

Gmail rolls out OAuth over IMAP for the masses - yanowitz

I think this happened in the last 24 hours, no announcement that I've seen, but try:<p>USER:   openssl s_client -connect imap.gmail.com:993<p>SERVER: * OK Gimap ready for requests from 98.220.234.148 3if1337572iwn.10<p>USER:  C01 Capability<p>SERVER: * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA XLIST CHILDREN XYZZY SASL-IR AUTH=XOAUTH<p>That SASL-IR and AUTH=XOAUTH is new.<p>See http://sites.google.com/site/oauthgoog/Home/oauthimap for more on using it (still listed as experimental).
======
csarva
What's the point? Isn't OAuth all about 3-legged authentication scenarios? Why
would it be useful for IMAP, particularly when the provider, Google in this
case, already has your credentials.

~~~
yanowitz
3rd party app providers no longer need to ask for your U/P but can use OAuth
instead.

~~~
csarva
Ah, you mean 3rd party access to gmail via IMAPOauth. I forgot about services
like threadsy that do just that.

