• developer

    @j-ed I know, but has it any advantages?


  • @rfc2822 I think the main advantage is, that the user credentials are not involved in the authentication process and that the authentication process is secured by default. Due to the fact that more and more huge providers, like Google, Microsoft or Yahoo, are implementing OAuth2 to get rid of old fashioned user name/password combinations, it might be worth to support that mechanism in the future too.

    https://www.clowder.com/post/why-your-organization-should-be-using-oauth-2.0


  • Besides security concerns, we take advantage of Single Sign On. Our community server offers multiple services (nextcloud, gitlab, matrix, jitsi) and thanks to Oauth2 they can use same account for all of them. As a little plus, when you login to one service you are logged in all of them, and the same for logout.

    I think the point if Oauth is useful or not is somewhat irrelevant. Is a fact that some users (for whatever reasons) have an Oauth based system and it seems the number will grow on time.

    Of course I’m not asking anyone to implement nothing, I only say that it would be nice to have Oauth support 🙂

  • developer

    For Google: where do I get the Google “client ID” from? Shall it be

    1. an input field for users in the login activity or
    2. hardcoded for DAVx⁵?

    I guess the first case, because registering at Google for a client ID (which could be revoked at any time, which would then return DAVx⁵ unusable for all active users) sounds really strange for me. Also, the client ID would have to be in the source code, so anyone could use it. Furthermore, this would be only for Google, but then what about other OAuth providers (e.g. Owncloud)?

    So “normal users” are supposed to register in the Google API Console (or in their Owncloud or whatever they use), create a project there, get a client ID and insert it – together with the authentication URL – into DAVx⁵ for logging in?

    Or do I completely miss something here?


  • @rfc2822 Afaik, each user need to enter an OAuth id and secret to access Google data. You cannot hard-code one single id for all accounts. If you want I can send you my notes how I’ve configured Fetchmail so that it uses OAuth2 authentication.

  • developer

    @j-ed But that would mean that this authentication method is not for “normal users”, from whose one can’t expect to create an app project in some API console?


  • @rfc2822 That’s currently indeed my understanding if an application developer hasn’t ifully mplemented the API. As I wrote I tried to activate Fetchmail access and that was really a pain.

    Nevertheless implementing OAuth2 on an Android device seems to be easier somehow, because Google access is implemented on most devices by default. I’m e.g. using FairEmail as an email client and the developer has implemented the oauth2 workflow for Google, MS, etc.

    It might be worse to contact the developer how he has implemented the setup workflow or directly check his code:

    https://github.com/M66B/FairEmail/blob/b248dcf3ed0bf11786abae0244115eebb5461dff/app/src/main/res/xml/providers.xml

  • developer

    @j-ed FairEmail has the client IDs/secrects in the public source code (option 1 of the two I have posted). We could use their IDs instead of creating own ones 😉

    Google OAuth has apparently been removed from FairEmail in 2020:
    https://github.com/M66B/FairEmail/commit/aff5437184698224d7d2576409264151c818052b
    They seem to use their AUTH_TYPE_GMAIL instead. Does it require a Google account on the device?


  • @rfc2822 I used the automatic Gmail setup from FairEmail to get access to that email inbox. Due to the fact that I’d set-up my phone the ususal way, by linking it to my Gmail account, all default apps, like e.g. the default email program, worked out-of-the-box on my Samsung phone. FairEmail was able to take over these Gmail credentials without any problems.
    Unfortunately I cannot tell you if it also works without a preconfigured Gmail account.

  • developer

    @j-ed said in [Feature request] OAuth support:

    @rfc2822 I used the automatic Gmail setup from FairEmail to get access to that email inbox. Due to the fact that I’d set-up my phone the ususal way, by linking it to my Gmail account, all default apps, like e.g. the default email program, worked out-of-the-box on my Samsung phone. FairEmail was able to take over these Gmail credentials without any problems.
    Unfortunately I cannot tell you if it also works without a preconfigured Gmail account.

    That’s what I have assumed from the source code. But I also assume that it will only work with a preconfigured Google account, and users who use DAVx⁵ with Google often won’t have a Google account set up (otherwise they wouldn’t need DAVx⁵ and could just use the normal Google sync).

Similar topics

  • 3
  • 17
  • 3