From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Thomas Fitzsimmons Newsgroups: gmane.emacs.devel Subject: Re: oauth2 support for Emacs email clients Date: Sun, 08 Aug 2021 10:22:16 -0400 Message-ID: References: <52589.36892.953561.24840@gargle.gargle.HOWL> <87pmuofpai.fsf@gnu.org> <87sfzk71xw.fsf@randomsample> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="26243"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) Cc: emacs-devel@gnu.org, Roland Winkler , Richard Stallman To: David Engster Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Sun Aug 08 16:23:11 2021 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mCjhl-0006Zv-NG for ged-emacs-devel@m.gmane-mx.org; Sun, 08 Aug 2021 16:23:09 +0200 Original-Received: from localhost ([::1]:57364 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mCjhk-0000nJ-MD for ged-emacs-devel@m.gmane-mx.org; Sun, 08 Aug 2021 10:23:08 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:54778) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mCjgz-0008WV-Jb for emacs-devel@gnu.org; Sun, 08 Aug 2021 10:22:21 -0400 Original-Received: from mail-qk1-x72e.google.com ([2607:f8b0:4864:20::72e]:46793) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mCjgx-0005h2-Tc for emacs-devel@gnu.org; Sun, 08 Aug 2021 10:22:21 -0400 Original-Received: by mail-qk1-x72e.google.com with SMTP id c9so15447026qkc.13 for ; Sun, 08 Aug 2021 07:22:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fitzsim-org.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=IHTk/kHRtu3aXE+60zzN1Xp8sor0+YCmcrTjtLYQNjc=; b=1pQy1oP3vwxWWN3tcl/qJasYDQ0v5a0kKEREgqUxCLhZ7d2+81wKhqh93ziHy3QMFH b8fVXoSOk/Phha87PARKTnvPIIh9NyEO8gzaX7aq/OwRRQ1CJzxDjXbwKaAZajfYxACG 3154mBxYKiU0K1wgXHzueCtoozQr4fDKJ0nYjrMSoWBa0aCeCoWBg2wm8JphciqE0nKn OSsgBTHN0HvNZ3bU2XRV6aBSLLkWvkVq7iiMA84xIm/9Ias9NlaILErmkL9fQme3h4qg HpyfEfxULG+z2gwvL/VWBonAcfsdVOqRToEhIGee+TepYaXC5L17+vXi3NdiQ8VJqhP5 ZPnA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=IHTk/kHRtu3aXE+60zzN1Xp8sor0+YCmcrTjtLYQNjc=; b=IS6w9aZkNs5P/RaFaQPYrpO1YBEmrBXQXhoS1t8aOP9ZiZf+eM/PWGd/8XrfLvLUdD IYvjud17YMim1iSsTyuFTy2HpIuJv1lR9OL35wHaPkAvaHR6x/ht2Ahj0aKW18AG3EYR Rgt1qRmSV87nlTy58vdAZ0r2XLY7o7OSLrvO0RvnJINvGWAouYlO1JrwH6rhxDp/3Iw5 /20sFuoGm7zL6hHEHYIK+4im2WKdeG3+NZe957DHFrdhnfsXrcP4v4aNYkaWkS4GshgO zWpfIKguY0QA22akYR3zAqvKvExVt9inPQGLZj0DChrbEMp5fUnC0NeYhr1J5WET44p7 1buA== X-Gm-Message-State: AOAM531LlHsgtxbx0WwxqNRLR/PCmk0Qpnay6jsTH2eUlD2PKEwfit9a ZHhOZk7K+l3bhplVNIBngtLsS+pedwkm0w== X-Google-Smtp-Source: ABdhPJx4Vxd3ryjXECB/6xkLpxxTmOcufU6fvrae+EDCpiDNo8C+Pwp8kh7LAikh1s4ZcVXVvovGlQ== X-Received: by 2002:a05:620a:88d:: with SMTP id b13mr13217908qka.125.1628432538113; Sun, 08 Aug 2021 07:22:18 -0700 (PDT) Original-Received: from localhost.localdomain (69-165-165-189.dsl.teksavvy.com. [69.165.165.189]) by smtp.gmail.com with ESMTPSA id p13sm7165001qkk.87.2021.08.08.07.22.16 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 08 Aug 2021 07:22:17 -0700 (PDT) In-Reply-To: <87sfzk71xw.fsf@randomsample> (David Engster's message of "Sun, 08 Aug 2021 10:52:59 +0200") Received-SPF: none client-ip=2607:f8b0:4864:20::72e; envelope-from=fitzsim@fitzsim.org; helo=mail-qk1-x72e.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:272199 Archived-At: David Engster writes: >> Others have mentioned "officially" registering Emacs as IMAP/SMTP >> clients for Office365 (and possibly Gmail), similar to what seems >> to be the case for Thunderbird. I am wondering how davmail is >> doing this. > > Microsoft has actually recognized that it does not make sense for > desktop applications to embed secrets into their code, so they > distinguish between "public" and "confidential" client applications: > > https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-client-applications > > Public client applications do not have a client secret but only an ID > which can simply be embedded into the application, which is how DavMail > does it. Public client applications are only allowed to access web APIs > on behalf of the user, but this is usually enough. Interesting, but are public client applications allowed to use IMAP/SMTP? Or must public client applications use WebDAV to communicate with Microsoft servers, like DavMail does? It seems like Thunderbird could act as a public client application, however I believe it is currently acting as a confidential client application. I wonder why. Thomas