MBOX-Line: From blong at google.com Wed Sep 3 13:23:58 2014 To: imap-protocol@u.washington.edu From: Brandon Long Date: Fri Jun 8 12:34:53 2018 Subject: [Imap-protocol] Seeking clarity on Gmail "Access for less secure apps" setting for non XOAuth2 access In-Reply-To: References: <5400A146.4020602@mozilla.com> <54011E24.4080209@mozilla.com> <6f3e9961-32e6-4b4b-866f-7ce5526b0bf8@gulbrandsen.priv.no> <54062661.6020000@mozilla.com> Message-ID: On Wed, Sep 3, 2014 at 1:55 AM, Arnt Gulbrandsen wrote: > On Tuesday, September 2, 2014 10:19:45 PM CEST, Andrew Sutherland wrote: > >> It appears Gmail may actually be doing this, which is great news! >> > > WEBALERT is something gmail, and only gmail, does. I don't know what it > means, but it does mean something other than the completely general ALERT. > IMO WEBALERT is more usable from a client's point of view. > > What an unpleasant situation. Its basically an ALERT which directs the client to a web page. Although we've had free-form URLs in the error messages for years, this mechanism makes it easier to actually parse the URL out. Its currently only used for login errors related to our permission system, and was suggested by one of our client partners. Its assumed the client would redirect the user to that webpage, ie HTTP 302 style. One can imagine it being similar to implementing OAUTHBEARER where the cilent would need an embedded webview to perform the oauth authentication. It doesn't require an embedded webview like OAUTH, since its not expected that the client needs to scrape information out of the webview. Brandon -------------- next part -------------- An HTML attachment was scrubbed... URL: