|
| From: | David De La Harpe Golden |
| Subject: | Re: Making GNUS continue to work with Gmail |
| Date: | Sun, 16 Aug 2020 18:23:18 +0100 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0 |
On 15/08/2020 20:39, Cesar Crusius wrote:
From what I've seen from Kmail/Kontact/KPim/etc replies, (a) and (b) is exactly what they are doing, and there's no way around this. The only question is how to achieve those in a way that is compatible with both Google terms and FSF requirements, if there is such a way. Thunderbird "achieves" (b) by having "secret" keys in source code. I don't know what the K* applications do, it did not seem to be specified in their discussions.
For the morbidly curious like myself:N.B. I'm far from familiar with the sprawling KDE sources in general, but it's freely licensed (LGPL), so had a quick look.
Anyway, their source-embedded static values were trivial to locate at time of writing:
https://invent.kde.org/pim/kdepim-runtime/-/blob/master/resources/imap/gmailpasswordrequester.cpp#L16 https://invent.kde.org/pim/kdepim-runtime/-/blob/master/resources/google-groupware/googlesettings.cpp#L143 https://invent.kde.org/pim/kmailtransport/-/blob/master/src/kmailtransport/plugins/smtp/smtpjob.cpp#L32The referenced kde KGAPI component (implements enough oauth2 to work against google) appears to be use the spawn-transient-http-server-on-localhost redirect_uri approach/trick to pick up the authorization code (to convert to access+refresh tokens with second request). Don't seem to be doing code_challenge/code_verifier i.e. pkce /rfc7636 yet (presumably should). To make the request they actually currently appear to use / still use embedded webview, not delegating to user's browser, in contrast to recent https://tools.ietf.org/html/rfc8252#section-8.12
(skipping pkce and embedded webview may be "grandfathered in", can well imagine google and other providers frowning on it for newly-issued app client ids)
https://invent.kde.org/pim/libkgapi/-/blob/master/src/core/ui/authwidget.cpp#L100 code req to auth endpoint https://invent.kde.org/pim/libkgapi/-/blob/master/src/core/ui/authwidget.cpp#L121 code response receipt https://invent.kde.org/pim/libkgapi/-/blob/master/src/core/ui/authwidget_p.cpp#L277 code->token req to token endpoint https://invent.kde.org/pim/libkgapi/-/blob/master/src/core/private/newtokensfetchjob.cpp#L88 token response processed https://invent.kde.org/pim/libkgapi/-/blob/master/src/core/private/newtokensfetchjob.cpp#L124
| [Prev in Thread] | Current Thread | [Next in Thread] |