[Users] Making auth easier: OAuth 2.0 for Google APIs

Jerry jerry at seibercom.net
Sun Feb 4 22:17:56 CET 2018


On Sun, 4 Feb 2018 21:43:51 +0100, Andrej Kacian stated:

>On Sun, 4 Feb 2018 06:06:47 -0500
>Jerry <jerry at seibercom.net> wrote:
>
>> I know it has been asked before; however, I was wondering if there was any
>> interest in adapting claws-mail to use the two part authentication as
>> described by Google here:
>> https://developers.googleblog.com/2011/03/making-auth-easier-oauth-20-for-google.html
>> 
>> Microsoft has apparently added support for it:
>> https://thenextweb.com/microsoft/2013/09/12/microsoft-finally-adds-imap-and-oauth-support-to-outlook-com/
>> 
>> Yahoo has stated that they are going to soon be blocking MUAs that don't
>> employ it.
>>   
>
>From Wikipedia:
>
>"Because OAuth 2.0 is more of a framework than a defined protocol, one
> OAuth 2.0 implementation is less likely to be naturally interoperable
> with another OAuth 2.0 implementation. Further deployment profiling and
> specification is required for any interoperability."
>
>This fact alone makes OAuth smell very bad to me. If we were to add
>OAuth support, it would have to be implemented differently for each
>provider (Google, Microsoft, my own mailserver if I decided to
>implement OAuth for it, Yahoo, ...), which is utter madness.
>
>I'm not against having this implemented (hopefully in a plugin), but
>I'm definitely not planning to go anywhere near it.

There does appear to be a standard <https://oauth.net/2/>, although I am not
sure how closely it is adhered to.

https://tools.ietf.org/html/draft-ietf-oauth-v2-10

-- 
Jerry



More information about the Users mailing list