[MlMt] oauth2

Randy Bush randy at psg.com
Mon Jun 6 16:56:58 EDT 2022

from the fediverse:

David Harris has been developing Pegasus Mail for the past 32 years, and
he recently tried to add OAUTH2 support to his software. He's got a few
harsh things to say:

...many of the goals of OAUTH2 are valid and worthwhile: my problems
with it are exclusively to do with how it has been implemented. In my
nearly thirty-five years of writing software in service of the Internet,
OAUTH2 is the worst-conceived piece of software design I have ever
encountered. More troublingly, it shows the increasing levels of control
and power exercised by large, usually American corporations over the
Internet, and the almost complete disregard they have for its historical
openness and inclusiveness. OAUTH2 is a major step on the way to an
Internet where the only players are large corporations, serving their
own interests in the name of profit and power. ...

OAUTH2 potentially requires client developers to produce different
modules for every service to which they wish to provide the ability to
connect. This is clearly a nonsense, and can be viewed as a cynical
corporate attempt to squeeze out small-to-medium developers who simply
won't have the resources to be able to provide custom-tuned
implementations for every OAUTH2 provider. ...

...because OAUTH2 appears to have been concocted almost entirely by web
developers, it has also required me to write nearly 7,000 lines of code,
just to support GMail...

I have today attempted to submit my application, Pegasus Mail, to GMail
to go through their "validation process". Clicking the button that said,
simply enough, "Publish App" took me to a bewildering, convoluted
multi-list screen of different terms, conditions and requirements ― even
including the demand that I make a Youtube video showing the code
operating (seriously?!). ...

But right at the end is the sucker punch ― Google will charge you from
"$10,000 to $75,000 or more" (their words, not mine) for this, and will
require you to go through the process (and of course, pay the fee)
annually. ...

More information about the mailmate mailing list