[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Making GNUS continue to work with Gmail

From: David Engster
Subject: Re: Making GNUS continue to work with Gmail
Date: Thu, 13 Aug 2020 19:40:50 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.91 (gnu/linux)

> Google do appear to recognise and accept such
> desktop app hardcoded static client ids and "secrets" they issue
> aren't actually secret in this case, just some bits anyone can easily
> snaffle e.g.
> https://developers.google.com/identity/protocols/oauth2/native-app
> """
> Note: incremental authorization with installed apps is not supported
> due to the fact that the client cannot keep the client_secret
> confidential.
> """

Yes, they aknowledge this fact. And yet they explicitly forbid embedding
these secrets into (F)OSS applications. See


Section 4b, first paragraph.

So what Thunderbird and many other applications do is against these
terms of service. Google can at any point revoke the client id and ban
the corresponding developer account.

Maybe the FSF should simply register a client id and secret and make it
public for any GPL application to use.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]