[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gmail+imap+smtp (oauth2)
From: |
Thomas Fitzsimmons |
Subject: |
Re: gmail+imap+smtp (oauth2) |
Date: |
Wed, 04 May 2022 11:41:29 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux) |
Hi Tim,
Tim Cross <theophilusx@gmail.com> writes:
> Thomas Fitzsimmons <fitzsim@fitzsim.org> writes:
[...]
>> Tim Cross <theophilusx@gmail.com> writes:
>>
>>> Richard Stallman <rms@gnu.org> writes:
>>>
>>>> [[[ To any NSA and FBI agents reading my email: please consider ]]]
>>>> [[[ whether defending the US Constitution against all enemies, ]]]
>>>> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>>>>
>>>> > I landed on the conclusion that SMTP
>>>> > and IMAP should keep working as long as you use app-passwords for
>>>> > logging in to your account.
>>>>
>>>> Can you explain what "app-passwords" are? I have never used Gmail,
>>>> and I don't need to know technical details, but I have to think
>>>> about the ethical implications of this.
>>
>> [...]
>>
>>> I don't think there are any significant ethical considerations
>>> associated with app passwords (in addition to those associated with
>>> using Google/Gmail that is). It is likely that setting the app password
>>> via the Google account settings page involves non-free Javascript, but I
>>> think that boat sailed when you initially sign up for a gmail account
>>> anyway.
>>
>> One issue with OAuth2 schemes is that they periodically force the user
>> through a web-browser-only authentication process that requires non-free
>> JavaScript, in order to get a refresh token.
>>
>> (I'm hoping someone can prove me wrong, and point me to a command-line
>> procedure using only free software that allows me to get a refresh token
>> when required. We're told OAuth2 is a modern standard, right? So there
>> should be a modern, standard way of doing the same things as the
>> JavaScript authentication blobs... right?)
>>
>> There are two issues, which I think should be considered separately:
>>
>> One-time registration requiring non-free JavaScript (1).
>>
>> Subsequently requiring non-free JavaScript for authentication to use
>> IMAP or SMTP protocols (2).
>>
>> See the discussion in this bug report, closed wontfix:
>>
>> https://debbugs.gnu.org/cgi/bugreport.cgi?bug=41386
>>
>> I'm hoping the FSF will study and comment on the issue in general, given
>> that gmail.com, such a large email provider, is making this OAuth2
>> change. To me, issue (2) seems like a high priority one for Free
>> Software. Keep in mind that avoiding issue (1) isn't always optional,
>> from an employee/student perspective.
>>
>
> I think your confusing oauth2 as an authn/authz framework/standard and
> its implementation as done by Google.
Are you aware of any email provider that advertises "OAuth 2.0" but that
does not require non-free JavaScript blobs for authentication?
> There is nothing which requires oauth2 be implemented in Javascript or
> that requies it to use non-free software.
So can you describe how to get an OAuth 2.0 gmail.com refresh token
without the use of non-free JavaScript?
Thanks,
Thomas
- Re: gmail+imap+smtp (oauth2), (continued)
Re: gmail+imap+smtp (oauth2), Richard Stallman, 2022/05/03
- Re: gmail+imap+smtp (oauth2), Tim Cross, 2022/05/03
- Re: gmail+imap+smtp (oauth2), tomas, 2022/05/04
- Re: gmail+imap+smtp (oauth2), Thomas Fitzsimmons, 2022/05/04
- Re: gmail+imap+smtp (oauth2), Stefan Monnier, 2022/05/04
- Re: gmail+imap+smtp (oauth2), Robert Pluim, 2022/05/04
Re: gmail+imap+smtp (oauth2), Tim Cross, 2022/05/04
Re: gmail+imap+smtp (oauth2),
Thomas Fitzsimmons <=
Re: gmail+imap+smtp (oauth2), Richard Stallman, 2022/05/05
Re: gmail+imap+smtp (oauth2), Tomas Hlavaty, 2022/05/06
Re: gmail+imap+smtp (oauth2), Richard Stallman, 2022/05/06
Re: gmail+imap+smtp (oauth2), Tim Cross, 2022/05/07
Re: gmail+imap+smtp (oauth2), Richard Stallman, 2022/05/08
Re: gmail+imap+smtp (oauth2), Tim Cross, 2022/05/08
Re: gmail+imap+smtp (oauth2), Tomas Hlavaty, 2022/05/10
Re: gmail+imap+smtp (oauth2), Tim Cross, 2022/05/10
Re: gmail+imap+smtp (oauth2), Tomas Hlavaty, 2022/05/10
Re: gmail+imap+smtp (oauth2), Tim Cross, 2022/05/10