April 7, 2010 at 00:14OAuth IMAP / SMTP Access in Gmail
- Transfer
Google has long believed that users should be able to export their data and use it with any other services at their discretion. Over the years, Gmail has supported the standard API through the POP and IMAP protocols, at no additional cost to our users. These efforts are consistent with our broader intentions to simplify access to data from third-party services.
In addition to simplifying the export of our data, we will also allow users to allow third-party (non-Google) applications and websites to access Google data. One of the most common examples is allowing access to your address book for a social network so that it sends invitations to your friends.
The user, of course, can provide his third-party Google account password to the application to allow such access, but there is a safer way - use the standard OAuth protocol, which allows the user to give their consent to access certain resources without telling their password. Most of the Google API features support OAuth, and starting March 30, 2010, it is also available for IMAP / SMTP in Gmail.
A new feature is available at Google Code Labs, and we have provided a site with documentation and code examples . In addition, Google has begun working with other companies such as Yahoo and Mozilla to create a standard for using OAuth with IMAP / SMTP (see the OAuth mailing list for IMAP for more information ).
One of the first companies to use the new feature is Syphir, in its SmartPush iPhone app, as shown in the screenshots. Unlike other similar applications, Syphir SmartPush never sees or saves the user password from GMail, precisely due to support for access through OAuth. We look forward to completing the development of a new standard for using OAuth with IMAP / SMTP and adding support to all email clients. Eric Sachs, Senior Product Manager
In addition to simplifying the export of our data, we will also allow users to allow third-party (non-Google) applications and websites to access Google data. One of the most common examples is allowing access to your address book for a social network so that it sends invitations to your friends.
The user, of course, can provide his third-party Google account password to the application to allow such access, but there is a safer way - use the standard OAuth protocol, which allows the user to give their consent to access certain resources without telling their password. Most of the Google API features support OAuth, and starting March 30, 2010, it is also available for IMAP / SMTP in Gmail.
A new feature is available at Google Code Labs, and we have provided a site with documentation and code examples . In addition, Google has begun working with other companies such as Yahoo and Mozilla to create a standard for using OAuth with IMAP / SMTP (see the OAuth mailing list for IMAP for more information ).
One of the first companies to use the new feature is Syphir, in its SmartPush iPhone app, as shown in the screenshots. Unlike other similar applications, Syphir SmartPush never sees or saves the user password from GMail, precisely due to support for access through OAuth. We look forward to completing the development of a new standard for using OAuth with IMAP / SMTP and adding support to all email clients. Eric Sachs, Senior Product Manager
