From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Tim Cross Newsgroups: gmane.emacs.devel Subject: Re: gmail+imap+smtp (oauth2) Date: Thu, 05 May 2022 11:57:58 +1000 Message-ID: <875ymk4tc8.fsf@gmail.com> References: <871qxbdulc.fsf@mat.ucm.es> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="17398"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: mu4e 1.7.13; emacs 28.1.50 Cc: emacs-devel@gnu.org To: Cesar Crusius Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Thu May 05 04:17:20 2022 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nmR3Q-0004Hc-EC for ged-emacs-devel@m.gmane-mx.org; Thu, 05 May 2022 04:17:20 +0200 Original-Received: from localhost ([::1]:58836 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nmR3P-0007X4-6x for ged-emacs-devel@m.gmane-mx.org; Wed, 04 May 2022 22:17:19 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:49950) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nmR2c-0006co-JM for emacs-devel@gnu.org; Wed, 04 May 2022 22:16:30 -0400 Original-Received: from mail-pj1-x1035.google.com ([2607:f8b0:4864:20::1035]:54935) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nmR2a-0003rB-Ta for emacs-devel@gnu.org; Wed, 04 May 2022 22:16:30 -0400 Original-Received: by mail-pj1-x1035.google.com with SMTP id fv2so2883220pjb.4 for ; Wed, 04 May 2022 19:16:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=references:user-agent:from:to:cc:subject:date:in-reply-to :message-id:mime-version; bh=wFgNm4JGKnn39H51+ACQVYQNjXFzPSEruHG+vgEae58=; b=KaHH8NcHUmK1LHLmC2dXbycUZbkHO20YzlpKpE3ATUu2JHVFT3y9ieSTXyrxKxd5zQ Ci8H4KvS8N9CLqNCK/knvQMVdnhbO/k9TOxcSn8keDJnIlJLD9UDy20PJQZBhe9roFPB x1tDxOrm9gUlL/rudhvCmVM0wqW9pJ6RwVCookjAwMkj4x2j8fzaVEJQpxQJox0MfYNa k9gw55eN2IjZE/S9nUHxMJPDU/fe5daQIXw/fNe+iLZEAbv9QVgRMDxs8pPHEHvQaitt zET9kxRcUPMG/w5T6XylhgeabZEBT77M30nrGydFtEwnckW636z44AyY6oYcWDqz5z+n VUSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:references:user-agent:from:to:cc:subject:date :in-reply-to:message-id:mime-version; bh=wFgNm4JGKnn39H51+ACQVYQNjXFzPSEruHG+vgEae58=; b=D1DVCPAD6wCbzKGNG5eHMxbNIK+t4e4leh3ZRh1d+G9Fc9j6XYqX2UduIa7z4OAcEw KYS8tQWGip2GtnPo8rfdFF2Wl72FfcujHKMY+SMsMDLrm4ZfG14/BZtETBQSa7I1voJy LrP3U30U5sDzpEU/32eGG6G8yc9QzQ/aN0akKnoGqjq+eA3KDePrbCsrm+OyaORJoPDZ EfQ8aD2hnbSRqhM0e7TWp4fAXbDThegvLbOiKwyrBMYNAvw9jwDaUHAlaPmDsz8sZddd pgb0kBVPfwxUxXTLMF3QyE1X+BFTY3Ey+8HTjutOX8Lwa7gnQwRKD/vqL3NyMNjy4dhR RDFQ== X-Gm-Message-State: AOAM5339iLrmKRjGVk2bKDn2Qp5h3RwBbG2OgZ7QquNHf+qr/adhBOO/ SPcvmd6C/1GeRGA/8W4iDkq826fkHccH7A== X-Google-Smtp-Source: ABdhPJxeTwcw3UMhikvTi+xhS3CZAD0bJb2o9bKWqxsFOJIpBNuAQyM8Zzc5yVnXEcgcF/BmB/TPGw== X-Received: by 2002:a17:902:7c90:b0:156:255:c571 with SMTP id y16-20020a1709027c9000b001560255c571mr25065453pll.15.1651716986939; Wed, 04 May 2022 19:16:26 -0700 (PDT) Original-Received: from dingbat (220-235-29-41.dyn.iinet.net.au. [220.235.29.41]) by smtp.gmail.com with ESMTPSA id x13-20020a170902820d00b0015e8d4eb1eesm195766pln.56.2022.05.04.19.16.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 May 2022 19:16:26 -0700 (PDT) In-reply-to: Received-SPF: pass client-ip=2607:f8b0:4864:20::1035; envelope-from=theophilusx@gmail.com; helo=mail-pj1-x1035.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:289220 Archived-At: Cesar Crusius writes: > [[PGP Signed Part:Undecided]] > Uwe Brauer writes: > >> Hi >> >> I am forced to use gmail at my university (the features google offer are >> a bit different to the personal accounts) >> and also for some private stuff. >> >> There was a discussion in 2022 about the following issue, but then >> google dropped this subject because of Covid, however now it seems to >> back: >> >> Now google keeps sending me message that from 30th of May 3rd party >> packages cannot connect anymore to imap+smtp via the traditional way. >> >> It is my understanding that it might be possible make emacs (gnus) work >> with gmail under those circumstances, that is using oauth2. >> >> Has anybody got that to work? >> >> If so, can he/she share its setting? > > Google seems to be clamping down on OAuth access methods and those of us using > it to access GMail have been getting a message that our OAuth clients will be > blocked starting October 3rd. This is because we're using "out of bound OAuth2". > From what I can tell, the packages need to be rewritten to be "compliant," and > from what I remember from previous discussions, making them compliant may be a > non-trivial task involving registering an "official" application and so on. >From what I recall from previous discussions, the issue centres around Google's T&C and interpretation of those terms & conditions. Google requires that apps using oauth2 to access their services be approved by them and assigned an application ID. The problem is that the T&C require that the oauth2 tokens must be kept secret. However, this is an issue because you cannot have both open source code and a secret applicaiton ID token embedded in the source code. It has been suggested by some that this is a misintgerpretation of the T&C and that the application ID is possibly not one of the toekns which must remain secret (in which case, it could be embedded in the code). Attempts to get clarification on this point from Google have failed to get a response. This is possibly something the FSF could assist with. In particular, they could get the necessary clarification and if there is a problem, clearly articulate the issues to Google and ask them what their plans/solution is for open source applications. (at this point, I suspect their solution is application passwords).