Google makes Third-Party Apps More Secure by adding OAuth 2.0 for Gmail and Google Talk

News 0 1194
OAuth 2.0 for GmailCurrently OAuth 2.0 is supported almost by all of Google’s APIs. This framework allows third-party apps limited access to your data from other services, as their standard authentication mechanism. Thanks to Google OAuth 2.0 is at a step further by bringing it to IMAP/SMTP and XMPP, the protocols that allow third-party access to Google services like Gmail and Google Talk.

When clients use OAuth 2.0, they never ask users for passwords. Users have tighter control over what data clients have access to, and clients never see a user’s password, making it much harder for a password to be stolen. If an user has their laptop stolen, or has any reason to believe that a client has been compromised, they can revoke the client’s access without impacting anything else that has access to their data.
Google is also announcing the deprecation of older authentication mechanisms. If you’re using these you should move to the new OAuth 2.0 APIs.
  • Google is deprecating XOAUTH for IMAP/SMTP, as it uses OAuth 1.0a, which was previously deprecated. Gmail will continue to support XOAUTH until OAuth 1.0a is shut down, at which time support will be discontinued.

  • Google is also deprecating X-GOOGLE-TOKEN and SASL PLAIN for XMPP, as they either accept passwords or rely on the previously deprecated ClientLogin. These mechanisms will continue to be supported until ClientLogin is shut down, at which time support for both will be discontinued.

1,195 total views, 7 views today