From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Tim Cross Newsgroups: gmane.emacs.devel Subject: Re: oauth2 support for Emacs email clients Date: Tue, 03 Aug 2021 21:17:17 +1000 Message-ID: <87lf5ircmd.fsf@gmail.com> References: <52589.36892.953561.24840@gargle.gargle.HOWL> <871r7aubp5.fsf@ucl.ac.uk> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="36101"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: mu4e 1.6.1; emacs 28.0.50 To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Tue Aug 03 13:29:09 2021 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mAsbc-0009A9-Vt for ged-emacs-devel@m.gmane-mx.org; Tue, 03 Aug 2021 13:29:08 +0200 Original-Received: from localhost ([::1]:42008 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mAsbb-0002UF-7c for ged-emacs-devel@m.gmane-mx.org; Tue, 03 Aug 2021 07:29:07 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:50632) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mAsb5-0001oi-Qb for emacs-devel@gnu.org; Tue, 03 Aug 2021 07:28:35 -0400 Original-Received: from mail-pj1-x102d.google.com ([2607:f8b0:4864:20::102d]:50765) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mAsb4-0000xA-6V for emacs-devel@gnu.org; Tue, 03 Aug 2021 07:28:35 -0400 Original-Received: by mail-pj1-x102d.google.com with SMTP id l19so29324655pjz.0 for ; Tue, 03 Aug 2021 04:28:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=references:user-agent:from:to:subject:date:in-reply-to:message-id :mime-version; bh=JjoNGQLjrwEKeIpO2nOUcP0beFDlyjxToTbhH0rplxA=; b=rSjLn54JX8vPDsGPOw2ZnwAv9sxe2uxAaqP681tKj3tmCHqKOy+VaaY3spt47Y9FZM Owiws+H4XHjmgA6oaZCpvnkSdKiy/ELahklbbbBNigQO8XKsTrQlEDbuyx2jGuDE4Cbm KrAs2ruwKbrcQ9sBg7U0CLAExGGbMJvL5x2NPdENPf/C1KPVbFPMXUM7mgiz9VHoZnfA gXkSCc56S2VhYfVu61BcoqdFp3/eWYYMiQeXoMHPjjgdZvo1cvWYy/+2Ipuv5HGltQ+k UUXuEHcCHSVfKy9czDyo7MBTXOJVsscIpHS4Z75F5qCX6ai2OBlheNP76pDX0InOXgVA Hv2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:references:user-agent:from:to:subject:date :in-reply-to:message-id:mime-version; bh=JjoNGQLjrwEKeIpO2nOUcP0beFDlyjxToTbhH0rplxA=; b=VixLxU/FsUeBufqBD7RDpefkyEyoyLlfVDclsogUYI9fzespzRZ1q/Wq8eWIEvOoEA WxQouOcpEOWJOvOP0VdAdceC+EpGAXvMHy7rbQ4oxeVCpPzZG2ycM0G8hugrwn/pNK8W 9LqS3ZOXCXSziEV5f5HctnIEQk36lmpDB0n4iRt7gvXhANlfxSv/l9H9xkUaCYKzZQ0O JyxsltG7fw7KWV9S5vhckKKs1ZLvDPzpaFFS2F+UUcANRc4IYSkouuB/7VJuPPXJq4dQ hJ088FPVXDITQC68W6UhcJiWf7RmUVGg+MZg2dOUaPa5e96FkIuKiFwnyizKDjaqxySn yVHA== X-Gm-Message-State: AOAM532C2O6PkDO2jBIL4VvCyggwsnnaCWktt4oJyEvvBrptJDteQwp9 tB02pG2wCW971cPoU0fqI6D4yGhNOqw= X-Google-Smtp-Source: ABdhPJw08orNa/xhG/bOwov6jXfFXmnb892pDP9J3pSyFaw8CmNfjwlh/cKgM+suYe93yOHVLULNYQ== X-Received: by 2002:a17:902:9891:b029:12b:b1aa:3c94 with SMTP id s17-20020a1709029891b029012bb1aa3c94mr6614475plp.80.1627990111762; Tue, 03 Aug 2021 04:28:31 -0700 (PDT) Original-Received: from tim-desktop (106-69-94-209.dyn.iinet.net.au. [106.69.94.209]) by smtp.gmail.com with ESMTPSA id b5sm5965634pjq.2.2021.08.03.04.28.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Aug 2021 04:28:30 -0700 (PDT) In-reply-to: <871r7aubp5.fsf@ucl.ac.uk> Received-SPF: pass client-ip=2607:f8b0:4864:20::102d; envelope-from=theophilusx@gmail.com; helo=mail-pj1-x102d.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:271959 Archived-At: Eric S Fraga writes: > On Tuesday, 3 Aug 2021 at 00:00, Roland Winkler wrote: >> I am asking because my institution uses MS Outlook. Recently, they >> have disabled simple password-based authentication in favor of >> oauth2. Now, using oauth2.el from GNU Elpa, I have got the basics >> (authentication and authorization) working. This required some ugly >> configuration within MS Azure. But I am still some distance away >> from a smooth workflow, say, using Gnus. > > My institution did the same. I use gnus. The easiest solution, in the > end, for me was to install and run davmail to get my emails from the > institution. I then use pop (could have used imap but I prefer pop in > any case) to get email from "localhost" running davmail. Davmail takes > care of multi-factor authentication for me. Eric, what do you do for sending mail? As I understand it, oauth2 will be required for authentication for smtp as well. While I know davmail will get the messages, does it also send/relay them to the gmail smtp server? I also wonder if the 'ban' on putting credentials into the source (public) is that 'clear cut'. From what I've read, the 'applicaiton key', was never supposed to be secret - this was apparently an oversight in the initial oauth specs - obviously other parts of the credentials do need to be secret. (I do wonder if you can actually get the application key from registered apps by just running 'strings' over the binaries!). Of course, the chance of getting a decision from the right person at either google or MS is next to zero, so I guess we are stuck. I guess in the end, all we can really do is try to find a way of streamlining the process to get a developer key for each user as this seems to be the main barrier to a more straight-forward setup. I have had to jump through those hoops with other oauth2 systems which have an emacs client. The good news is that once you have that key, the oauth2.el library seems to take care of renewal of session tokens, so once setup, things should just work.