Google OAuth

Sun Jun 12 15:13:18 BST 2022

On Sonntag, 12. Juni 2022 15:22:20 CEST Adriaan de Groot wrote:
> Hi PIM-ish folks,
> 
> The board of KDE e.V. is the people who "own" the google point-of-contact.
> We don't actually know all of the googly-things that the KDE codebase does.
> This is a notification that arrived last month. It **possibly** concerns
> KDE -PIM. We got no response sending this on to the KDE-PIM mailing list,
> so I'm pinging you collectively here.
> 
> If it's not a PIM thing, then I guess we'll hear about it when the bug
> reports start rolling in :(

According to lxr the below client ID is used in
pim/kdepim-runtime/resources/google-groupware/googlesettings.cpp
pim/kdepim-runtime/resources/imap/gmailpasswordrequester.cpp
pim/kmailtransport/src/kmailtransport/plugins/smtp/smtpjob.cpp
and some examples for libkgapi.

I have no idea how this works and what needs to be done. I'm not even sure 
this is really needed. At least for gmail it seems to be possible to set up an 
application specific password to log in into your gmail POP3 or IMAP account 
according to what someone wrote on kdepim-users.

Regards,
Ingo

> > On Wed, May 4, 2022 at 5:28 AM Google Developers <GoogleDevelopers-
> 
> noreply at google.com> wrote:
> >> OAuth out-of-band flow will be blocked for your production OAuth clients.
> >> _Our records indicate you have OAuth clients that used the OAuth OOB flow
> 
> in the past._
> 
> >> Hello Google OAuth Developer,
> >> 
> >> We are writing to inform you that OAuth out-of-band (OOB) flow will be
> 
> deprecated on OCTOBER 3, 2022, to protect users from phishing and app
> impersonation attacks.
> 
> >> WHAT DO I NEED TO KNOW?
> >> 
> >> Starting OCTOBER 3, 2022, we will block OOB requests to Google's OAuth
> >> 2.0
> 
> authorization endpoint for existing clients. Apps using OOB in testing [1]
> mode will not be affected. However, we strongly recommend you to migrate
> them to safer methods as these apps will be immediately blocked when
> switching to in production [2] status.
> 
> >> NOTE: New OOB usage has already been disallowed since FEBRUARY 28, 2022.
> >> 
> >> BELOW ARE KEY DATES FOR COMPLIANCE
> >> 
> >> * SEPTEMBER 5, 2022: A user-facing warning message may be displayed to
> >> non-
> 
> compliant OAuth requests
> 
> >> * OCTOBER 3, 2022: The OOB flow is blocked for all clients and users will
> 
> see the error page.
> 
> >> Please check out our recent blog post about Making Google OAuth
> 
> interactions safer [3] for more information.
> 
> >> WHAT DO I NEED TO DO?
> >> 
> >> MIGRATE YOUR APP(S) TO AN APPROPRIATE ALTERNATIVE METHOD BY FOLLOWING
> >> THESE
> 
> INSTRUCTIONS:
> >> * Determine your app(s) client type [4] from your Google Cloud project by
> 
> following the client links below.
> 
> >> * Migrate your app(s) to a more secure alternative method by following
> >> the
> 
> instructions in the blog post above for your client type.
> 
> >> OAUTH CLIENT LIST:
> >> 
> >> * Project ID: api-project-554041944266 [6]
> >> 
> >> * Client: 554041944266.apps.googleusercontent.com [7]

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-pim/attachments/20220612/3a86aef8/attachment.sig>