From: Tomas Hlavaty <tom@logand.com>
To: Tim Cross <theophilusx@gmail.com>,
Stefan Monnier <monnier@iro.umontreal.ca>
Cc: "Jorge A. Alfaro-Murillo" <jorge@democraciareal.org>,
emacs-devel@gnu.org
Subject: Re: gmail+imap+smtp (oauth2)
Date: Fri, 06 May 2022 18:49:57 +0200 [thread overview]
Message-ID: <874k22r4ga.fsf@logand.com> (raw)
In-Reply-To: <87h762esku.fsf@gmail.com>
On Fri 06 May 2022 at 22:34, Tim Cross <theophilusx@gmail.com> wrote:
> Yes, that is a flaw. However, requiring the application ID to be kept
> secret is really the error - it isn't necessary and doesn't improve the
> security. From what I've read, it was never the intention of the
> designers of oauth that this value be kept secret.
the intention is mentioned on their website:
https://www.oauth.com/oauth2-servers/client-registration/client-id-secret/
The client_id is a public identifier for apps. Even though it’s
public, it’s best that it isn’t guessable by third parties, so many
implementations use something like a 32-character hex string. If the
client ID is guessable, it makes it slightly easier to craft phishing
attacks against arbitrary applications.
people here think about it in terms of programs
but if you think about it in terms of services, this issue disappears
it looks like the authors of oauth2 had services in mind
next prev parent reply other threads:[~2022-05-06 16:49 UTC|newest]
Thread overview: 150+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-03 5:59 gmail+imap+smtp (oauth2) Uwe Brauer
2022-05-03 6:27 ` Jostein Kjønigsen
2022-05-03 20:44 ` Uwe Brauer
2022-05-04 7:22 ` Robert Pluim
2022-05-04 8:43 ` Tim Cross
2022-05-05 12:57 ` Uwe Brauer
2022-05-05 13:48 ` Robert Pluim
2022-05-08 14:36 ` Uwe Brauer
2022-05-08 16:00 ` Robert Pluim
2022-05-08 16:40 ` Uwe Brauer
2022-05-09 8:38 ` Robert Pluim
2022-05-10 6:29 ` Uwe Brauer
2022-05-10 8:13 ` Robert Pluim
2022-06-02 15:15 ` [app password does not work (at the moment)] (was: gmail+imap+smtp (oauth2)) Uwe Brauer
2022-06-02 15:37 ` [SOLVED (magic?)] (was: [app password does not work (at the moment)]) Uwe Brauer
2022-06-03 14:04 ` [SOLVED (magic?)] Robert Pluim
2022-06-06 6:49 ` Uwe Brauer
2022-06-06 7:47 ` Robert Pluim
2022-06-06 18:55 ` [SOLVED (magic?)] (was: [app password does not work (at the moment)]) Tomas Hlavaty
2022-06-06 19:07 ` tomas
2022-06-06 19:37 ` Tomas Hlavaty
2022-06-07 4:35 ` tomas
2022-06-07 5:52 ` Tomas Hlavaty
2022-06-07 7:09 ` [Clarification] (was: [SOLVED (magic?)]) Uwe Brauer
2022-06-07 10:02 ` Yuri Khan
2022-06-07 16:24 ` [Clarification] Uwe Brauer
2022-06-07 7:15 ` [SOLVED (magic?)] (was: [app password does not work (at the moment)]) tomas
2022-06-09 22:30 ` Richard Stallman
2022-06-07 5:44 ` [SOLVED (magic?)] Byung-Hee HWANG
2022-06-07 6:04 ` Tomas Hlavaty
2022-06-07 7:14 ` tomas
2022-06-09 22:29 ` Richard Stallman
2022-06-10 7:43 ` Eli Zaretskii
2022-06-12 0:44 ` Richard Stallman
2022-06-12 5:02 ` tomas
2022-06-15 10:05 ` Richard Stallman
2022-06-09 22:30 ` Richard Stallman
2022-06-07 23:18 ` [SOLVED (magic?)] (was: [app password does not work (at the moment)]) Richard Stallman
2022-05-05 13:56 ` gmail+imap+smtp (oauth2) Tim Cross
2022-05-05 13:58 ` Filipp Gunbin
2022-05-05 20:13 ` Jorge A. Alfaro-Murillo
2022-05-05 21:44 ` Thomas Fitzsimmons
2022-05-06 0:43 ` Tim Cross
2022-05-06 8:01 ` Tomas Hlavaty
2022-05-06 9:04 ` Tim Cross
2022-05-06 11:38 ` Stefan Monnier
2022-05-06 12:02 ` tomas
2022-05-06 12:06 ` Lars Ingebrigtsen
2022-05-06 12:46 ` Stefan Monnier
2022-05-06 13:05 ` Tim Cross
2022-05-11 9:01 ` Richard Stallman
2022-05-11 9:01 ` gmail+imap+smtp (davmail) Richard Stallman
2022-05-11 9:43 ` Eric S Fraga
2022-05-13 15:08 ` Richard Stallman
2022-05-06 12:49 ` gmail+imap+smtp (oauth2) Tim Cross
2022-05-06 13:23 ` Eric S Fraga
2022-05-06 13:40 ` tomas
2022-05-06 12:34 ` Tim Cross
2022-05-06 12:34 ` Tim Cross
2022-05-06 16:49 ` Tomas Hlavaty [this message]
2022-05-06 16:41 ` Tomas Hlavaty
2022-05-06 16:38 ` Tomas Hlavaty
2022-05-06 18:55 ` Tim Cross
2022-05-06 19:57 ` Stefan Monnier
2022-05-08 23:36 ` Richard Stallman
2022-05-09 0:26 ` Tim Cross
2022-05-10 6:53 ` Tomas Hlavaty
2022-05-11 9:04 ` Richard Stallman
2022-05-11 23:38 ` Tomas Hlavaty
2022-05-12 9:16 ` Tomas Hlavaty
2022-05-12 16:51 ` Thomas Fitzsimmons
2022-05-15 23:37 ` Richard Stallman
2022-05-12 7:10 ` Tomas Hlavaty
2022-05-12 9:03 ` Tomas Hlavaty
2022-05-06 23:18 ` Richard Stallman
2022-05-06 10:30 ` Eric S Fraga
2022-05-08 23:37 ` Richard Stallman
2022-05-09 5:13 ` tomas
2022-05-09 12:25 ` Eric S Fraga
2022-05-09 23:20 ` Richard Stallman
2022-05-11 9:47 ` Eric S Fraga
2022-05-13 15:08 ` Richard Stallman
2022-05-12 10:36 ` Richard Stallman
2022-05-13 6:58 ` Eric S Fraga
2022-05-16 23:25 ` Richard Stallman
2022-05-12 14:12 ` Jorge A. Alfaro-Murillo
2022-05-13 8:57 ` Eric S Fraga
2022-05-13 18:49 ` Roland Winkler
2022-05-14 9:57 ` Eric S Fraga
2022-05-05 18:37 ` Richard Stallman
2022-05-05 19:13 ` Stefan Monnier
2022-05-05 19:52 ` Stefan Monnier
2022-05-05 20:10 ` Uwe Brauer
2022-05-06 0:32 ` Tim Cross
2022-05-06 23:18 ` Richard Stallman
2022-05-06 23:42 ` Brian Cully via Emacs development discussions.
2022-05-06 1:46 ` Ihor Radchenko
2022-05-06 23:18 ` Richard Stallman
2022-05-03 23:40 ` Richard Stallman
2022-05-04 2:05 ` Tim Cross
2022-05-04 5:13 ` tomas
2022-05-04 13:34 ` Thomas Fitzsimmons
2022-05-04 14:38 ` Stefan Monnier
2022-05-04 14:58 ` Robert Pluim
2022-05-04 14:48 ` Tim Cross
2022-05-04 15:41 ` Thomas Fitzsimmons
2022-05-05 18:37 ` Richard Stallman
2022-05-06 8:34 ` Tomas Hlavaty
2022-05-06 23:18 ` Richard Stallman
2022-05-07 3:22 ` Tim Cross
2022-05-08 23:35 ` Richard Stallman
2022-05-09 0:01 ` Tim Cross
2022-05-10 7:11 ` Tomas Hlavaty
2022-05-10 7:51 ` Tim Cross
2022-05-10 11:44 ` Tomas Hlavaty
2022-05-10 12:39 ` Tim Cross
2022-05-11 9:52 ` Eric S Fraga
2022-05-11 9:01 ` Richard Stallman
2022-05-11 9:01 ` Richard Stallman
2022-05-11 12:03 ` Tim Cross
2022-05-13 15:10 ` Richard Stallman
2022-05-11 9:01 ` Richard Stallman
2022-05-11 12:33 ` Tim Cross
2022-05-11 14:08 ` Tim Cross
2022-05-14 14:12 ` Richard Stallman
2022-05-13 15:10 ` Richard Stallman
2022-05-14 10:02 ` Eric S Fraga
2022-05-16 23:25 ` Richard Stallman
2022-05-14 21:43 ` chad
2022-05-15 5:04 ` tomas
2022-05-05 18:36 ` Richard Stallman
2022-05-06 0:37 ` Tim Cross
2022-05-04 15:35 ` Óscar Fuentes
2022-05-04 15:48 ` Robert Pluim
2022-05-04 16:01 ` Óscar Fuentes
2022-05-04 16:48 ` Tim Cross
2022-05-05 18:36 ` Richard Stallman
2022-05-05 21:34 ` Brian Cully via Emacs development discussions.
2022-05-05 22:13 ` Stefan Monnier
2022-05-06 23:18 ` Richard Stallman
2022-05-06 0:54 ` Tim Cross
2022-05-06 2:21 ` Brian Cully via Emacs development discussions.
2022-05-06 23:18 ` Richard Stallman
2022-05-06 23:19 ` Richard Stallman
2022-05-06 23:47 ` Brian Cully via Emacs development discussions.
2022-05-04 16:45 ` Tim Cross
2022-05-04 16:33 ` Tim Cross
2022-05-06 23:17 ` Richard Stallman
2022-05-04 17:01 ` Cesar Crusius
2022-05-05 1:57 ` Tim Cross
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874k22r4ga.fsf@logand.com \
--to=tom@logand.com \
--cc=emacs-devel@gnu.org \
--cc=jorge@democraciareal.org \
--cc=monnier@iro.umontreal.ca \
--cc=theophilusx@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).