|
| From: | Gregory Heytings |
| Subject: | Re: oauth2 support for Emacs email clients |
| Date: | Tue, 03 Aug 2021 09:00:50 +0000 |
A year ago, there was a long thread "Making GNUS continue to work with Gmail". Has there been any progress along these lines?
As far as I know, no.
I am asking because my institution uses MS Outlook. Recently, they have disabled simple password-based authentication in favor of oauth2. Now, using oauth2.el from GNU Elpa, I have got the basics (authentication and authorization) working. This required some ugly configuration within MS Azure. But I am still some distance away from a smooth workflow, say, using Gnus. It is my understanding, that support of oauth2 within the Emacs ecosystem is rather incomplete.
It is not incomplete, it works, but, as you said, it does not work "smoothly" because each users has to do some initial "ugly configuration" with Microsoft Azure or Google Cloud or...
A smooth workflow without that "ugly configuration" would require to register Gnus as an official / approved email client with each email provider, which as far as I can see is not going to happen. For Google, even if Gnus were approved as an approved email client, it would not be possible to use the OAuth credentials obtained at the end of the approval process in Gnus, because doing this is explicitly forbidden by their TOS ( https://developers.google.com/terms ) 4.b.1: "You will keep your credentials confidential and make reasonable efforts to prevent and discourage other API Clients from using your credentials. Developer credentials may not be embedded in open source projects." I did not check what the TOS of Microsoft are, tho.
Someone might agree to take the legal risk to violate these TOS. IANAL, but I observe that no other "small" free software project (e.g. Mutt or Alpine) took that risk. Two larger free software projects (Thunderbird and Kmail) took that risk, but their apps were registered by a legal person, not by a developer.
Say, oauth2.el advises url-http-handle-authentication. More importantly, email clients need to regularly refresh the oauth2 access token.
oauth2.el refreshes tokens automatically, so once the initial ugly configuration is done, everything should work smoothly.
| [Prev in Thread] | Current Thread | [Next in Thread] |