtp.gmail.com you'll need to issue a command AUTH XOAUTH2 <AUTH_TOKEN_base64> during the connect. I made a small class helper to do just that.
After that it was just simply a matter of sending the mail-data and everything should be working ok.
Try the test-application xoauth2_test. I hope everything works correctly.
(P.S. At the moment this is Windows-only. I will be doing some recoding in the future to make it Linux-compatible but at the moment it uses a small Internet Explorer browser to show the user the first time consent screen. The biggest problem with Linux would be to get the user-code after giving consent from the browser-object. If somebody has an idea about that....? I haven't got that much experience with Linux-desktops)