I keep one eye on techniques for Oauth primarily for gmail.
One disturbing message I read yesterday claimed that from June
new gmail 'non-secure' accounts wont be allowed and from 2021
only Oauth will be allowed for everyone.

It appears that an initial (named for your app) authorisation
credential has to be applied for using a capable browser.
This only has to be done once unless you have a password change,
or some server change requires it. (not very often)

Except if your login script fails, you will have to renew your
credentials.
If this is true it will be fun getting an initial script working.
Then yahoo, zoho etc will have different formats as well.

I use a port of fetchmail which has some work done for Oauth,
and I should be able to set up a parallel system on linux to get
through the teething stage.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In message <[email protected]>
Ronald <[email protected]> wrote:

I keep one eye on techniques for Oauth primarily for gmail.
One disturbing message I read yesterday claimed that from June
new gmail 'non-secure' accounts wont be allowed and from 2021
only Oauth will be allowed for everyone.

Oauth2 is also on its way. Both are supposed to be much more secure.

They do not want you to connect with an email client hence the
'non-secure' tag.

It appears that an initial (named for your app) authorisation
credential has to be applied for using a capable browser.
This only has to be done once unless you have a password change,
or some server change requires it. (not very often)

Sadly AFAIK non of the RISC OS browser will work with OAuth, let alone
OAuth2.

Some ISP's have also been hinting they may move to using OAuth for login
to your email in the not too distant future

Except if your login script fails, you will have to renew your
credentials.
If this is true it will be fun getting an initial script working.
Then yahoo, zoho etc will have different formats as well.

Google (Gmail) etc, want you to use their browsers/webmail and not email clients. Maybe I am being silly but I suspect it will also allow them to harvest even more info on you/us.

I use a port of fetchmail which has some work done for Oauth,
and I should be able to set up a parallel system on linux to get
through the teething stage.

Here is hoping !NetFetch/!Hermes gets OAuth facilities in near future




--
Chris Hughes

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In article <[email protected]>,
Chris Hughes <[email protected]> wrote:

In message <[email protected]>
Ronald <[email protected]> wrote:

I keep one eye on techniques for Oauth primarily for gmail.
One disturbing message I read yesterday claimed that from June
new gmail 'non-secure' accounts wont be allowed and from 2021
only Oauth will be allowed for everyone.

Oauth2 is also on its way. Both are supposed to be much more secure.

They do not want you to connect with an email client hence the
'non-secure' tag.

I may have been drowsing away lockdown but don't recollect hearing of
Oauth let alone what it is or what it does, despite dozing over a
computer magazine monthly.

I use Pluto or Thunderbird for email and my wife uses Gmail. Are we
about to experience email lockdown too? Is there an Idiot's Guide
available? Would someone kindly explain what it's about?

[ . . remainder snipped . . . ]

Michael Harding
Rev. Preb. M.D. Harding [email protected]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In article <[email protected]>, M Harding <[email protected]> wrote:

In article <[email protected]>, Chris Hughes
<[email protected]> wrote:

In message <[email protected]> Ronald <[email protected]>
wrote:

[snip]

Is there an Idiot's Guide
available? Would someone kindly explain what it's about?

Very simply - OAuth (Open Authorization) is a method for Internet
users to enable websites or applications access to their information
on other websites but without giving them the passwords. That's my understanding of it. Google it to see more.

Richard

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In message <[email protected]>
M Harding <[email protected]> wrote:

In article <[email protected]>,
Chris Hughes <[email protected]> wrote:

In message <[email protected]>
Ronald <[email protected]> wrote:

I keep one eye on techniques for Oauth primarily for gmail.
One disturbing message I read yesterday claimed that from June
new gmail 'non-secure' accounts wont be allowed and from 2021
only Oauth will be allowed for everyone.

Oauth2 is also on its way. Both are supposed to be much more secure.

They do not want you to connect with an email client hence the
'non-secure' tag.

I may have been drowsing away lockdown but don't recollect hearing of
Oauth let alone what it is or what it does, despite dozing over a
computer magazine monthly.

https://en.wikipedia.org/wiki/OAuth

https://www.csoonline.com/article/3216404/what-is-oauth-how-the-open-authorization-framework-works.html

I use Pluto or Thunderbird for email and my wife uses Gmail. Are we
about to experience email lockdown too? Is there an Idiot's Guide
available? Would someone kindly explain what it's about?

See above for some info, been around apparently since 2010

But going to be used more it seems.

I doubt you will be impacted immediately.



--
Chris Hughes

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tuesday, 9 June 2020 08:52:37 UTC+1, Chris Hughes wrote:

In message <[email protected]>
Ronald <[email protected]> wrote:

I keep one eye on techniques for Oauth primarily for gmail.
One disturbing message I read yesterday claimed that from June
new gmail 'non-secure' accounts wont be allowed and from 2021
only Oauth will be allowed for everyone.

Oauth2 is also on its way. Both are supposed to be much more secure.

[...]

Sadly AFAIK non of the RISC OS browser will work with OAuth, let alone OAuth2.

Prophet (for submitting Making Tax Digital VAT returns to HMRC) uses OAuth2 for the initial association, using NetSurf and the AcornSSL module.

So the technology is possible on RISC OS, but only provided the website doing the other half of the OAuth[2] has been thoughtfully designed to work across lots of browsers. Well done to HMRC in this instance...

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In message <[email protected]>
[email protected] wrote:

On Tuesday, 9 June 2020 08:52:37 UTC+1, Chris Hughes wrote:

In message <[email protected]>
Ronald <[email protected]> wrote:

I keep one eye on techniques for Oauth primarily for gmail.
One disturbing message I read yesterday claimed that from June
new gmail 'non-secure' accounts wont be allowed and from 2021
only Oauth will be allowed for everyone.

Oauth2 is also on its way. Both are supposed to be much more secure.

[...]

Sadly AFAIK non of the RISC OS browser will work with OAuth, let alone
OAuth2.

Prophet (for submitting Making Tax Digital VAT returns to HMRC) uses
OAuth2 for the initial association, using NetSurf and the AcornSSL module.

So the technology is possible on RISC OS, but only provided the website
doing the other half of the OAuth[2] has been thoughtfully designed to
work across lots of browsers. Well done to HMRC in this instance...

Now that is good news, maybe we do have a chance then.


--
Chris Hughes

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In message <[email protected]>
Chris Hughes <[email protected]> wrote:

In message <[email protected]>
Ronald <[email protected]> wrote:

I keep one eye on techniques for Oauth primarily for gmail.
One disturbing message I read yesterday claimed that from June
new gmail 'non-secure' accounts wont be allowed and from 2021
only Oauth will be allowed for everyone.

Oauth2 is also on its way. Both are supposed to be much more secure.

They do not want you to connect with an email client hence the
'non-secure' tag.

Fetchmail just bundles them into the 'Oauth' method. I think it is
all going to be Oauth2 nowadays

It appears that an initial (named for your app) authorisation
credential has to be applied for using a capable browser.
This only has to be done once unless you have a password change,
or some server change requires it. (not very often)

Sadly AFAIK non of the RISC OS browser will work with OAuth, let alone OAuth2.

Some ISP's have also been hinting they may move to using OAuth for login
to your email in the not too distant future

Except if your login script fails, you will have to renew your
credentials.
If this is true it will be fun getting an initial script working.
Then yahoo, zoho etc will have different formats as well.

Google (Gmail) etc, want you to use their browsers/webmail and not email clients. Maybe I am being silly but I suspect it will also allow them to harvest even more info on you/us.

I think it is more to do with the in your face advertising possible
with a web browser. Smaller crowds like zoho still have their
commercial product to push.
OTOH the android tablet/chromebook still do gmail separately but
I guess google get revenue from these devices.
My older arm chromebook has 'had its last update, buy a new one
if you want to continue with updates' message now.

I use a port of fetchmail which has some work done for Oauth,
and I should be able to set up a parallel system on linux to get
through the teething stage.

Here is hoping !NetFetch/!Hermes gets OAuth facilities in near future

I seen mention of !Popstar also working with the new AcornSSL?
I have only used the unixlib ports for doing SSL/TLS email so far.
The good thing is I will be able to build my pop/rmail converter for
linux instead and use the linux fetchmail to drop mail to RpcEmu/HostFS
Pop Mail Directory for Pluto in a similar fashion to what I do on
my Iyonix.

One other Oauth note, is that the credentials have a time limit,
so it will be a thing where a script will be run periodically for
renewal, on top of the initial (one off?) credential application.
Google do supply an API, and the fetchmail python script is based
on googles sample.
I haven't looked at Thunderbird and other larger Linux clients
but Oauth doesn't appear to be supported/mentioned much.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In message <[email protected]>
Ronald <[email protected]> wrote:

I seen mention of !Popstar also working with the new AcornSSL?

Certainly AntiSpam (for fetching mail) and its companion app MSC (for
snding mail) do. They are what I use daily.

David

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In message <46b55e7e58.DaveMeUK@BeagleBoard-xM>
David Higton <[email protected]> wrote:

In message <[email protected]>
Ronald <[email protected]> wrote:

I seen mention of !Popstar also working with the new AcornSSL?

Certainly AntiSpam (for fetching mail) and its companion app MSC (for
snding mail) do. They are what I use daily.

!NetFetch/!Hermes will also use AcornSSL as appropriate.


--
Chris Hughes

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)