oauth2 with GMail?

Grant Edwards grant.b.edwards at gmail.com
Sun Sep 26 21:03:39 UTC 2021


On 2021-09-26, Hokan <hokan.hokan at gmail.com> wrote:

> Don't app-specific password act like second passwords and give full
> access to your Google account (not just mail)?

When you create the app-specific password it asks what type of app it
is. For mine, I selected "mail", so hopefully that only allows acces
to mail (haven't tested that).

> If so the granularity of oauth access would make it the better
> choice.

I think the granularity of oauth2 might be finer, but hopefully
app-specific passwords are granular enough.

> While you may need a GSuite (or whatever they call it now) account
> to create the project, once created it can be used outside that
> domain, including for a regular gmail account.

I don't think that's the domain I'm talking about. I'm talking about
the domain name you provide as part of your application's support and
privacy URLs when you create the "application" for which you download
oauth2 credentials. AFAICT, that's completely unrelated to the
Google/GMail account where you're creating the project/application. I
read somewhere that if you just use 'localhost' it'll let you slide
by.

> I created one and use it for regular Gmail and for accounts across
> half a dozen Gsuite domains (school, work, nonprofit, personal,
> etc.)  This email is being sent from Mutt using Oauth2.

What did you provide for your application's URLs when you create the
application for use with mutt?

--
Grant



More information about the Mutt-users mailing list