oAuth for ATT and oAth generally. What is the way forward?

Matt Harris unicorn.consulting at gmail.com
Sun Sep 22 04:25:18 UTC 2019


It is obvious from recent SUMO posts that ATT is pushing oAuth for their 
customers.  Probably at the behest of Yahoo.  However ATT have no oAuth 
secret.  So I am posting to tb planning looking for feedback on how we 
deal with the insidious oAuth contracts.  It has been out there for 
years that Frontier intend to withdraw other connection methods 
<https://bugzilla.mozilla.org/show_bug.cgi?id=1293958#c25>.  It has also 
come to my notice recently that we simply do not support oAuth for POP 
accounts at all.

So it is time for a coherent decision.  Do we just leave these users out 
in the cold,  reach out to the parties concerned asking for their non 
existent secrets, or do we modify the account manager to allow the 
selection of a pre existing secret. Thunderbird offers a list of 
providers whose keys Thunderbird has and let user input what ever they 
like in the field.  So BT, ATT, Verizon and Yahoo can set the oAuth key 
to Yahoo.

I claim no knowledge of oAuth,  but it is a reality and we need to have 
some sort of policy on how this is to be done going forward. The 
existing process of needing to create a separate arrangement for BT, 
ATT, Verizon and Yahoo is going to become labour intensive and always 
out of date.

  Given dovecote is offering oAuth as an authentication method means 
that oAuth will most likely become more common over time with small 
providers.  So what is it to be? how do we manage this?

Matt

-- 
“Against stupidity the gods themselves contend in vain.” /― Friedrich 
von Schiller, Die Jungfrau von Orleans /
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/tb-planning/attachments/20190922/88a10208/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4008 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.mozilla.org/pipermail/tb-planning/attachments/20190922/88a10208/attachment-0001.p7s>


More information about the tb-planning mailing list