[Users] Making auth easier: OAuth 2.0 for Google APIs
Andrej Kacian
ticho at claws-mail.org
Sun Feb 4 21:43:51 CET 2018
On Sun, 4 Feb 2018 06:06:47 -0500
Jerry <jerry at seibercom.net> wrote:
> I know it has been asked before; however, I was wondering if there was any
> interest in adapting claws-mail to use the two part authentication as
> described by Google here:
> https://developers.googleblog.com/2011/03/making-auth-easier-oauth-20-for-google.html
>
> Microsoft has apparently added support for it:
> https://thenextweb.com/microsoft/2013/09/12/microsoft-finally-adds-imap-and-oauth-support-to-outlook-com/
>
> Yahoo has stated that they are going to soon be blocking MUAs that don't
> employ it.
>
>From Wikipedia:
"Because OAuth 2.0 is more of a framework than a defined protocol, one
OAuth 2.0 implementation is less likely to be naturally interoperable
with another OAuth 2.0 implementation. Further deployment profiling and
specification is required for any interoperability."
This fact alone makes OAuth smell very bad to me. If we were to add
OAuth support, it would have to be implemented differently for each
provider (Google, Microsoft, my own mailserver if I decided to
implement OAuth for it, Yahoo, ...), which is utter madness.
I'm not against having this implemented (hopefully in a plugin), but
I'm definitely not planning to go anywhere near it.
Regards,
--
Andrej
More information about the Users
mailing list