From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Thomas Fitzsimmons Newsgroups: gmane.emacs.devel Subject: Re: oauth2 support for Emacs email clients Date: Sun, 08 Aug 2021 11:30:55 -0400 Message-ID: References: <52589.36892.953561.24840@gargle.gargle.HOWL> <87pmuofpai.fsf@gnu.org> <87sfzk71xw.fsf@randomsample> <87k0kw6liw.fsf@randomsample> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="4916"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) Cc: emacs-devel@gnu.org, Roland Winkler , Richard Stallman To: David Engster Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Sun Aug 08 17:31:49 2021 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mCkmC-00016G-9g for ged-emacs-devel@m.gmane-mx.org; Sun, 08 Aug 2021 17:31:48 +0200 Original-Received: from localhost ([::1]:46378 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mCkmB-00088T-2m for ged-emacs-devel@m.gmane-mx.org; Sun, 08 Aug 2021 11:31:47 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:35674) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mCklR-0007Ny-4Q for emacs-devel@gnu.org; Sun, 08 Aug 2021 11:31:01 -0400 Original-Received: from mail-qt1-x829.google.com ([2607:f8b0:4864:20::829]:36761) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mCklO-0001bG-3k for emacs-devel@gnu.org; Sun, 08 Aug 2021 11:31:00 -0400 Original-Received: by mail-qt1-x829.google.com with SMTP id w10so10535477qtj.3 for ; Sun, 08 Aug 2021 08:30:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fitzsim-org.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=o8ydeOBr+a6WCohYJHyCYSB5f2Yhq389l7dX/Gw4xPI=; b=SrWJthHm09lF8qrsoC4Vuqk/0qVLhDfOapm5F+1zsMrH++rGcfpoWM1cIQpLHSBPUS ZTKLx1lWv3ZtZ0DUn1+QH63F6ZDbtOtjkX8UP7NrLq0rfxYF1orhKkYDDGUWVSZxs5St qFtuhEyF6yZf4jab8erIbeKUzVdRsA1XAG3owGlpqUfxfKgzbGI3VWKPgIFMcZoUm8ka Yp6Qgq+nV1WXhZfT6+PcH6C2oOAGHRCaG+5QxuIQ831FW/tF1wcFhxoCQ6Mwi7ZLsIA0 DWgA1JUDRFgTW9muZlQxBBle17I1TCsdmJx06Rt2JYFKDOFxmuxg6dR7ZDQGqf6/ASLE tcwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=o8ydeOBr+a6WCohYJHyCYSB5f2Yhq389l7dX/Gw4xPI=; b=R8Bw3UJq+irIptFkYKEagrlCs9mdSF0kIxGwwVp8O0sn6KpcPgyipwzEFzqRzjbvxl hG+U+CurnsdB0KtheinW+cYHophacDl1ZeCsFONURf6g4xV1yYevUzqCiJPk6/I+BxUG ZdMsHiS0SPiMZkyPkjB/076ow7ivdKT7TyMOw918z/nL6jXlmgGzKwAFsZE22f9cX4D3 wK7k12Xj90NbJF+rxvH/SBBHviwxsKUqkhtkAs0rd/yqxoR2yBPUcOd8Vg+vdXuIUhtR bjbV8DcVI20/GL+7IIp2qGincBAqUy09b5kYgmnr4jOHTbuAuXGFG8fTFJlPuzXgtLNL HC+w== X-Gm-Message-State: AOAM532KN+al6KsysilzI7BMy9ylh1shduVPEXbA0JhTqg6YIJDHsNIn b7RNjWaShibjsQv+wR1i5Npa4GvVb5kGtvUQ X-Google-Smtp-Source: ABdhPJxFx3J3ie+wIjFOnYGOLcoIUHo7s3RisE0Rfe1+xMo6WI1ZCwa8aBPd+rqHs5cSqqhuiXNeLQ== X-Received: by 2002:a05:622a:64c:: with SMTP id a12mr9004957qtb.171.1628436656871; Sun, 08 Aug 2021 08:30:56 -0700 (PDT) Original-Received: from localhost.localdomain (69-165-165-189.dsl.teksavvy.com. [69.165.165.189]) by smtp.gmail.com with ESMTPSA id q10sm5903227qti.68.2021.08.08.08.30.55 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 08 Aug 2021 08:30:56 -0700 (PDT) In-Reply-To: <87k0kw6liw.fsf@randomsample> (David Engster's message of "Sun, 08 Aug 2021 16:47:35 +0200") Received-SPF: none client-ip=2607:f8b0:4864:20::829; envelope-from=fitzsim@fitzsim.org; helo=mail-qt1-x829.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:272204 Archived-At: David Engster writes: >> David Engster writes: >> >>>> Others have mentioned "officially" registering Emacs as IMAP/SMTP >>>> clients for Office365 (and possibly Gmail), similar to what seems >>>> to be the case for Thunderbird. I am wondering how davmail is >>>> doing this. >>> >>> Microsoft has actually recognized that it does not make sense for >>> desktop applications to embed secrets into their code, so they >>> distinguish between "public" and "confidential" client applications: >>> >>> https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-client-applications >>> >>> Public client applications do not have a client secret but only an ID >>> which can simply be embedded into the application, which is how DavMail >>> does it. Public client applications are only allowed to access web APIs >>> on behalf of the user, but this is usually enough. >> >> Interesting, but are public client applications allowed to use >> IMAP/SMTP? Or must public client applications use WebDAV to communicate >> with Microsoft servers, like DavMail does? > > As I've written: Public client applications are only allowed to access > web APIs, so no IMAP/SMTP. OK; I wasn't sure if by "web APIs" you meant only "OAuth-related web APIs". Thanks for confirming. I wonder why Microsoft does not allow public client applications to use IMAP/SMTP. > I usually use DavMail to get my mail downloaded to a locally running > IMAP server. > > So yes, simply registering Gnus as a public client is not enough, one > would also need a new backend specifically for Exchange. Hmm, yeah. I'd prefer to keep using IMAP/SMTP, standards designed for email. Excorporate does some email operations via EWS, but it seems strange to extend Excorporate (and make a Gnus backend for it) to handle all of email just to avoid application registration issues with a new IMAP/SMTP authentication method. IMAP/SMTP are already implemented and work fine for other email services, and they can authenticate via OAuth (assuming registration is sorted out). >> It seems like Thunderbird could act as a public client application, >> however I believe it is currently acting as a confidential client >> application. I wonder why. > > Because they want to use IMAP/SMTP. Maybe the FSF could request that Emacs be registered as a public client application and also be allowed to use IMAP/SMTP. That would solve the "embedding a secret in Free Software" part of the OAuth registration issue, at least for Microsoft servers. Thomas