Password handling for gmail login using flask-mail

I am looking to allow users to login with their gmail accounts and send emails from these personal accounts. So far, I have the following code which works properly. Upon startup, an email is sent from the sender to the recipient:

from flask import Flask
from flask_mail import Mail, Message

app = Flask(__name__)

# sender email information configuration
    DEBUG = True,
    MAIL_SERVER = '',
    MAIL_PORT = 587,
    MAIL_USE_TLS = True,
    MAIL_USE_SSL = False,
    MAIL_PASSWORD = 'my_password',

mymail = Mail(app)

def index():
    # outgoing message
    msg = Message("Hello",
        sender=("Me", ""),
        body="This is a test email I sent with Gmail and Python!")
    if __name__ == '__main__':
    # message sent confirmation
    return "Your mail has been sent!"

Now, I want to allow the user to login using their gmail accounts and, upon pressing a button, send out an email. However, I'm not sure how to handle the user's gmail password properly. I read up on bcrypt, but I'm not sure how to implement for this particular application. Thank you.

you mean how to store the user's gmail password without it being a huge security risk?

maybe don't store it. get user to input it and u send the email immediately and never save it again.

also if gmail user has TFA your code probably isn't going to work.

Thanks for your response, Conrad.

Regardless of how/when the user inputs their password, the app config requires the password in plain-text. Is this not true?

Ya there's gotta be a different login for users with TFA, but this is what I'm using for testing purposes for now.

Are you planning to re-write your app config for every user that logs in? I can't see that working very well.

Hi Glenn,

Ok then perhaps I will just use a dedicated do-not-reply email address for my application. Still, when handling my app config, I will need this email password in plain-text, correct? What are the required security measures I should take? Thanks.

Yes, you will need to have the password in plain text. Just don't publish the password on the internet and it will be fine.