[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Making GNUS continue to work with Gmail

From: David De La Harpe Golden
Subject: Re: Making GNUS continue to work with Gmail
Date: Sun, 16 Aug 2020 18:23:18 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0

On 15/08/2020 20:39, Cesar Crusius wrote:

 From what I've seen from Kmail/Kontact/KPim/etc replies, (a) and (b) is exactly what they are 
doing, and there's no way around this. The only question is how to achieve those in a way that is 
compatible with both Google terms and FSF requirements, if there is such a way. Thunderbird 
"achieves" (b) by having "secret" keys in source code. I don't know what the K* 
applications do, it did not seem to be specified in their discussions.

For the morbidly curious like myself:

N.B. I'm far from familiar with the sprawling KDE sources in general, but it's freely licensed (LGPL), so had a quick look.

Anyway, their source-embedded static values were trivial to locate at time of writing:




The referenced kde KGAPI component (implements enough oauth2 to work against google) appears to be use the spawn-transient-http-server-on-localhost redirect_uri approach/trick to pick up the authorization code (to convert to access+refresh tokens with second request). Don't seem to be doing code_challenge/code_verifier i.e. pkce /rfc7636 yet (presumably should). To make the request they actually currently appear to use / still use embedded webview, not delegating to user's browser, in contrast to recent https://tools.ietf.org/html/rfc8252#section-8.12

(skipping pkce and embedded webview may be "grandfathered in", can well imagine google and other providers frowning on it for newly-issued app client ids)


code req to auth endpoint


code response receipt


code->token req to token endpoint


token response processed


reply via email to

[Prev in Thread] Current Thread [Next in Thread]