~petrus/mailctl-discuss

2 2

Re-engineering of Thunderbird's O365 Oaut2 possible?

Details
Message ID
<CS8QA9HO717N.25HYEILW4N3F2@rob-itx-mini>
DKIM signature
missing
Download raw message
Hi,
Would it be possible to learn from Thunderbird's mechanism of
Oauth2 authentication with outlook/ MS365?
I can use my institute account robert.winkler@cinvestav.mx with
Thunderbird, but mailctl gets stuck in the first web interface.
Therefore, I guess the request is slightly different.
Please be kind; I'm very ignorant ;-).
Best regards,
Robert
Details
Message ID
<877ctdzlax.fsf@icmfp.com>
In-Reply-To
<CS8QA9HO717N.25HYEILW4N3F2@rob-itx-mini> (view parent)
DKIM signature
missing
Download raw message
> Would it be possible to learn from Thunderbird's mechanism of
> Oauth2 authentication with outlook/ MS365?
> I can use my institute account robert.winkler@cinvestav.mx with
> Thunderbird, but mailctl gets stuck in the first web interface.
> Therefore, I guess the request is slightly different.
> Please be kind; I'm very ignorant ;-).

I'm not sure how easy it would be to unpick the Thunderbird workflow to
see what to do (although examining the code and translating the working
workflow into updated Haskell code for mailctl would an option, and very
helpful if anyone can do this!), but this blog post :

  https://www.nango.dev/blog/why-is-oauth-still-hard

..explains pretty well why OAuth2 appears to be incredibly difficult to
support for different providers.

In summary : It's a framework, and everyone does it differently!

Apparently there's work on newer versions of the OAuth2 standard which
will be more prescriptive, so hopefully that will make alternative
implementations like that in mailctl a bit easier to work with different
providers, rather than having to debug each one individually  :)


        Cheers,

                David
Details
Message ID
<ex5wo765bpees7ns4krs3q4uzttqjwvpwfbp52zsz3uiplzdfb@ltmaf5qbtfa6>
In-Reply-To
<877ctdzlax.fsf@icmfp.com> (view parent)
DKIM signature
missing
Download raw message
On Fri, May 12, 2023 at 03:17:10PM +0100, David Gardner wrote:
> I'm not sure how easy it would be to unpick the Thunderbird workflow to
> see what to do (although examining the code and translating the working
> workflow into updated Haskell code for mailctl would an option, and very
> helpful if anyone can do this!), but this blog post :
> 
>   https://www.nango.dev/blog/why-is-oauth-still-hard
> 
> ..explains pretty well why OAuth2 appears to be incredibly difficult to
> support for different providers.

And if someone is still not convinced about the difficulties then they
should read all the comments in the related HN thread:
https://news.ycombinator.com/item?id=35713518

> Apparently there's work on newer versions of the OAuth2 standard which
> will be more prescriptive, so hopefully that will make alternative
> implementations like that in mailctl a bit easier to work with different
> providers, rather than having to debug each one individually  :)

Well ouath 2.1 has been coming for a while together with another slightly
related technology WebAuthn which recently made the news as "passkeys -
eliminate the need for passwords!". For the time oauth 2.1 really arrives
there is some chance that webauthn will somehow be used in the authorization
phase of oauth by the big service providers. Giving them again the
opportunity to force their own framework (of lock-in) on the public.
Reply to thread Export thread (mbox)