Re: gmail+imap+smtp (oauth2)

[Tim Cross]

Tomas Hlavaty <tom@logand.com> writes:

> On Fri 06 May 2022 at 10:43, Tim Cross <theophilusx@gmail.com> wrote:
>> As I understand it, the key issue regards the application ID. Google's
>> T&C imply this must be kept secret (it is an ID assigned by Google once
>> your application has been approved and is used in the code). Problem
>> being, how can you have that ID be in the code and be secret. 
>
> Is the application id created by google when the oauth2 is configured by
> a university?

No. The application ID is provided by Google once the application has
been approved by them. The flow sort of goes 

1. Register wiht google as a developer. This gives you a developer ID
which yu can use as an application ID. 
2. Develop your application which uses oath2 to connect to google. 
3. Submit your application for approval by google.
4. Once approved, Google gives you an application ID which is used by
your application.
5. Release your application

Problem is, Google T&C require that the application ID is kept secret.
For open source, this is a problem because we cannot add the applicaiton
ID and keep it secret while making the code open source.