From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Gregory Heytings via "Emacs development discussions." Newsgroups: gmane.emacs.devel Subject: Re: Making GNUS continue to work with Gmail Date: Sat, 15 Aug 2020 09:45:16 +0000 Message-ID: References: <87v9ienz6c.fsf@gnus.org> <878sf9c69y.fsf@gnus.org> <871rkw62t3.fsf@gnus.org> <87bljki71n.fsf@mat.ucm.es> <87364wxlec.fsf@gnus.org> <87imdsgmlw.fsf@mat.ucm.es> <871rkfhkhc.fsf@mat.ucm.es> <875z9p5hnc.fsf@mat.ucm.es> <87364pbkn0.fsf@gnus.org> <87lfihe0zf.fsf@mat.ucm.es> <874kp55l8t.fsf@gnus.org> Reply-To: Gregory Heytings Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="32922"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Alpine 2.21 (NEB 202 2017-01-01) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Sat Aug 15 16:56:33 2020 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1k6xbj-0008QD-AR for ged-emacs-devel@m.gmane-mx.org; Sat, 15 Aug 2020 16:56:31 +0200 Original-Received: from localhost ([::1]:42722 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k6xbi-0006O5-Cf for ged-emacs-devel@m.gmane-mx.org; Sat, 15 Aug 2020 10:56:30 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:41380) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k6xay-0005RW-0p for emacs-devel@gnu.org; Sat, 15 Aug 2020 10:55:44 -0400 Original-Received: from mx.sdf.org ([205.166.94.24]:49434) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k6xav-0004aK-Gm for emacs-devel@gnu.org; Sat, 15 Aug 2020 10:55:43 -0400 Original-Received: from sdf.org (IDENT:ghe@faeroes.freeshell.org [205.166.94.9]) by mx.sdf.org (8.15.2/8.14.5) with ESMTPS id 07F9jMH5022078 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits) verified NO); Sat, 15 Aug 2020 09:45:22 GMT Original-Received: (from ghe@localhost) by sdf.org (8.15.2/8.12.8/Submit) id 07F9jMvu025947; Sat, 15 Aug 2020 09:45:22 GMT In-Reply-To: Received-SPF: pass client-ip=205.166.94.24; envelope-from=ghe@sdf.org; helo=mx.sdf.org X-detected-operating-system: by eggs.gnu.org: First seen = 2020/08/15 05:45:25 X-ACL-Warn: Detected OS = ??? X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:253790 Archived-At: > > What IS "this approach"? Does it get a key that GNUS can use for > everyone? Does it have each user get a key from Google? > For the sake of clarity, there are two possible approaches: 1. Each user creates its own OAuth credentials, and uses them to access their own Google account. From the point of view of Google, this is as if each user created its own app. This is the solution chosen by Mutt and others. Its main advantage is that the process is immediate (it takes only a few minutes). Its main drawback is that it is a rather complex process. 2. The developer creates OAuth credentials, and includes them in the program. From the point of view of Google, only one app exists, with many users. This is the apparently the solution chosen by Kmail, Thunderbird and others. Its main advantage is that it makes the process very simple (almost transparent) for users: when they add a Google account to their mail client, a Google page is opened in a browser, they indicate their login and password, and that's all. Its main drawback is that it is a long process, because Google has to review and approve the app. It requires at least: (1) having a domain name for the app, (2) writing a privacy policy for the app, (3) creating a video that demonstrates the OAuth grant process in the app, (4) submitting the app for verification to Google, and waiting that it be approved. For the sake of completeness, there is in fact a third possible approach, which cannot be used by regular Gmail users: 3. If your Google account is a G Suite account (either a business one or an education one), that is, if your email is managed by Google but your email address does is not an @gmail.com address, then the G Suite administrator can do the process (1) above once for all users of a given mail client. That is, the mail client is approved once for all users of that domain without the need of a review by Google. Gregory