emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: oauth2 support for Emacs email clients

From: Thomas Fitzsimmons
Subject: Re: oauth2 support for Emacs email clients
Date: Sun, 08 Aug 2021 10:22:16 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) 
David Engster <deng@randomsample.de> writes:

>>   Others have mentioned "officially" registering Emacs as IMAP/SMTP
>>   clients for Office365 (and possibly Gmail), similar to what seems
>>   to be the case for Thunderbird.  I am wondering how davmail is
>>   doing this.
>
> Microsoft has actually recognized that it does not make sense for
> desktop applications to embed secrets into their code, so they
> distinguish between "public" and "confidential" client applications:
>
> https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-client-applications
>
> Public client applications do not have a client secret but only an ID
> which can simply be embedded into the application, which is how DavMail
> does it. Public client applications are only allowed to access web APIs
> on behalf of the user, but this is usually enough.

Interesting, but are public client applications allowed to use
IMAP/SMTP?  Or must public client applications use WebDAV to communicate
with Microsoft servers, like DavMail does?

It seems like Thunderbird could act as a public client application,
however I believe it is currently acting as a confidential client
application.  I wonder why.

Thomas
reply via email to
[Prev in Thread] Current Thread [Next in Thread]