From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/88901
Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail
From: David Engster <deng@randomsample.de>
Newsgroups: gmane.emacs.gnus.general
Subject: Re: oauth to be required for gmail
Date: Tue, 17 Dec 2019 18:33:25 +0100
Message-ID: <87bls6zwka.fsf@randomsample>
References: <8736dkhx05.fsf@bobnewell.net> <m2sgljtm3a.fsf@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226";
	logging-data="224607"; mail-complaints-to="usenet@blaine.gmane.org"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)
Cc: Bob Newell <bobnewell@bobnewell.net>,  ding@gnus.org
To: Robert Pluim <rpluim@gmail.com>
Original-X-From: ding-owner+M37104@lists.math.uh.edu Tue Dec 17 18:34:06 2019
Return-path: <ding-owner+M37104@lists.math.uh.edu>
Envelope-to: ding-account@gmane.org
Original-Received: from lists1.math.uh.edu ([129.7.128.208])
	by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.89)
	(envelope-from <ding-owner+M37104@lists.math.uh.edu>)
	id 1ihGjW-000wGU-6r
	for ding-account@gmane.org; Tue, 17 Dec 2019 18:34:06 +0100
Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu)
	by lists1.math.uh.edu with smtp (Exim 4.92.3)
	(envelope-from <ding-owner+M37104@lists.math.uh.edu>)
	id 1ihGjG-00083V-Sn; Tue, 17 Dec 2019 11:33:50 -0600
Original-Received: from mx1.math.uh.edu ([129.7.128.32])
	by lists1.math.uh.edu with esmtps (TLSv1.3:TLS_AES_256_GCM_SHA384:256)
	(Exim 4.92.3)
	(envelope-from <deng@randomsample.de>)
	id 1ihGjD-00080j-J4
	for ding@lists.math.uh.edu; Tue, 17 Dec 2019 11:33:47 -0600
Original-Received: from quimby.gnus.org ([95.216.78.240])
	by mx1.math.uh.edu with esmtps (TLSv1.3:TLS_AES_256_GCM_SHA384:256)
	(Exim 4.92.3)
	(envelope-from <deng@randomsample.de>)
	id 1ihGjC-0002LN-4M
	for ding@lists.math.uh.edu; Tue, 17 Dec 2019 11:33:47 -0600
Original-Received: from randomsample.de ([5.45.97.173])
	by quimby.gnus.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.92)
	(envelope-from <deng@randomsample.de>)
	id 1ihGj5-0002ua-Fc
	for ding@gnus.org; Tue, 17 Dec 2019 18:33:42 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=randomsample.de; s=a;
	h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To:Subject:Cc:To:From; bh=AfZs2JNt7F4XEWuz1gDndRVPll5aI5lNvnTPQbgf0ps=;
	b=Do98Cd5MaLs1+3ZTEvG4JR1iq9N840p7yNZkUUQ+SlNTTYRC6wu2j2l/v6SlgT+9ILyfGu0g1IKVIkd7LoaTiX5PDkKjPPc8ItXdkxYo9k9HeAd4u6GmBo9qA0BW5xwI;
Original-Received: from ip5f5abab0.dynamic.kabel-deutschland.de ([95.90.186.176] helo=void)
	by randomsample.de with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
	(Exim 4.80)
	(envelope-from <deng@randomsample.de>)
	id 1ihGj4-0002TS-Mz; Tue, 17 Dec 2019 18:33:38 +0100
In-Reply-To: <m2sgljtm3a.fsf@gmail.com> (Robert Pluim's message of "Tue, 17
	Dec 2019 09:03:53 +0100")
Mail-Copies-To: never
List-ID: <ding.gnus.org>
Precedence: bulk
Xref: news.gmane.org gmane.emacs.gnus.general:88901
Archived-At: <http://permalink.gmane.org/gmane.emacs.gnus.general/88901>

>>>>>> On Mon, 16 Dec 2019 09:48:58 -1000, Bob Newell <bobnewell@bobnewell.net> said:
>
>     Bob> Aloha,
>     Bob> I'm sure many of you received Google's email this morning
>     Bob> announcing an eventual end to non-oauth access to gmail. There
>     Bob> are various dates starting in February 2020 and extending into
>     Bob> 2021 depending on the situation, but this will pose a problem
>     Bob> for those of us who rely on directly sending/receiving with
>     Bob> gmail via gnus.
>
>     Bob> Note I'm not talking about offline/download solutions but
>     Bob> direct access through gnus.
>
>     Bob> There is gnus-gmail-oauth.el on github, almost four years
>     Bob> old. I haven't tried it and it may not work for both sending
>     Bob> and receiving. Perhaps there are other things.
>
> I think the canonical package for doing this is
> <https://github.com/ccrusius/auth-source-xoauth2>, although I haven't
> tried it yet.

There is the 'oauth2' package in ELPA. I use it for org-caldav and it
works fine.

The problem with OAuth2 is not the technical side, which is pretty easy
to do. The problem is that OAuth2 allows the serving side to control
which application may access their services. They may forbid it
entirely, or they may limit the API access depending on the application.
They can do this since you need to register your application (in this
case with Google), and you get a "client ID" and "client secret" with
which your application identifies itself. AFAIK, for accessing GMail,
you even need to go through an additional verification process to get
full access.

Of course, the "client secret" is pointless if you openly put it into
your source, so there is no way to register an "official" client
ID/secret for Gnus which anyone could use. Last I checked, publishing
the client secret would be considered a violation of Google's services,
with all consequences this may imply (terminating the developer's
account, etc.). So usually, each user needs to register the application
separately; this works for org-caldav, since the CalDAV API does not
require additional verification, but this may very well be different for
the Mail API. It's been some time since I dealt with this, so maybe
things have gotten better in the meantime.

-David