|
| From: | David De La Harpe Golden |
| Subject: | Re: Making GNUS continue to work with Gmail |
| Date: | Sun, 16 Aug 2020 15:27:10 +0100 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0 |
On 14/08/2020 11:13, Lars Ingebrigtsen wrote:
*2. What Thunderbird does data point, and not just a google problem:[...]Google, Yahoo, Mail.ru, Yandex, Aol and Microsoft https://searchfox.org/comm-central/source/mailnews/base/src/OAuth2Providers.jsm#51I guess it would be rude for Emacs to just use those credentials. :-)
Heh. Considering it for a sec, even if "borrowing" such other known client id and impersonating them is technically possible (in rough hypothetical, haven't looked what thunderbird registered in depth, particularly its redirect), it is not really viable in terms of ordinary user expectations: users would then presumably be asked a very confusing and suspicious "mozilla thunderbird wants access to your gmail email account, allow?" or something along those lines in their browser during the rfc8252 flow (if implemented) in what is actually a gnu emacs sign in, and an attentive user would presumably immediately abort and worry.
Does remind me that different emacs-external elisp packages available from melpa etc. can (and might well already) have different client ids for various providers statically embedded for their own use. Of course that's pretty much just Not GNU's Problem in legal terms so long as they don't make their way into official emacs (+elpa) sources, just wanted to make a pedantic point that it's not 1:1, different things happening to run within a user's emacs can certainly have distinct client registrations even for the same provider at least technically.
| [Prev in Thread] | Current Thread | [Next in Thread] |