• @rfc2822 said in [Feature request] OAuth support:

    • Nobody else has OAuth. I couldn’t find a single other CalDAV/CardDAV service. Do you know one?

    Hi,
    Not only Google uses OAuth, but also ownCloud does:
    https://marketplace.owncloud.com/apps/oauth2

  • developer

    @till Does owncloud’s OAuth actually work with CalDAV? This topic from 2019 doesn’t give a clear answer to me:

    I’m not aware of WebDAV/CalDAV clients with oauth2 support. Users need to create app passwords / tokens for WebDAV/CalDAV clients.

    [ https://github.com/owncloud/oauth2/issues/201 ]

    But you can use it with app passwords anyway.

    And as far as I know, owncloud doesn’t natively support CalDAV/CardDAV (just with not officially supported plugins).

  • admin

    @till We’ve been at the owncloud conference in 2019 and had a lot of talks with the people there - also about caldav and carddav. We had a nice collaboration with their app developers regarding our open source webdav libraries and app integration.

    However it turned out that they don’t (want to) put so much focus on calendar and contacts - it’s rather a side thing that should merely also work - but not as a main thing.


  • @devvv4ever
    @rfc2822 said in [Feature request] OAuth support:

    And as far as I know, owncloud doesn’t natively support CalDAV/CardDAV (just with not officially supported plugins).

    In ownCloud 10.6, calendar/contacts are installed by default as an official app, branded with ownCloud as the developer. They had an unofficial status before, so maybe they got an internal upgrade to an integrated/official “app”.
    One can then, optionally, use the (also “official” but) optional OAuth app to turn on two-factor authentication. Calendar/Contacts sync work with a single password when the OAuth plugin is switched off. When switched on, this plugin generates app-specific passwords automatically. This works well for iOS/macOS calendar/contact sync but not for DAVx.
    That said, I can live without Oauth, but I just wanted to point out that it’s not correct that no other provider besides Google supports OAuth.

  • developer

    @till said in [Feature request] OAuth support:

    That said, I can live without Oauth, but I just wanted to point out that it’s not correct that no other provider besides Google supports OAuth.

    Thanks for the update! So at the moment, it’s:

    1. Google (works without OAuth, too, but cumbersome)
    2. owncloud (works without OAuth without problems)

    I’m curious whether the list will grow. If you find another service, please let us know.


  • Thanks for all the responses and sharing your thoughts, I appreciate it.

    My previous post was a bit too vague, as I wasn’t really referring to other providers/services - I was (admittedly very selfishly) referring to the fact that G Suite is going to stop with less secure apps and app passwords and move to OAuth. At least, that’s what they emailed me previously and they said this change would be implemented from 15 February 2021 onwards. As it stands, I’m still happily using DAVx5 with the current setup so in that sense I cannot be complaining. I guess it is my personal choice to think about what to do once it really stops.

    In response to your question, my honest answer is I don’t know. I guess my thoughts were more like: how much of your users are G Suite users and how many of them will run into this problem-that-was-announced-but-apparently-is-not-a-problem-yet and admittedly I was simply assuming that you will have a lot of G Suite users, but perhaps this group isn’t as big as I assumed and therefore doesn’t require your priority. Perhaps it isn’t since you’re making it clear you’re not officially supporting Google with your app.

    EDIT: I have re-read that email from Google about 5 times now without getting any wiser. Perhaps I was wrong - mea culpa in that case.

  • developer

    @outsidethelight said in [Feature request] OAuth support:

    G Suite is going to stop with less secure apps and app passwords and move to OAuth. At least, that’s what they emailed me previously and they said this change would be implemented from 15 February 2021 onwards.

    Oh, I didn’t know that. That’s bad news. However they announce that for years and until now it still seems to work. Maybe they just want to increase pressure again or find a reason why they can finally drop CalDAV/CardDAV (by enforcing a system which nobody can use, so that they can later say it was not used).


  • @rfc2822 said in [Feature request] OAuth support:

    @outsidethelight said in [Feature request] OAuth support:

    G Suite is going to stop with less secure apps and app passwords and move to OAuth. At least, that’s what they emailed me previously and they said this change would be implemented from 15 February 2021 onwards.

    Oh, I didn’t know that. That’s bad news. However they announce that for years and until now it still seems to work. Maybe they just want to increase pressure again or find a reason why they can finally drop CalDAV/CardDAV (by enforcing a system which nobody can use, so that they can later say it was not used).

    I guess I shouldn’t be surprised if Google is up to nefariously trying to force something…

  • admin

    @outsidethelight

    I guess I shouldn’t be surprised if Google is up to nefariously trying to force something…

    true 😉


  • @rfc2822 Originally it was planned to disable LSA (less secure access) on February 15th 2021. Due to COVID-19 Google has suspended the LSA turn-off until further notice.

    https://workspaceupdates.googleblog.com/2020/03/less-secure-app-turn-off-suspended.html

    BTW, it might be worth to check how the developer of the FairEmail app has implemented Google OAuth2 authentication. It works like a charme once activated 😉

Similar topics