oAuth for ATT and oAth generally. What is the way forward?

Philipp Kewisch kewisch at thunderbird.net
Fri Sep 27 10:31:46 UTC 2019

Hi Matt,

for larger providers I think we should reach out, this is something the council can do. For smaller providers, I doubt the secret will be exposed to the customers. Therefore I'm not sure how useful it would be to expose this in the UI. Having something in about:config or even exposed through the MailExtensions API seems reasonable to me.

Instead of having this in the source I'm wondering if we should instead deliver the secrets vis RemoteSettings. This way we can easily update keys as necessary without an extra release.


> On 22. Sep 2019, at 6:25 AM, Matt Harris <unicorn.consulting at gmail.com> wrote:
>  It is obvious from recent SUMO posts that ATT is pushing oAuth for their customers.  Probably at the behest of Yahoo.  However ATT have no oAuth secret.  So I am posting to tb planning looking for feedback on how we deal with the insidious oAuth contracts.  It has been out there for years that Frontier intend to withdraw other connection methods.  It has also come to my notice recently that we simply do not support oAuth for POP accounts at all.
> So it is time for a coherent decision.  Do we just leave these users out in the cold,  reach out to the parties concerned asking for their non existent secrets, or do we modify the account manager to allow the selection of a pre existing secret.  Thunderbird offers a list of providers whose keys Thunderbird has and let user input what ever they like in the field.  So BT, ATT, Verizon and Yahoo can set the oAuth key to Yahoo.
> I claim no knowledge of oAuth,  but it is a reality and we need to have some sort of policy on how this is to be done going forward.  The existing process of needing to create a separate arrangement for BT, ATT, Verizon and Yahoo is going to become labour intensive and always out of date.
>  Given dovecote is offering oAuth as an authentication method means that oAuth will most likely become more common over time with small providers.  So what is it to be? how do we manage this?
> Matt
> -- 
> “Against stupidity the gods themselves contend in vain.” ― Friedrich von Schiller, Die Jungfrau von Orleans
> _______________________________________________
> tb-planning mailing list
> tb-planning at mozilla.org
> https://mail.mozilla.org/listinfo/tb-planning
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/tb-planning/attachments/20190927/bee2648a/attachment-0001.html>

More information about the tb-planning mailing list