From: Thomas Fitzsimmons <fitzsim@fitzsim.org>
To: David Engster <deng@randomsample.de>
Cc: emacs-devel@gnu.org, Roland Winkler <winkler@gnu.org>,
Richard Stallman <rms@gnu.org>
Subject: Re: oauth2 support for Emacs email clients
Date: Sun, 08 Aug 2021 11:30:55 -0400 [thread overview]
Message-ID: <m3lf5cc5sg.fsf@fitzsim.org> (raw)
In-Reply-To: <87k0kw6liw.fsf@randomsample> (David Engster's message of "Sun, 08 Aug 2021 16:47:35 +0200")
David Engster <deng@randomsample.de> writes:
>> David Engster <deng@randomsample.de> writes:
>>
>>>> Others have mentioned "officially" registering Emacs as IMAP/SMTP
>>>> clients for Office365 (and possibly Gmail), similar to what seems
>>>> to be the case for Thunderbird. I am wondering how davmail is
>>>> doing this.
>>>
>>> Microsoft has actually recognized that it does not make sense for
>>> desktop applications to embed secrets into their code, so they
>>> distinguish between "public" and "confidential" client applications:
>>>
>>> https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-client-applications
>>>
>>> Public client applications do not have a client secret but only an ID
>>> which can simply be embedded into the application, which is how DavMail
>>> does it. Public client applications are only allowed to access web APIs
>>> on behalf of the user, but this is usually enough.
>>
>> Interesting, but are public client applications allowed to use
>> IMAP/SMTP? Or must public client applications use WebDAV to communicate
>> with Microsoft servers, like DavMail does?
>
> As I've written: Public client applications are only allowed to access
> web APIs, so no IMAP/SMTP.
OK; I wasn't sure if by "web APIs" you meant only "OAuth-related web
APIs". Thanks for confirming.
I wonder why Microsoft does not allow public client applications to use
IMAP/SMTP.
> I usually use DavMail to get my mail downloaded to a locally running
> IMAP server.
>
> So yes, simply registering Gnus as a public client is not enough, one
> would also need a new backend specifically for Exchange.
Hmm, yeah. I'd prefer to keep using IMAP/SMTP, standards designed for
email. Excorporate does some email operations via EWS, but it seems
strange to extend Excorporate (and make a Gnus backend for it) to handle
all of email just to avoid application registration issues with a new
IMAP/SMTP authentication method.
IMAP/SMTP are already implemented and work fine for other email
services, and they can authenticate via OAuth (assuming registration is
sorted out).
>> It seems like Thunderbird could act as a public client application,
>> however I believe it is currently acting as a confidential client
>> application. I wonder why.
>
> Because they want to use IMAP/SMTP.
Maybe the FSF could request that Emacs be registered as a public client
application and also be allowed to use IMAP/SMTP. That would solve the
"embedding a secret in Free Software" part of the OAuth registration
issue, at least for Microsoft servers.
Thomas
next prev parent reply other threads:[~2021-08-08 15:30 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-03 5:00 oauth2 support for Emacs email clients Roland Winkler
2021-08-03 6:32 ` Uwe Brauer
2021-08-03 8:21 ` Andrew Cohen
2021-08-03 19:38 ` Roland Winkler
2021-08-04 0:56 ` Andrew Cohen
2021-08-04 7:27 ` Andrew Cohen
2021-08-04 7:41 ` Andreas Schwab
2021-08-04 23:12 ` Andrew Cohen
2021-08-04 7:03 ` Lars Ingebrigtsen
2021-08-04 7:21 ` Andrew Cohen
2021-08-05 10:34 ` Lars Ingebrigtsen
2021-08-03 9:00 ` Gregory Heytings
2021-08-03 19:27 ` Roland Winkler
2021-08-03 22:02 ` Gregory Heytings
2021-08-05 0:21 ` Andrew Cohen
2021-08-10 14:39 ` Roland Winkler
2021-08-11 0:43 ` Andrew Cohen
2021-08-11 0:54 ` Andrew Cohen
2021-08-12 2:16 ` Richard Stallman
2021-08-12 2:33 ` Andrew Cohen
2021-08-03 20:21 ` Arthur Miller
2021-08-03 20:40 ` Gregory Heytings
2021-08-03 21:14 ` Eric Abrahamsen
2021-08-03 21:19 ` Gregory Heytings
2021-08-14 10:46 ` Richard Stallman
2021-08-14 11:12 ` Gregory Heytings
2021-08-14 11:47 ` Ulrich Mueller
2021-08-15 3:04 ` Richard Stallman
2021-08-15 3:04 ` Making your own application credentials as a user Richard Stallman
2021-08-15 4:10 ` Tim Cross
2021-08-03 9:20 ` oauth2 support for Emacs email clients Eric S Fraga
2021-08-03 11:17 ` Tim Cross
2021-08-03 12:55 ` Gregory Heytings
2021-08-03 13:14 ` tomas
2021-08-05 14:15 ` Richard Stallman
2021-08-03 15:04 ` Eric S Fraga
2021-08-03 19:45 ` Roland Winkler
2021-08-04 6:58 ` Eric S Fraga
2021-08-03 19:41 ` Roland Winkler
2021-08-04 6:59 ` Eric S Fraga
2021-08-04 14:45 ` Thomas Fitzsimmons
2021-08-04 22:45 ` Tim Cross
2021-08-04 23:29 ` Thomas Fitzsimmons
2021-08-05 7:45 ` Ulrich Mueller
2021-08-08 3:58 ` Richard Stallman
2021-08-09 8:30 ` Eric S Fraga
2021-08-12 2:15 ` Richard Stallman
2021-08-12 18:59 ` Roland Winkler
2021-08-03 23:38 ` Richard Stallman
2021-08-08 6:01 ` Roland Winkler
2021-08-08 6:30 ` Andreas Schwab
2021-08-08 23:48 ` Roland Winkler
2021-08-09 0:01 ` Andrew Cohen
2021-08-08 8:52 ` David Engster
2021-08-08 14:22 ` Thomas Fitzsimmons
2021-08-08 14:47 ` David Engster
2021-08-08 15:30 ` Thomas Fitzsimmons [this message]
2021-08-08 16:00 ` David Engster
2021-08-08 23:31 ` Roland Winkler
2021-08-10 2:01 ` Thomas Fitzsimmons
2021-08-10 9:07 ` David Engster
2021-08-10 14:41 ` Thomas Fitzsimmons
2021-08-10 15:56 ` David Engster
2021-08-11 6:37 ` Alexandre Garreau
2021-08-11 3:00 ` Richard Stallman
2021-08-11 9:57 ` David Engster
2021-08-13 3:10 ` Richard Stallman
2021-08-11 2:55 ` Richard Stallman
2021-08-14 15:00 ` Thomas Fitzsimmons
2021-08-14 15:26 ` Gregory Heytings
2021-08-08 16:05 ` Tim Cross
2021-08-09 8:39 ` Eric S Fraga
2021-08-10 3:29 ` Richard Stallman
2021-08-10 6:08 ` Tim Cross
2021-08-10 14:18 ` Roland Winkler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m3lf5cc5sg.fsf@fitzsim.org \
--to=fitzsim@fitzsim.org \
--cc=deng@randomsample.de \
--cc=emacs-devel@gnu.org \
--cc=rms@gnu.org \
--cc=winkler@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.