Richard Stallman writes: > [[[ To any NSA and FBI agents reading my email: please consider ]]] > [[[ whether defending the US Constitution against all enemies, ]]] > [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > > The person you want to reach out to is probably > > dvratil@kde.org. Here's a relevant blog post from him, about how > > he fixed the Kontact Oauth2 problem: > > > https://www.dvratil.cz/2019/08/kontact-google-integration-issue/ > > Lars, is this something you can do? > > > My auth-source-xoauth2 package "avoids" that by having every user > > do the API key dance with Google, and as a result is rather hard > > to setup. > > Aside from the inconvenience, is there anything about this we simply > cannot ask users to do? Does it require accepting terms that are > unjust and not required for using Gmail itself? I went through the process a long time ago, so I can't answer that with certainty. The current legalese is in the pages here: https://developers.google.com/terms Somebody with a keener legal eye could look at it, but there are certainly more/different terms there. As an aside, it is worth noting that my package is not Gmail-specific. It could be used for the Reddit example given before via similar means: register a project/app in Reddit, get the keys, etc. The crux here is that there needs to be an app - their intent is that the software producer (in this case an "Emacs" or "Gnus") registers an "official" app, and the app manages its secrets in a way compliant with their terms (which we already know is pretty hard for OSS projects). -- Cesar Crusius