Google uses a custom implicit flow. Their endpoints are hardcoded in Outlook for example. Not exactly standard.
Scott On Thursday, 09/01/2025 at 16:13 Louis via mailop wrote: I had assumed that you didn't mean active server pages but now I am not so sure. Sorry, Application Specific Password. I should have clarified. I had assumed this term was more well-known than it is, but I realize now that it's not. It was only well-known by my brain, now I'm not even sure if it's an actual acronym that exists :). I hope some of what I said makes more sense now. I don't even know whether GMail uses any of them. True. They use standard OAuth for the whole authentication flow and token management, but the actual IMAP command where you use the token to authenticate with the server is non-standard. It's fairly well documented, though. All other providers that offer OAuth for IMAP have essentially copied Google in this, so the client implementation for all providers is the same. https://developers.google.com/gmail/imap/xoauth2-protocol Groetjes, Louis Op donderdag 9 januari 2025 om 15:47, schreef Andrew C Aitchison via mailop : On Tue, 7 Jan 2025, Louis via mailop wrote: > Hi Andrew, > > We seem to be talking about entirely different things. Everyone was > talking about having Gmail fetch messages from your server, you seem > to be talking about the opposite? Not really. I would like GMail to fetch from me in the same way that they want me to fetch from them. > The ASP I was talking about I had assumed that you didn't mean active server pages but now I am not so sure. > would be something to be managed entirely on your side, because > Gmail would be fetching from your server in this scenario. > I can't tell you what that would look like, as I don't manage your > servers :). The most common setup for smaller servers is of course a > single account password, and no ASP support. > >> I would not be happy letting GMail collect mail from me using a method >> that I cannot use to collect from them. > > You can implement a pop3 fetcher if you want. > Gmail has ASPs implemented, and you can use them with pop3: > https://support.google.com/accounts/answer/185833 > > Or you could implement an IMAP fetcher with OAuth for better UX than > the user having to create an ASP, but it's not strictly necessary. I understand that there are ways to alert servers where to look for the details they need to use OAuth, but I have seen a dozen "standards" and I don't even know whether GMail uses any of them. > I fully support Googles on enforcing ASPs or OAuth, I just wish they > made this option much more visible. > But of course making it more visible doesn't suit their interests. > So I suppose I half support their enforcement. > > L. Mark Stone not allowing forwarding is a choice, it's not one I would make, > but it's a perfectly fine choice that I assume they made based on the context > they operate their servers in. > > Hope that clears up everything from my end! -- Andrew C. Aitchison Kendal, UK [email protected] _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
