From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Gregory Heytings Newsgroups: gmane.emacs.devel Subject: Re: oauth2 support for Emacs email clients Date: Tue, 03 Aug 2021 09:00:50 +0000 Message-ID: References: <52589.36892.953561.24840@gargle.gargle.HOWL> Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset=us-ascii Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="20778"; mail-complaints-to="usenet@ciao.gmane.io" Cc: emacs-devel@gnu.org To: Roland Winkler Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Tue Aug 03 11:02:05 2021 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mAqJI-0005EH-LK for ged-emacs-devel@m.gmane-mx.org; Tue, 03 Aug 2021 11:02:04 +0200 Original-Received: from localhost ([::1]:44988 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mAqJG-0006Zj-W0 for ged-emacs-devel@m.gmane-mx.org; Tue, 03 Aug 2021 05:02:03 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:47514) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mAqIH-0005nS-8V for emacs-devel@gnu.org; Tue, 03 Aug 2021 05:01:01 -0400 Original-Received: from heytings.org ([95.142.160.155]:37690) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mAqIB-00012d-7z; Tue, 03 Aug 2021 05:01:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heytings.org; s=20210101; t=1627981251; bh=wAl1W9dBhjXwCiZ7xMetIhHr/fKYtm7zNHkLn6k/imA=; h=Date:From:To:cc:Subject:In-Reply-To:Message-ID:References:From; b=UuvnSdwTznjDbtpsV9sfV+nY/XjmKm4TQ4ThURsoYblU9IZc3tn2jDo1G0cxYqG3y EJ+psOiyQ/gBG9mAX0mhgguJObGamCt38zjPjwStSthoDimFKjNNIKrTrCW5hwJ4IZ A/kPsVTKS4FJOPCECHMGBPEICDCNzjFRnIKLRkeiHgWYnmTJYhs2YUxuJyF6GvoAMO uM/+RfGhQsrMwEDiryeoPShlj4JLVEEoz8Zabz9BirQUHaWQGDpNm3/PZNmy35JjDr m7vTqOC93S8lf0E8BhORg7HwwgWnCgjLmarX9aj39luNspxG1XnHCsP51xbofaDkPS fwvurCs+3Dmng== In-Reply-To: <52589.36892.953561.24840@gargle.gargle.HOWL> Received-SPF: pass client-ip=95.142.160.155; envelope-from=gregory@heytings.org; helo=heytings.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:271956 Archived-At: > > A year ago, there was a long thread "Making GNUS continue to work with > Gmail". Has there been any progress along these lines? > As far as I know, no. > > I am asking because my institution uses MS Outlook. Recently, they have > disabled simple password-based authentication in favor of oauth2. Now, > using oauth2.el from GNU Elpa, I have got the basics (authentication and > authorization) working. This required some ugly configuration within MS > Azure. But I am still some distance away from a smooth workflow, say, > using Gnus. It is my understanding, that support of oauth2 within the > Emacs ecosystem is rather incomplete. > It is not incomplete, it works, but, as you said, it does not work "smoothly" because each users has to do some initial "ugly configuration" with Microsoft Azure or Google Cloud or... A smooth workflow without that "ugly configuration" would require to register Gnus as an official / approved email client with each email provider, which as far as I can see is not going to happen. For Google, even if Gnus were approved as an approved email client, it would not be possible to use the OAuth credentials obtained at the end of the approval process in Gnus, because doing this is explicitly forbidden by their TOS ( https://developers.google.com/terms ) 4.b.1: "You will keep your credentials confidential and make reasonable efforts to prevent and discourage other API Clients from using your credentials. Developer credentials may not be embedded in open source projects." I did not check what the TOS of Microsoft are, tho. Someone might agree to take the legal risk to violate these TOS. IANAL, but I observe that no other "small" free software project (e.g. Mutt or Alpine) took that risk. Two larger free software projects (Thunderbird and Kmail) took that risk, but their apps were registered by a legal person, not by a developer. > > Say, oauth2.el advises url-http-handle-authentication. More > importantly, email clients need to regularly refresh the oauth2 access > token. > oauth2.el refreshes tokens automatically, so once the initial ugly configuration is done, everything should work smoothly.