Yes, at Kwaga we are using OAUTH access to IMAP for our smart notifier (which notifies you only of relevant mails) and this is done from a desktop application.
Nice. One thing about the screenshots though: "Gmail" is really *not* a sufficient way of telling the user that the third party will be able to access all his email...
OK. Let me elaborate my question on the benefits of OAuth in a desktop application.
If the mails are not sent to a 3rd party server and are only downloaded by a desktop app and stored in the local hard disk, what are benefits of OAuth as compared to storing the password directly?
Should a mail client like Thunderbird/Outlook start supporting OAuth? If yes, what will be the benefits?
As per my understanding, OAuth is designed so a that a web-app need not store the actual password. For desktop/local apps it is OK to store the password in a local repository.
hope granting third party apps to accessing feed inbox or imap through oAuth will logged in our logging Activity.like from where country IP's it's logged in.
assuming they support this for the enterprise or education editions of Google apps, it's an advantage if you're using single sign on, since you no longer have to provision user passwords to Google for IMAP access.
I told you a good news! I passed the OG0-9AB exam, The score is 89%, it is surprised for me. With Ourexam OG0-9AB exam material, make me get successful!
next goal is ST0-066 exam, my successful experice prove that choose a suitable piece of exam material is very necessary.
The detail of ST0-066 and OG0-9AB exam: OG0-9AB:http://www.ourexam.com/OG0-9AB.html ST0-066:http://www.ourexam.com/ST0-066.html
I have been looking around for this kind of information. Will you post some more in future? I’ll be grateful if you will.This is Prasen From a Top SEO Companyin the world.
For those wondering why you'd want to use OAuth for installed apps, one advantage for the user is that they can deauthorize your app without having to change their password and reauthorize all the other apps that access their Google accounts.
It also creates a lower bar of trust you need from the customer because, although you're getting access to mail as if you had their ID and password, they can limit your access to mail and keep you out of their other Google services.
You know, this really only works properly if you forward the request to the system standard browser (Mobile Safari on the iPhone) instead of having the Google login form directly in the app. If the Google login form gets presented in the app, who's to say that it's not spoofed by the app? How do you know you're not actually sending your password to the app and they're just proxying the request on the backend?
http://handsfree.ly is a mobile service that reads out gmails. You can read/reply/compose/pay contacts. handsfree.ly uses GMail OAuth, Yahoo BBAuth and PayPal Adaptive APIs.
We are building application using IMAP to copy email from first gmail account into second gmail account and it takes as much time as the size of email by first donwlaoding from first gmail account and then uplaoding into second gmail account. This becomes issues when user has emails with large attachemnt say 4-5 MB each. Will OAuth help to reduce this time or can it even directly do copy between two accounts from server without donwload and then upload. Any comment will be helpful.
I'm really glad to see this being implemented, and I hope developers of Gmail apps out there realize that they best be switching to using OAuth soon (if feasible of course).
I hate the idea of having to give my login details for my entire Google account to an application that just notifies me if I have new mail. I really can't wait to have OAuth support implemented so I no longer have to give out high-access credentials to a basic app.
We have just deployed new Gmail OAuth module at Showzey (http://www.showzey.com). Now, you can catalog all your photos from Gmail mailboxes without providing your password to Showzey.
Question: Does using OAuth change anything with regard to whether the user has to manually enable IMAP access before my third-party app can have access to the customer's email via IMAP? If not, is there any way to help the customer turn on IMAP support without making him/her go through these steps:
In other words, I'd like to simply ask the user for permission to access his/her email via IMAP, period. The user can say yes or no. No other passwords or fiddling with gmail settings. Is this possible using OAuth?
Will this provide any benefits to a desktop app that downloads mails using IMAP?
ReplyDeleteYes, at Kwaga we are using OAUTH access to IMAP for our smart notifier (which notifies you only of relevant mails) and this is done from a desktop application.
ReplyDeleteNice. One thing about the screenshots though: "Gmail" is really *not* a sufficient way of telling the user that the third party will be able to access all his email...
ReplyDeletehttps://www.el5yal.com/vb/
ReplyDeleteOK. Let me elaborate my question on the benefits of OAuth in a desktop application.
ReplyDeleteIf the mails are not sent to a 3rd party server and are only downloaded by a desktop app and stored in the local hard disk, what are benefits of OAuth as compared to storing the password directly?
Should a mail client like Thunderbird/Outlook start supporting OAuth? If yes, what will be the benefits?
As per my understanding, OAuth is designed so a that a web-app need not store the actual password. For desktop/local apps it is OK to store the password in a local repository.
Please correct me if I am missing something.
Will this provide access to google talk logs? So far I haven't been able to "liberate" those.
ReplyDeleteNot everyone wants to hear this on this particular post, but why on earth is the screenshot of an iPhone and NOT an Android?
ReplyDelete@Rohit
ReplyDeleteNope OAuth is developed so that your password won't fall into the wrong hands. Yor password is only exposed tot Google, not the 3rd party uhsing oAuth
@Abhiroop … soo true … and why not a screenshot of my HTC Magic with an already outdated operating system?
ReplyDeletehope granting third party apps to accessing feed inbox or imap through oAuth will logged in our logging Activity.like from where country IP's it's logged in.
ReplyDeleteNice work!
ReplyDelete@Baris,
ReplyDeleteI understand that. I was asking whether there is any advantage for using OAuth for a desktop app instead of storing the credentials locally.
@Rohit,
ReplyDeleteassuming they support this for the enterprise or education editions of Google apps, it's an advantage if you're using single sign on, since you no longer have to provision user passwords to Google for IMAP access.
Sweet!!!! This is totally awesome. :)
ReplyDeleteNow the question is when are we gonna have GTalk client that supports OAuth????
+ GTalk with OAuth is key for enterprises using googleapps with SAML SSO and don't wanna give out the Google Password Store passwords to their users.
ReplyDeleteI told you a good news! I passed the OG0-9AB exam, The score is 89%, it is surprised for me.
ReplyDeleteWith Ourexam OG0-9AB exam material, make me get successful!
next goal is ST0-066 exam, my successful experice prove that choose a suitable piece of exam material is very necessary.
The detail of ST0-066 and OG0-9AB exam:
OG0-9AB:http://www.ourexam.com/OG0-9AB.html
ST0-066:http://www.ourexam.com/ST0-066.html
How do users manage their oauth permissions (specifically for google apps)
ReplyDeleteI have been looking around for this kind of information. Will you post some more in future? I’ll be grateful if you will.This is Prasen From a Top SEO Companyin the world.
ReplyDeleteFor those wondering why you'd want to use OAuth for installed apps, one advantage for the user is that they can deauthorize your app without having to change their password and reauthorize all the other apps that access their Google accounts.
ReplyDeleteIt also creates a lower bar of trust you need from the customer because, although you're getting access to mail as if you had their ID and password, they can limit your access to mail and keep you out of their other Google services.
Nice to see this. Over here at NuevaSync we turned on IMAP and SMTP OAuth support for our GMail users earlier today. All seems to be working well.
ReplyDeleteWhy the code samples are not working ?? I am getting a unable to select folder message??
ReplyDeleteZend_Mail_Storage_Exception' with message 'cannot change folder, maybe it does not exist
You know, this really only works properly if you forward the request to the system standard browser (Mobile Safari on the iPhone) instead of having the Google login form directly in the app. If the Google login form gets presented in the app, who's to say that it's not spoofed by the app? How do you know you're not actually sending your password to the app and they're just proxying the request on the backend?
ReplyDeleteso that your password won't fall into the wrong hands. Yor password is only exposed tot GoogleCLICK
ReplyDeletehttp://handsfree.ly is a mobile service that reads out gmails. You can read/reply/compose/pay contacts. handsfree.ly uses GMail OAuth, Yahoo BBAuth and PayPal Adaptive APIs.
ReplyDeleteDoes IMAP Oauth support 2-legged Oauth via the Google Enterprise Consumer Key/Secret so applications can login to any mailbox in a Google App domain?
ReplyDelete@Kevin,
ReplyDeleteCan you please explain what you are trying to do?
There is no login in OAuth, but client Authorization using OAuth works for GAPE users.
Saqib
We are building application using IMAP to copy email from first gmail account into second gmail account and it takes as much time as the size of email by first donwlaoding from first gmail account and then uplaoding into second gmail account. This becomes issues when user has emails with large attachemnt say 4-5 MB each. Will OAuth help to reduce this time or can it even directly do copy between two accounts from server without donwload and then upload. Any comment will be helpful.
ReplyDeleteDoes this mean we can give permission to third party apps to access our Google Reader accounts without giving them the password as well?
ReplyDelete@shanmuga
ReplyDeleteI get that too, with the two-legged.php the three-legged does work. Not sure yet why.
@Saqib_Ali
ReplyDeleteI mean authenticating to IMAP using 2-legged authentication.
x AUTHENTICATE X-OAUTH ...
Using the Consumer Key and Consumer Secret provided by the Google Apps enterprise site.
I should probably investigate using 3-legged authentication instead.
I'm really glad to see this being implemented, and I hope developers of Gmail apps out there realize that they best be switching to using OAuth soon (if feasible of course).
ReplyDeleteI hate the idea of having to give my login details for my entire Google account to an application that just notifies me if I have new mail. I really can't wait to have OAuth support implemented so I no longer have to give out high-access credentials to a basic app.
We have just deployed new Gmail OAuth module at Showzey (http://www.showzey.com). Now, you can catalog all your photos from Gmail mailboxes without providing your password to Showzey.
ReplyDeletewhy is the user email address is required. Can I simply get it from google once I have an access token?
ReplyDeleteIt was working properly for me... until yesterday! Suddenly, it stopped connecting without notice. Did you change something in the API?
ReplyDeleteThe sample code doesnt work with Google App Engine
ReplyDeleteQuestion: Does using OAuth change anything with regard to whether the user has to manually enable IMAP access before my third-party app can have access to the customer's email via IMAP? If not, is there any way to help the customer turn on IMAP support without making him/her go through these steps:
ReplyDeletehttp://mail.google.com/support/bin/answer.py?answer=77695
In other words, I'd like to simply ask the user for permission to access his/her email via IMAP, period. The user can say yes or no. No other passwords or fiddling with gmail settings. Is this possible using OAuth?