On 2023-02-22, Taavi Eomäe via mailop <mailop@mailop.org> wrote: > This discussion is getting awfully close to reinventing OAuth2. > > It's quite clear by now that long-lived tokens that are nearly > impossible to properly revoke just don't work well in any human-operated > contexts. > > Hopefully we'll see an increase in the adoption of OAuth2 instead of > rather crude ways of mitigating only half of the issue. Large players > started pushing Oauth2 for both SMTP and IMAP for a really good reason > after all.
Ugh. Why should I need to use a program registered to the service provider in order to read my email? (Or in my case, register myself as a developer with Microsoft in order to allow me and my colleagues to read our own mail.) In what way is it easier to revoke an OAuth2 token than it is to change a password? Most people have no clue about how OAuth2 works. They just know that it's something that gets in the way of working practices they've been using for 40 years. _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop