I keep one eye on techniques for Oauth primarily for gmail.
One disturbing message I read yesterday claimed that from June
new gmail 'non-secure' accounts wont be allowed and from 2021
only Oauth will be allowed for everyone.
It appears that an initial (named for your app) authorisation
credential has to be applied for using a capable browser.
This only has to be done once unless you have a password change,
or some server change requires it. (not very often)
Except if your login script fails, you will have to renew your
credentials.
If this is true it will be fun getting an initial script working.
Then yahoo, zoho etc will have different formats as well.
I use a port of fetchmail which has some work done for Oauth,
and I should be able to set up a parallel system on linux to get
through the teething stage.
In message <c98ea17d58.beeb@-.->
Ronald <gettingchoppy@gmail.com> wrote:
I keep one eye on techniques for Oauth primarily for gmail.
One disturbing message I read yesterday claimed that from June
new gmail 'non-secure' accounts wont be allowed and from 2021
only Oauth will be allowed for everyone.
Oauth2 is also on its way. Both are supposed to be much more secure.
They do not want you to connect with an email client hence the
'non-secure' tag.
In article <014ece7d58.chris@mytarbis.plus.com>, Chris Hughes
<news13@noonehere.co.uk> wrote:
In message <c98ea17d58.beeb@-.-> Ronald <gettingchoppy@gmail.com>
wrote:
Is there an Idiot's Guide
available? Would someone kindly explain what it's about?
In article <014ece7d58.chris@mytarbis.plus.com>,
Chris Hughes <news13@noonehere.co.uk> wrote:
In message <c98ea17d58.beeb@-.->
Ronald <gettingchoppy@gmail.com> wrote:
I keep one eye on techniques for Oauth primarily for gmail.
One disturbing message I read yesterday claimed that from June
new gmail 'non-secure' accounts wont be allowed and from 2021
only Oauth will be allowed for everyone.
Oauth2 is also on its way. Both are supposed to be much more secure.
They do not want you to connect with an email client hence the
'non-secure' tag.
I may have been drowsing away lockdown but don't recollect hearing of
Oauth let alone what it is or what it does, despite dozing over a
computer magazine monthly.
I use Pluto or Thunderbird for email and my wife uses Gmail. Are we
about to experience email lockdown too? Is there an Idiot's Guide
available? Would someone kindly explain what it's about?
In message <c98ea17d58.beeb@-.->
Ronald <gettingchoppy@gmail.com> wrote:
I keep one eye on techniques for Oauth primarily for gmail.
One disturbing message I read yesterday claimed that from June
new gmail 'non-secure' accounts wont be allowed and from 2021
only Oauth will be allowed for everyone.
Oauth2 is also on its way. Both are supposed to be much more secure.
Sadly AFAIK non of the RISC OS browser will work with OAuth, let alone OAuth2.
On Tuesday, 9 June 2020 08:52:37 UTC+1, Chris Hughes wrote:
In message <c98ea17d58.beeb@-.->
Ronald <gettingchoppy@gmail.com> wrote:
I keep one eye on techniques for Oauth primarily for gmail.
One disturbing message I read yesterday claimed that from June
new gmail 'non-secure' accounts wont be allowed and from 2021
only Oauth will be allowed for everyone.
Oauth2 is also on its way. Both are supposed to be much more secure.
[...]
Sadly AFAIK non of the RISC OS browser will work with OAuth, let alone
OAuth2.
Prophet (for submitting Making Tax Digital VAT returns to HMRC) uses
OAuth2 for the initial association, using NetSurf and the AcornSSL module.
So the technology is possible on RISC OS, but only provided the website
doing the other half of the OAuth[2] has been thoughtfully designed to
work across lots of browsers. Well done to HMRC in this instance...
In message <c98ea17d58.beeb@-.->
Ronald <gettingchoppy@gmail.com> wrote:
I keep one eye on techniques for Oauth primarily for gmail.
One disturbing message I read yesterday claimed that from June
new gmail 'non-secure' accounts wont be allowed and from 2021
only Oauth will be allowed for everyone.
Oauth2 is also on its way. Both are supposed to be much more secure.
They do not want you to connect with an email client hence the
'non-secure' tag.
It appears that an initial (named for your app) authorisation
credential has to be applied for using a capable browser.
This only has to be done once unless you have a password change,
or some server change requires it. (not very often)
Sadly AFAIK non of the RISC OS browser will work with OAuth, let alone OAuth2.
Some ISP's have also been hinting they may move to using OAuth for login
to your email in the not too distant future
Except if your login script fails, you will have to renew your
credentials.
If this is true it will be fun getting an initial script working.
Then yahoo, zoho etc will have different formats as well.
Google (Gmail) etc, want you to use their browsers/webmail and not email clients. Maybe I am being silly but I suspect it will also allow them to harvest even more info on you/us.
I use a port of fetchmail which has some work done for Oauth,
and I should be able to set up a parallel system on linux to get
through the teething stage.
Here is hoping !NetFetch/!Hermes gets OAuth facilities in near future
I seen mention of !Popstar also working with the new AcornSSL?
In message <69cf1d7e58.beeb@-.->
Ronald <gettingchoppy@gmail.com> wrote:
I seen mention of !Popstar also working with the new AcornSSL?
Certainly AntiSpam (for fetching mail) and its companion app MSC (for
snding mail) do. They are what I use daily.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 294 |
Nodes: | 16 (2 / 14) |
Uptime: | 246:58:11 |
Calls: | 6,626 |
Calls today: | 2 |
Files: | 12,175 |
Messages: | 5,320,795 |