From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Tomas Hlavaty <tom@logand.com>
Newsgroups: gmane.emacs.devel
Subject: Re: gmail+imap+smtp (oauth2)
Date: Tue, 10 May 2022 13:44:43 +0200
Message-ID: <87k0atmx1w.fsf@logand.com>
References: <87o805q2tm.fsf@logand.com> <87y1z9dcn2.fsf@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="11944"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: rms@gnu.org, fitzsim@fitzsim.org, jostein@kjonigsen.net,
 emacs-devel@gnu.org
To: Tim Cross <theophilusx@gmail.com>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Tue May 10 13:49:09 2022
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1noOMW-0002pZ-Nc
	for ged-emacs-devel@m.gmane-mx.org; Tue, 10 May 2022 13:49:08 +0200
Original-Received: from localhost ([::1]:41582 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1noOMV-0004CJ-Cw
	for ged-emacs-devel@m.gmane-mx.org; Tue, 10 May 2022 07:49:07 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:58812)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <tom@logand.com>) id 1noOIK-0007UY-FY
 for emacs-devel@gnu.org; Tue, 10 May 2022 07:44:48 -0400
Original-Received: from logand.com ([37.48.87.44]:40954)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <tom@logand.com>)
 id 1noOII-0007yW-VQ; Tue, 10 May 2022 07:44:48 -0400
Original-Received: by logand.com (Postfix, from userid 1001)
 id 1369719FF87; Tue, 10 May 2022 13:44:45 +0200 (CEST)
X-Mailer: emacs 27.2 (via feedmail 11-beta-1 I)
In-Reply-To: <87y1z9dcn2.fsf@gmail.com>
Received-SPF: pass client-ip=37.48.87.44; envelope-from=tom@logand.com;
 helo=logand.com
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: "Emacs-devel"
 <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.devel:289578
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/289578>

On Tue 10 May 2022 at 17:51, Tim Cross <theophilusx@gmail.com> wrote:
> Tomas Hlavaty <tom@logand.com> writes:
>> When a school/university demands gmail account
>> and google locks me out of my gmail account,
>> what happens?
>
> When a school/university makes a decision to use Google as their email
> provider, it isn't 'normal' google - it is your school/university's
> email, essentially hosted by google. As such, your institution controls
> access, not google. Google just provides the service to your
> school/university. Often, the setup involves integration with your
> school/university IAM system i.e. your 'identity' (your username) is
> managed by the school/university. This integration makes it easier for
> existing school/university workflows to continue i.e. onboarding of new
> students/staff, removal of accounts when students/staff leave etc. It
> also makes integration with other services, such as on-line LMS (Moodle,
> Blackboard etc) easier as there is just one 'meta directory' of all
> accounts. This is where oauth2 shows its strengths. Your institituion
> essentially becomes a identity provider which Google trusts. When you
> request authorisation credentials, they are provided by your
> institutions IAM system. Your client then submits those authorisation
> credentials to get an access token from Google which you then submit to
> the Google service you want to access (i.e. email).

thank you for the explanation

who is in charge of giving out oauth2 client_id?
does it mean that the university gives out client_id?

is it still google who gives out application id
(the google specific and required additional parameter for the oauth2 client?)

> So, if your locked out, it is because your institution has decided to
> lock you out, not google.

that's good to know