Closed Bug 1163347 Opened 5 years ago Closed 5 years ago

Don't require scope in ispdb config for OAuth2

Categories

(MailNews Core :: Networking, enhancement)

enhancement
Not set

Tracking

(thunderbird38+ fixed, thunderbird39 fixed, thunderbird40 fixed, thunderbird41 fixed)

RESOLVED FIXED
Thunderbird 41.0
Tracking Status
thunderbird38 + fixed
thunderbird39 --- fixed
thunderbird40 --- fixed
thunderbird41 --- fixed

People

(Reporter: rkent, Assigned: rkent)

Details

Attachments

(2 files)

Looking through the OAuth2 issues once more, currently we are requiring ispdb to configure a scope for particular OAuth2 implementation. But that scope is not actually used, instead we have hard-wired the scope (and other configuration details) so that the implementation only works for GMail. For future OAuth2 implementations, we would prefer to use dynamic registration and it is not clear what parameters we will need in ispdb. We should not be adding unneeded parameters there.
After the changes in this bug, the only change needed to enable OAuth2 for gmail.com domains will be to add a line offering OAuth2 as an authentication type. oauthsettings are gone.

Since we do not yet know what the final form of our multi-vendor (or dynamic) OAuth2 support will be, would should not be adding unneeded information that we will have to explain, document, and ultimately change when we support this better. OAuth2 will only work for google servers in Thunderbird 38
Now the hard part - who to review this. It would be good for jcranmer to review this, but he is tied up with a paper. Fallen at least has some oauth2 experience, so I guess I'll put him down as a backup.

Timing is tight for this. I want to enable OAuth2 in ispdb for the beta that we build on May 12, so this should go in before then.
Attachment #8603771 - Flags: superreview?(philipp)
Attachment #8603771 - Flags: review?(Pidgeot18)
Status: NEW → ASSIGNED
Attachment #8603771 - Flags: superreview?(philipp) → review?(philipp)
Comment on attachment 8603771 [details] [diff] [review]
Remove need for oauthSettings in ispdb files

Review of attachment 8603771 [details] [diff] [review]:
-----------------------------------------------------------------

lgtm, r=philipp
Attachment #8603771 - Flags: review?(philipp)
Attachment #8603771 - Flags: review?(Pidgeot18)
Attachment #8603771 - Flags: review+
http://hg.mozilla.org/comm-central/rev/b557915203f8
Severity: normal → enhancement
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 41.0
Attachment #8603771 - Flags: approval-comm-beta?
Attachment #8603771 - Flags: approval-comm-aurora?
Comment on attachment 8603771 [details] [diff] [review]
Remove need for oauthSettings in ispdb files

http://hg.mozilla.org/releases/comm-aurora/rev/5973695cf4b1
Attachment #8603771 - Flags: approval-comm-aurora? → approval-comm-aurora+
Comment on attachment 8603771 [details] [diff] [review]
Remove need for oauthSettings in ispdb files

TB 38: http://hg.mozilla.org/releases/comm-beta/rev/704add71dcf1
TB 39: http://hg.mozilla.org/releases/comm-beta/rev/9a426888dd49
Attachment #8603771 - Flags: approval-comm-beta? → approval-comm-beta+
> For future OAuth2 implementations, we would prefer to use dynamic registration and
> it is not clear what parameters we will need in ispdb.
> We should not be adding unneeded parameters there.

+1
You need to log in before you can comment on or make changes to this bug.