From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Tim Cross Newsgroups: gmane.emacs.devel Subject: Re: oauth2 support for Emacs email clients Date: Tue, 10 Aug 2021 16:08:56 +1000 Message-ID: References: <52589.36892.953561.24840@gargle.gargle.HOWL> <87pmuofpai.fsf@gnu.org> <87sfzk71xw.fsf@randomsample> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="000000000000e7b9a105c92e56d5" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="21681"; mail-complaints-to="usenet@ciao.gmane.io" Cc: Roland Winkler , David Engster , Emacs developers To: Richard Stallman Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Tue Aug 10 08:10:23 2021 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mDKxz-0005QW-KX for ged-emacs-devel@m.gmane-mx.org; Tue, 10 Aug 2021 08:10:23 +0200 Original-Received: from localhost ([::1]:45560 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mDKxy-0005th-Cl for ged-emacs-devel@m.gmane-mx.org; Tue, 10 Aug 2021 02:10:22 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:39526) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mDKwp-0003TU-5e for emacs-devel@gnu.org; Tue, 10 Aug 2021 02:09:11 -0400 Original-Received: from mail-oi1-x236.google.com ([2607:f8b0:4864:20::236]:39440) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mDKwn-0005eJ-Be; Tue, 10 Aug 2021 02:09:10 -0400 Original-Received: by mail-oi1-x236.google.com with SMTP id bj40so7771316oib.6; Mon, 09 Aug 2021 23:09:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0omP/xvjHALXoZo5UIMZn/zjyq0pp4gx3HrmTzxiHRk=; b=UqvBoZpS3IIbQRC8JAVfpFAxAJqaKSqQGy39RkNSY7wLyUkJRqKj6tHQVPtIE6fnNN Uows7pBY4j53T3FTS8n/5FOx7EA8S+RMaoxF58rKduMUP4AeFj6kW/2EARbyH0APgkTk GAr9XEH126s/S0e9SHEpv9DlYiHlgWw6ypLnQUCdRZxBhfTSdnLQ2T+5uDFBurwvoPAV zl/Z+Q4ZNWbnayoPppqfri7DzSkc8gKeL4vWng6IZT4nr9iFQUcuJP4iEtDSGHfzmm9B qbc6RjGbftMTs2cmbItlJwbuOobI/d6YX25UD+WX8U0M/L6wcDunFMmgqv/ORPAXchgq VlKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0omP/xvjHALXoZo5UIMZn/zjyq0pp4gx3HrmTzxiHRk=; b=OfHHiRQi+unSb7QB+PLVlqvEDOXJ0Ju+P6VBT7CnZUTgNhmYn/LbKKD7+ItCVJwyl5 tA+76aDA23nB33Fm5D/MFsh18rSjWv3/NADxVVy8vUYoAulAAjOT9uGjtrzls+ga3rPL mJw3jalav1gPChLk2u6eTd0S2fyZC9COGqqkmbnQEKXQVC0RbNkeKCeKNCu+Ftt3O+2I zzByEqn5xNt/OyOThBGI+m16rTGW9IzVKyhMj6w+Aw4C1/kGNiTlWK7D/tL+FX2D8XFD uCASBU2XywCdD5ZvQX3fRgK64a7six1xExSWBxEosOLtrBaJYL47BXY2ZUT5XsplFPFu I5cA== X-Gm-Message-State: AOAM530b9GfYb81ns9LqzUSoOIcPWBoceuCdauJsTfmQO4N4cKv03zbZ WU3JFox6mMwqYjf1eZbcIinhCBLy3FOQLT5BLmZUNH4z X-Google-Smtp-Source: ABdhPJyVHPaD8ajNoiwyKWzdWKGxIw1Va0EfDJ8k+g/petRXhctg7HyB8a1wytapo7j9nFYwYPe7OLgDhy0RIsZRV40= X-Received: by 2002:a05:6808:4a:: with SMTP id v10mr11880040oic.171.1628575747257; Mon, 09 Aug 2021 23:09:07 -0700 (PDT) In-Reply-To: Received-SPF: pass client-ip=2607:f8b0:4864:20::236; envelope-from=theophilusx@gmail.com; helo=mail-oi1-x236.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:272255 Archived-At: --000000000000e7b9a105c92e56d5 Content-Type: text/plain; charset="UTF-8" I guess it would be possible - at least for the GNU Mailutils version (not the Emacs version as it does not support imap or encrypted POP3). However, I guess it would also involve adding a whole HTTP request library and an Oauth2 library to obtain authentication/refresh tokens. This is of course assuming that MS does allow an application ID to be used with IMAP (to be confirmed). This also only helps with MS Office365/Outlook access - it doesn't help with Gmail or any other provider who transitions to nly support Oauth2. As mentioned by others, the big stumbling block here is that each provider is able to implement Oauth2 with their own custom workflow, which makes a general generic solution difficult to define. The solution will probably require some sort of 'pluggable' Oauth2 layer, which might include Oauth2 authenticators for popular mail providers and a facility to add a custom one for others. On Tue, 10 Aug 2021 at 13:30, Richard Stallman wrote: > [[[ To any NSA and FBI agents reading my email: please consider ]]] > [[[ whether defending the US Constitution against all enemies, ]]] > [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > > Public client applications do not have a client secret but only an ID > > which can simply be embedded into the application, which is how DavMail > > does it. Public client applications are only allowed to access web APIs > > on behalf of the user, but this is usually enough. > > Is this something that movemail could in principle do? > If so, what are the obstacles? Is it just a matter of writing some code? > > -- > Dr Richard Stallman (https://stallman.org) > Chief GNUisance of the GNU Project (https://gnu.org) > Founder, Free Software Foundation (https://fsf.org) > Internet Hall-of-Famer (https://internethalloffame.org) > > > > -- regards, Tim -- Tim Cross --000000000000e7b9a105c92e56d5 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I guess it would be possible - at least for the GNU Mailut= ils version (not the Emacs version as it does not support imap or encrypted= POP3). However, I guess it would also involve adding a whole HTTP request = library and an Oauth2 library to obtain authentication/refresh tokens. This= is of course assuming that MS does allow an application ID to be used with= IMAP (to be confirmed).=C2=A0

This also only helps with= MS Office365/Outlook access - it doesn't help with Gmail or any other = provider who transitions to nly support Oauth2. As mentioned by others, the= big stumbling block here is that each provider is able to implement Oauth2= with their own custom workflow, which makes a general generic solution dif= ficult to define. The solution will probably require some sort of 'plug= gable' Oauth2 layer, which might include Oauth2 authenticators for popu= lar mail providers and a facility to add a custom one for others.=C2=A0

On Tue, 10 Aug 2021 at 13:30, Richard Stallman <rms@gnu.org> wrote:
[[[ To any NSA and FBI agents reading my email: please = consider=C2=A0 =C2=A0 ]]]
[[[ whether defending the US Constitution against all enemies,=C2=A0 =C2=A0= =C2=A0]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]<= br>
=C2=A0 > Public client applications do not have a client secret but only= an ID
=C2=A0 > which can simply be embedded into the application, which is how= DavMail
=C2=A0 > does it. Public client applications are only allowed to access = web APIs
=C2=A0 > on behalf of the user, but this is usually enough.

Is this something that movemail could in principle do?
If so, what are the obstacles?=C2=A0 Is it just a matter of writing some co= de?

--
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)





--
regards,

Tim

--
Tim Cross

--000000000000e7b9a105c92e56d5--