[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#41386: 28.0.50; Gnus nnimap OAuth 2.0 support
|
From: |
Thomas Fitzsimmons |
|
Subject: |
bug#41386: 28.0.50; Gnus nnimap OAuth 2.0 support |
|
Date: |
Tue, 19 May 2020 11:37:46 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) |
Lars Ingebrigtsen <larsi@gnus.org> writes:
> Thomas Fitzsimmons <fitzsim@fitzsim.org> writes:
>
>> Is support for OAuth 2.0 -- perhaps via oauth2.el available in GNU ELPA
>> -- something that Gnus could eventually implement? If so, I guess this
>> bug report could be where the idea is discussed.
>
> I don't think there's any way to ship Emacs with built-in oauth2 support
> for doing auth with Gmail -- it requires distributions with API secrets
> and stuff, and there's no secrets in the Emacs distribution.
>
> Or is there a way to do that now? I haven't been paying attention the
> last few months. I remember Thunderbird including some credentials in
> the source code and saying, jokily, "remember, these are secret".
> Somebody would have to register the Emacs "app" with Google, and for
> Emacs, that would have to be the FSF, right? And I don't see that
> happening ever, ideologically.
I suppose it depends on what Google wants during the registration
process; I've never tried this registration process before so I don't
know what's involved. Maybe someone from the FSF could research this?
Maybe a solution could be found for Free Software like Emacs.
Thunderbird is mentioned as a not-less-secure-app, so they seem to have
solved this problem to Thunderbird/Google's satisfaction.
According to communications I've received for my Google "G Suite" email
service, Google plans to change these "less secure app" policies such
that next year they won't allow Gnus to connect using username/password
authentication like it does today.
> But somebody could definitely write a package and put that on MELPA, and
> do the registration, I think? (With the same joke, of course.)
OK, maybe Google could relax the secrecy requirement for Emacs though,
since I'd hope they'd be sufficiently Free-Software-friendly to work
something out. I assume, given what Thunderbird is doing, that the
secrecy requirement isn't something fundamental to OAuth 2.0's security.
Thomas
- bug#41386: 28.0.50; Gnus nnimap OAuth 2.0 support, Thomas Fitzsimmons, 2020/05/18
- bug#41386: 28.0.50; Gnus nnimap OAuth 2.0 support, Lars Ingebrigtsen, 2020/05/19
- bug#41386: 28.0.50; Gnus nnimap OAuth 2.0 support, Noam Postavsky, 2020/05/19
- bug#41386: 28.0.50; Gnus nnimap OAuth 2.0 support,
Thomas Fitzsimmons <=
- bug#41386: 28.0.50; Gnus nnimap OAuth 2.0 support, David Engster, 2020/05/19
- bug#41386: 28.0.50; Gnus nnimap OAuth 2.0 support, Lars Ingebrigtsen, 2020/05/19
- bug#41386: 28.0.50; Gnus nnimap OAuth 2.0 support, Richard Stallman, 2020/05/20
- bug#41386: 28.0.50; Gnus nnimap OAuth 2.0 support, Stefan Kangas, 2020/05/20
- bug#41386: 28.0.50; Gnus nnimap OAuth 2.0 support, Thomas Fitzsimmons, 2020/05/20
- bug#41386: 28.0.50; Gnus nnimap OAuth 2.0 support, Richard Stallman, 2020/05/20
bug#41386: 28.0.50; Gnus nnimap OAuth 2.0 support, Richard Stallman, 2020/05/21
bug#41386: 28.0.50; Gnus nnimap OAuth 2.0 support, Richard Stallman, 2020/05/19