hngopher.com

       [HN Gopher] Deadline looms: Google Workspace mandates OAuth by S...
       ___________________________________________________________________
        
       Deadline looms: Google Workspace mandates OAuth by September 30
        
       Author : LinuxBender
       Score  : 23 points
       Date   : 2024-09-03 20:14 UTC (5 days ago)
        
 (HTM) web link (www.theregister.com)
 (TXT) w3m dump (www.theregister.com)
        
       | 486sx33 wrote:
       | Just another damn google profile that'll be "signed into" my
       | machine. I hate Google on outlook on Mac OS for this . It always
       | wants my web browser signed into my Gsuite account. Piss off
       | google
        
       | amaccuish wrote:
       | > Mobile Device Management platforms that configure IMAP, CalDAV,
       | CardDAV, POP or Exchange ActiveSync (Google Sync) are being
       | phased out as well
       | 
       | Hmm... No. ActiveSync remains available to Workspace (read "
       | Enterprise" customers), as well as IMAP, xDAV etc. The key part
       | is the pure basic auth, password auth, is deprecated. OAuth is
       | fine, and all these protocols support OAuth just fine.
       | 
       | (Of course, OAuth can also mean username/password auth, but it is
       | generally assumed that MFA comes in to play here).
       | 
       | Love the Register, but this poorly researched.
       | 
       | But also a massive problem for people who have scanners than send
       | stuff via SMTP, they now need to work via OAuth.
        
         | suprjami wrote:
         | > Love the Register, but this poorly researched.
         | 
         | I used to love The Register, but I sadly haven't seen a good
         | article from them in many years.
         | 
         | Everything that I've seen is clickbait bad opinion or just
         | outright wrong.
         | 
         | I now assume anything from them is rubbish and don't even waste
         | my time clicking the link, which is a very sad state for them.
        
           | kibibu wrote:
           | It's plausible that it's always been like this and you've
           | educated yourself out of their target audience
        
         | veeti wrote:
         | IMAP password authentication with generated app passwords still
         | works too.
        
       | hooverd wrote:
       | Scared me. I don't see anything about SAML being deprecated
       | thankfully.
        
         | amaccuish wrote:
         | Not sure what you mean, but if you're talking about auth'ing to
         | Google Workspace with an external IdP with SAML (here is being
         | talked about auth between the client and Google, like say with
         | IMAP, over OAuth, which in turn can use whatever, including
         | SAML), then no, you have nothing to worry.
        
       | beretguy wrote:
       | Our nonprofit uses Google workspace. Is there a good alternative
       | to migrate to?
        
         | cpach wrote:
         | Why do you need to migrate because of this change?
        
       | hulitu wrote:
       | > Deadline looms: Google Workspace mandates OAuth by September 30
       | 
       | Wow. Microsoft's stupidity (Windows Hello) is contagious. /s
        
       | simonw wrote:
       | I'm sure there's a sensible answer to this, anyone know why they
       | don't continue to support those older integrations (IMAP mail
       | clients etc) through offering per-app passwords?
       | 
       | So you could go somewhere and effectively say "issue me a
       | username and password that's just for my email client, which
       | doesn't provide access to any other Google services".
       | 
       | EDIT: Looks like they do offer exactly that feature, they call it
       | "app passwords": https://myaccount.google.com/apppasswords
       | 
       | Though it's weirdly open - that page says:
       | 
       | > Just like your normal password, this app password grants
       | complete access to your Google Account. You won't need to
       | remember it, so don't write it down or share it with anyone."
       | 
       | I don't want complete access, I just want access to email via
       | IMAP!
        
       | boneitis wrote:
       | > In less than a month, many third-party apps (mail, calendar,
       | etc.) will stop connecting to Workspace accounts.
       | 
       | For anyone else like myself who couldn't understand what was
       | changing:                 Examples of apps that don't support
       | modern security standards include:          Native mail,
       | contacts, and calendar sync applications on older versions of iOS
       | and OSX           Some computer mail clients, such as older
       | versions of Microsoft Outlook
       | 
       | https://support.google.com/a/answer/6260879?hl=en
       | 
       | Although I'm still not understanding how these applications
       | authenticate in the first place.
        
         | siva7 wrote:
         | What a terrible communication from Google if even tech savvy
         | people can't understand what's exactly changing for them.
        
       ___________________________________________________________________
       (page generated 2024-09-08 23:00 UTC)