Hi Sean Regarding your statement: "The point of oAuth is that you can authorize 3rd parties without telling _that party_ your password. Basically, you tell Google your password, then Google hands you an oAuth token that you give to the 3rd party app, then the app uses that token to log in. "
I've managed to set up my Thunderbird client with Gmail and IMAP on my Windows PC, and I had to type my password in when I set up the email account in Thunderbird, so I don't understand the difference between that and K-9 Mail? Dave On Wednesday, 18 January 2017 19:52:27 UTC, Sean Greenslade wrote: > > On January 18, 2017 8:08:26 AM PST, 'Dave Rado' via K-9 Mail < > [email protected] <javascript:>> wrote: > >Many thanks, Philip. I'm confused, though. > > > >First of all, I've just looked up oAuth on Wikipedia and the > >explanation of > >how it works went over my head - I don't understand how it can be > >possible > >for my to authorise access without supplying a password. > > The point of oAuth is that you can authorize 3rd parties without telling > _that party_ your password. Basically, you tell Google your password, then > Google hands you an oAuth token that you give to the 3rd party app, then > the app uses that token to log in. > > I believe (not a security expert) that most of the security issues with > oAuth are with the machinations that occur to pass the token to the app > without user intervention. The actual login is reasonably secure. > > >But secondly, whenever I log into Google or Chrome or Gmail, I am asked > >for > >a password - so if Google themselves make me type my password, in order > >to > >sign in, how is that any different from me typing my password in the > >K-9 > >Mail sign-in screen when adding my Gmail account to K-9 Mail? > > Google is the second party. You have to tell them your password since > they're the ones deciding whether to log you in or not. K-9, however, is > not Google. Google doesn't want you to tell your password to 3rd party > software / services since they can't guarantee that software / service > isn't malicious. > > --Sean > > > -- You received this message because you are subscribed to the Google Groups "K-9 Mail" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
