> I had assumed that you didn't mean active server pages but now I am not so
> sure.
Sorry, Application Specific Password. I should have clarified. I had assumed
this term was more well-known than it is, but I realize now that it's not. It
was only well-known by my brain, now I'm not even sure if it's an actual acronym
that exists :). I hope some of what I said makes more sense now.
> I don't even know whether GMail uses any of them.
True. They use standard OAuth for the whole authentication flow and token
management, but the actual IMAP command where you use the token to authenticate
with the server is non-standard. It's fairly well documented, though. All other
providers that offer OAuth for IMAP have essentially copied Google in this, so
the client implementation for all providers is the same.
https://developers.google.com/gmail/imap/xoauth2-protocol
Groetjes,
Louis
Op donderdag 9 januari 2025 om 15:47, schreef Andrew C Aitchison via mailop
<mailop@mailop.org>:
> On Tue, 7 Jan 2025, Louis via mailop wrote:
>
> > Hi Andrew,
> >
> > We seem to be talking about entirely different things. Everyone was
> > talking about having Gmail fetch messages from your server, you seem
> > to be talking about the opposite?
>
> Not really. I would like GMail to fetch from me in the same way that
> they want me to fetch from them.
>
> > The ASP I was talking about
>
> I had assumed that you didn't mean active server pages but now I am not so
> sure.
>
> > would be something to be managed entirely on your side, because
> > Gmail would be fetching from your server in this scenario.
> > I can't tell you what that would look like, as I don't manage your
> > servers :). The most common setup for smaller servers is of course a
> > single account password, and no ASP support.
> >
> >> I would not be happy letting GMail collect mail from me using a method
> >> that I cannot use to collect from them.
> >
> > You can implement a pop3 fetcher if you want.
> > Gmail has ASPs implemented, and you can use them with pop3:
> > https://support.google.com/accounts/answer/185833
> [https://support.google.com/accounts/answer/185833]
> >
> > Or you could implement an IMAP fetcher with OAuth for better UX than
> > the user having to create an ASP, but it's not strictly necessary.
>
> I understand that there are ways to alert servers where to look for
> the details they need to use OAuth, but I have seen a dozen
> "standards" and I don't even know whether GMail uses any of them.
>
> > I fully support Googles on enforcing ASPs or OAuth, I just wish they
> > made this option much more visible.
> > But of course making it more visible doesn't suit their interests.
> > So I suppose I half support their enforcement.
> >
> > L. Mark Stone not allowing forwarding is a choice, it's not one I would
> make,
> > but it's a perfectly fine choice that I assume they made based on the
> context
> > they operate their servers in.
> >
> > Hope that clears up everything from my end!
>
> --
> Andrew C. Aitchison Kendal, UK
> and...@aitchison.me.uk [and...@aitchison.me.uk]
> _______________________________________________
> mailop mailing list
> mailop@mailop.org [mailop@mailop.org]
> https://list.mailop.org/listinfo/mailop
> [https://list.mailop.org/listinfo/mailop]
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
