Google Online Security Blog: Adding OAuth 2.0 support for IMAP/SMTP and XMPP to enhance auth security

Adding OAuth 2.0 support for IMAP/SMTP and XMPP to enhance auth security

September 17, 2012

Posted by Ryan Troll, Application Security Team(Cross-posted from the Google Developers Blog)we announcedOAuth 2.02-step verificationIMAP/SMTPXMPP

We are deprecating XOAUTH for IMAP/SMTP, as it uses OAuth 1.0a, which was previously deprecated. Gmail will continue to support XOAUTH until OAuth 1.0a is shut down, at which time support will be discontinued.

We are also deprecating X-GOOGLE-TOKEN and SASL PLAIN for XMPP, as they either accept passwords or rely on the previously deprecated ClientLogin. These mechanisms will continue to be supported until ClientLogin is shut down, at which time support for both will be discontinued.

Google Developers BlogOAuth 2.0 PlaygroundService AccountsUsing OAuth 2.0 to Access Google APIs

1 comment :

Anonymous said...: It's good to see more OAuth adoption from Google.

I have a question.
You mention in the article that you have deprecated OAuth 1.0a, and you're implementing OAuth 2.0.

Can you explain why you consider OAuth 2.0 more secure than 1.0a?

Also, which version of the OAuth 2.0 spec do you implement in your services?; September 17, 2012 at 4:09 PM

Security Blog

Adding OAuth 2.0 support for IMAP/SMTP and XMPP to enhance auth security

1 comment :

Labels

Archive

Feed