| 1 |
On Friday, 3 June 2022 02:45:11 BST Dale wrote: |
| 2 |
> Howdy, |
| 3 |
> |
| 4 |
> Early this morning Seamonkey could no longer fetch emails. It wouldn't |
| 5 |
> accept the username and password. I did some searching and it seems |
| 6 |
> that Google is disabling plain text username and password. Honestly, |
| 7 |
> sounds like a good idea really. During my searches, most recommended |
| 8 |
> OAuth2 so I switched to it. |
| 9 |
|
| 10 |
Err ... perhaps not? The use of a browser to delegate sign on is not |
| 11 |
necessarily a good idea, because it introduces layers of complication and with |
| 12 |
it potential vulnerabilities. Random explainer here: |
| 13 |
|
| 14 |
https://medium.com/securing/what-is-going-on-with-oauth-2-0-and-why-you-should-not-use-it-for-authentication-5f47597b2611 |
| 15 |
|
| 16 |
I recall some IMAP4 devs complaining about it, but Google pushed on |
| 17 |
regardless. From the end of May if you want to login to Gmail you have no |
| 18 |
option but to use OAuth2. I expect this will break some users login if they |
| 19 |
have not disabled what Google calls "Less secure application access" and |
| 20 |
shared with Google their mobile phone number and what other *private* |
| 21 |
information Google wants to know, before it allows you to access your email |
| 22 |
messages. |
| 23 |
|
| 24 |
|
| 25 |
> After a while, I noticed it wasn't downloading new emails |
| 26 |
> automatically. I have it set to check for new messages every 10 minutes |
| 27 |
> or so. I had to hit the Get Msgs button each time. I'd prefer it to do |
| 28 |
> it automatically. I tried restarting Seamonkey and even changing the |
| 29 |
> settings for doing it automatically, in case a config file needed |
| 30 |
> updating after the switch, still doesn't do it automatically. I'm |
| 31 |
> attaching a screenshot of the settings. |
| 32 |
> |
| 33 |
> Does using OAuth2 disable automatically fetching messages or am I |
| 34 |
> missing some other setting? It worked fine until I switched to OAuth2 |
| 35 |
> so I don't know what else it could be. Is there something better than |
| 36 |
> OAuth2 that gmail supports? I just picked the first option I found. |
| 37 |
> |
| 38 |
> Thoughts?? |
| 39 |
|
| 40 |
The OAuth2 mechanism will refresh exchange of tokens between client and server |
| 41 |
when they expire, but this should be seamless and transparent to the user. If |
| 42 |
there is a breakdown in the connection for some time and a token expires, then |
| 43 |
depending on the mail client it may pop up a window asking for your login |
| 44 |
credentials to be resubmitted. It does this occasionally on Kmail, but I have |
| 45 |
not noticed it on T'bird, which I believe is similar/same to the mail client |
| 46 |
of Seamonkey. |
| 47 |
|
| 48 |
Checking for emails every so often on a timer, is separate to authentication/ |
| 49 |
authorization. Whether you check for email manually, or after a timer |
| 50 |
triggers it, OAuth2 will kick in on each occasion as the next step. There may |
| 51 |
be some bug in Seamonkey. You could try a later version or try T'bird. If |
| 52 |
that works with the same settings, but Seamonkey doesn't, then by a process of |
| 53 |
elimination the issue would be with Seamonkey's implementation. |
| 54 |
|
| 55 |
HTH. |
Archives