Google and OAuth 2.0

Patrick Cloke clokep at
Fri Apr 25 17:25:40 UTC 2014

On Fri, Apr 25, 2014 at 1:10 PM, Andrew Sutherland <
asutherland at> wrote:

> On 04/25/2014 12:35 PM, Joshua Cranmer 🐧 wrote:
>> Oh, and IIRC, OAuth requires you to provision a "secret" identifier for
>> your application, which is rather hostile for open-source applications
>> since checking it into our public repository is not likely to go over well.
>> :-(
> From
> "The process results in a client ID and, in some cases, a client secret,
> which you embed in the source code of your application. (In this context,
> the client secret is obviously not treated as a secret.) "
> The Firefox OS Gaia calendar app uses oauth2 for accessing google
> calendar.  You can find its code at
> including
> the secret it uses to talk to Google.  Grep on 'oauth' for the good stuff.

FWIW Thunderbird already includes OAuth2 code that is used (in order of
- chat (for Twitter)
- FileLink (for a bunch of things?)
- Calendar (for Google Calendar)

I forget whether we save the oauth secret key in a preference or in the
account manager, but we store the consumer secret / key in prefs for
Twitter. (Instantbird and Thunderbird have different keys here.)

It'd be convenient in some way if we could only have to sign in once for
all these uses...but that's probably a pipe dream.

I guess I should go file a bug for implementing this on the chat side.

Do they have any plans to limit the number of users per consumer ID? Fallen
might know this.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the tb-planning mailing list