Re: oauth to be required for gmail

Gnus development mailing list
 help / color / mirror / Atom feed

From: David Engster <deng@randomsample.de>
To: Robert Pluim <rpluim@gmail.com>
Cc: Bob Newell <bobnewell@bobnewell.net>,  ding@gnus.org
Subject: Re: oauth to be required for gmail
Date: Tue, 17 Dec 2019 18:33:25 +0100	[thread overview]
Message-ID: <87bls6zwka.fsf@randomsample> (raw)
In-Reply-To: <m2sgljtm3a.fsf@gmail.com> (Robert Pluim's message of "Tue, 17 Dec 2019 09:03:53 +0100")

>>>>>> On Mon, 16 Dec 2019 09:48:58 -1000, Bob Newell <bobnewell@bobnewell.net> said:
>
>     Bob> Aloha,
>     Bob> I'm sure many of you received Google's email this morning
>     Bob> announcing an eventual end to non-oauth access to gmail. There
>     Bob> are various dates starting in February 2020 and extending into
>     Bob> 2021 depending on the situation, but this will pose a problem
>     Bob> for those of us who rely on directly sending/receiving with
>     Bob> gmail via gnus.
>
>     Bob> Note I'm not talking about offline/download solutions but
>     Bob> direct access through gnus.
>
>     Bob> There is gnus-gmail-oauth.el on github, almost four years
>     Bob> old. I haven't tried it and it may not work for both sending
>     Bob> and receiving. Perhaps there are other things.
>
> I think the canonical package for doing this is
> <https://github.com/ccrusius/auth-source-xoauth2>, although I haven't
> tried it yet.

There is the 'oauth2' package in ELPA. I use it for org-caldav and it
works fine.

The problem with OAuth2 is not the technical side, which is pretty easy
to do. The problem is that OAuth2 allows the serving side to control
which application may access their services. They may forbid it
entirely, or they may limit the API access depending on the application.
They can do this since you need to register your application (in this
case with Google), and you get a "client ID" and "client secret" with
which your application identifies itself. AFAIK, for accessing GMail,
you even need to go through an additional verification process to get
full access.

Of course, the "client secret" is pointless if you openly put it into
your source, so there is no way to register an "official" client
ID/secret for Gnus which anyone could use. Last I checked, publishing
the client secret would be considered a violation of Google's services,
with all consequences this may imply (terminating the developer's
account, etc.). So usually, each user needs to register the application
separately; this works for org-caldav, since the CalDAV API does not
require additional verification, but this may very well be different for
the Mail API. It's been some time since I dealt with this, so maybe
things have gotten better in the meantime.

-David

next prev parent reply	other threads:[~2019-12-17 17:33 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-16 19:48 Bob Newell
2019-12-16 20:49 ` Florian Weimer
2019-12-16 22:45   ` Bob Newell
2019-12-17  0:17     ` Jude DaShiell
2019-12-17  5:40   ` Pankaj Jangid
2019-12-18  5:52     ` 황병희
2019-12-21 10:26       ` Florian Weimer
2019-12-21 10:50         ` 황병희
2019-12-16 22:46 ` Bob Newell
2019-12-17  8:03 ` Robert Pluim
2019-12-17 17:11   ` Lars Ingebrigtsen
2019-12-17 17:41     ` David Engster
2019-12-18  5:31       ` Bob Newell
2019-12-23 10:50       ` Florian Weimer
2019-12-18  7:07     ` David Engster
2019-12-23 10:59       ` Florian Weimer
2019-12-23 12:09         ` David Engster
2019-12-24  5:16           ` Bob Newell
2019-12-24 16:53             ` Lars Ingebrigtsen
2019-12-26  7:03               ` Steinar Bang
2019-12-28 20:43                 ` Jouni K. Seppänen
2019-12-26 10:04             ` David Engster
2020-01-07 17:07           ` Jorge A. Alfaro-Murillo
2020-01-07 18:44             ` Eric Abrahamsen
2020-01-07 19:52             ` David Engster
2020-01-08  3:24               ` Pankaj Jangid
2020-01-08  3:28               ` Pankaj Jangid
2019-12-17 17:33   ` David Engster [this message]
2020-08-03  3:19 ` just ping (Was: Re: oauth to be required for gmail) 황병희
2020-08-06 12:35   ` just ping 황병희

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87bls6zwka.fsf@randomsample \
    --to=deng@randomsample.de \
    --cc=bobnewell@bobnewell.net \
    --cc=ding@gnus.org \
    --cc=rpluim@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).