[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#41386: 28.0.50; Gnus nnimap OAuth 2.0 support
|
From: |
Björn Bidar |
|
Subject: |
bug#41386: 28.0.50; Gnus nnimap OAuth 2.0 support |
|
Date: |
Sat, 29 Oct 2022 18:36:41 +0300 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) |
I know this bug is marked as wontfix however more and more providers are
moving to Oauth2, even those that use plain standards like
imap/{cal,card}dav/smpt, thous increasing the importance of Oauth2
support in Gnus.
The main advantage I see is that oauth allows for two factor
authentication and the invalidation of the "password" that the app
stores. The password or token that the app has usually only lasts for a
duration of time and can be invalidated if needed. Like if the person no
loner works for the employer or the device has been stolen.
Some providers like Microsoft require it next year and the employer
can already enforce the use of Oauth2 [1].
The argument "just use another email provider" doesn't really work in
such cases.
SailfishOS recently addeded oauth2 support for Microsoft Oauth and
KDE also does support it[2].
In the case of Microsoft there are no "secrets" that can be stored publicly
just the
application id[3].
Without proper OAuth2 support there is no use for Gnus for such users,
except to try third party solutions that can help.
On Elpa there's oauth2.el which provides Oauth2 support for Emacs. There
are externals who implemented oauth for Gmail[4] and Microsoft 365[5]
through the use of oauth2.el.
However these don't handle the oauth workflow of acquiring the token.
It is possible to try to do that inside emacs or use an external browser
and then catch the response or make the user copy the response address
into Emacs.
The main issue to implement this I think is to have an official "appid"
for Emacs and add the Oauth2 workflow.
I don't know about google right now but for Microsoft 365 this seams
feasible as there's just an appid that can be stored publicly.
Br,
Björn Bidar
---
[1]
https://techcommunity.microsoft.com/t5/exchange-team-blog/improving-security-together/ba-p/805892
[2]
https://invent.kde.org/pim/kdepim-runtime/-/tree/master/resources/ews/ewsclient/auth
[3]
https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
[4] https://github.com/ggervasio/gnus-gmail-oauth/
[5] https://gitlab.com/Binary-Eater/gnus-o365-oauth2/-/tree/master
- bug#41386: 28.0.50; Gnus nnimap OAuth 2.0 support,
Björn Bidar <=