Google and OAuth 2.0
Joshua Cranmer 🐧
Pidgeot18 at gmail.com
Wed Apr 30 18:47:18 UTC 2014
On 4/25/2014 10:52 AM, Gervase Markham wrote:
> Is this relevant to Thunderbird accessing Gmail?
This was brought up in the status meeting, and we resolved to reach out
to Gmail to clarify some questions. Here's the status of as right now:
1. The clarification from GMail IMAP folks is:
> The bottom line is that GMail would really like Thunderbird to use
> OAuth2 for imap/smtp/pop access. If it doesn't, there's an increased
> possibility that GMail will suspect the login attempt is unauthorized.
> If you keep using the same IP address, or have two factor auth turned
> on, you'll most likely be OK. Otherwise, the users run the risk of
> having to jump through some hoops to get imap access again (I don't
> know the exact details of that...)
2. I've made a post to the IMAP-protocol list about this topic (it felt
more relevant there than the Kitten working group):
From responses in the past 12 hours, it does seem like there is
agreement by client implementers that some of these issues need to be
3. I've been told by both Bienvenu and Brandon that the OAuth people
have been brought into the discussion, although they haven't responded
It looks to me that it will be possible to see many of the concerns I
have about OAuth discussed and addressed.
As a side note, it also looks like other IMAP servers are planning on
supporting OAuth 2.0. Outlook.com recently rolled out support for it as
well, and I think there was another server the name of which I don't
recall right now.
Thunderbird and DXR developer
Source code archæologist
More information about the tb-planning