1 |
On Friday, 3 June 2022 02:45:11 BST Dale wrote: |
2 |
> Howdy, |
3 |
> |
4 |
> Early this morning Seamonkey could no longer fetch emails. It wouldn't |
5 |
> accept the username and password. I did some searching and it seems |
6 |
> that Google is disabling plain text username and password. Honestly, |
7 |
> sounds like a good idea really. During my searches, most recommended |
8 |
> OAuth2 so I switched to it. |
9 |
|
10 |
Err ... perhaps not? The use of a browser to delegate sign on is not |
11 |
necessarily a good idea, because it introduces layers of complication and with |
12 |
it potential vulnerabilities. Random explainer here: |
13 |
|
14 |
https://medium.com/securing/what-is-going-on-with-oauth-2-0-and-why-you-should-not-use-it-for-authentication-5f47597b2611 |
15 |
|
16 |
I recall some IMAP4 devs complaining about it, but Google pushed on |
17 |
regardless. From the end of May if you want to login to Gmail you have no |
18 |
option but to use OAuth2. I expect this will break some users login if they |
19 |
have not disabled what Google calls "Less secure application access" and |
20 |
shared with Google their mobile phone number and what other *private* |
21 |
information Google wants to know, before it allows you to access your email |
22 |
messages. |
23 |
|
24 |
|
25 |
> After a while, I noticed it wasn't downloading new emails |
26 |
> automatically. I have it set to check for new messages every 10 minutes |
27 |
> or so. I had to hit the Get Msgs button each time. I'd prefer it to do |
28 |
> it automatically. I tried restarting Seamonkey and even changing the |
29 |
> settings for doing it automatically, in case a config file needed |
30 |
> updating after the switch, still doesn't do it automatically. I'm |
31 |
> attaching a screenshot of the settings. |
32 |
> |
33 |
> Does using OAuth2 disable automatically fetching messages or am I |
34 |
> missing some other setting? It worked fine until I switched to OAuth2 |
35 |
> so I don't know what else it could be. Is there something better than |
36 |
> OAuth2 that gmail supports? I just picked the first option I found. |
37 |
> |
38 |
> Thoughts?? |
39 |
|
40 |
The OAuth2 mechanism will refresh exchange of tokens between client and server |
41 |
when they expire, but this should be seamless and transparent to the user. If |
42 |
there is a breakdown in the connection for some time and a token expires, then |
43 |
depending on the mail client it may pop up a window asking for your login |
44 |
credentials to be resubmitted. It does this occasionally on Kmail, but I have |
45 |
not noticed it on T'bird, which I believe is similar/same to the mail client |
46 |
of Seamonkey. |
47 |
|
48 |
Checking for emails every so often on a timer, is separate to authentication/ |
49 |
authorization. Whether you check for email manually, or after a timer |
50 |
triggers it, OAuth2 will kick in on each occasion as the next step. There may |
51 |
be some bug in Seamonkey. You could try a later version or try T'bird. If |
52 |
that works with the same settings, but Seamonkey doesn't, then by a process of |
53 |
elimination the issue would be with Seamonkey's implementation. |
54 |
|
55 |
HTH. |