bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#41386: 28.0.50; Gnus nnimap OAuth 2.0 support

From: Lars Ingebrigtsen
Subject: bug#41386: 28.0.50; Gnus nnimap OAuth 2.0 support
Date: Tue, 19 May 2020 18:12:43 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) 
Thomas Fitzsimmons <fitzsim@fitzsim.org> writes:

> I suppose it depends on what Google wants during the registration
> process; I've never tried this registration process before so I don't
> know what's involved.

You register a developer account (with your name and address and stuff),
and you then register an application.  Everybody connecting to Gmail
will use this application ID, so you are "responsible" in some degree
for the users of your application.  Rate-limiting, for instance, are
based on the application ID.

> OK, maybe Google could relax the secrecy requirement for Emacs though,
> since I'd hope they'd be sufficiently Free-Software-friendly to work
> something out.  I assume, given what Thunderbird is doing, that the
> secrecy requirement isn't something fundamental to OAuth 2.0's security.

It is.  OAuth login without secrets isn't any more secure than normal
user name/password logins, so making apps run through these hoops is
just obfuscation.  It's obvious what Google's end game here is: They
will stop IMAP access altogether to Gmail as soon as they are able to
without losing too many of the users.

This OAuth 2.0 stuff is just a sop they can point people towards while
they're closing off access to their walled garden: "See!  We're still
open!"  And people bite.  Some hackernews commented something like "I
don't see why people are complaining...  they just have to run a
script..."

The only solution here is to leave Gmail.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
reply via email to
[Prev in Thread] Current Thread [Next in Thread]