New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
XOAUTH2 implementation for Yahoo accounts #1698
Comments
Yahoo aren't being communicative on what endpoint you're supposed to hit :( |
@philipwhiuk - andris9/xoauth2@ae0667f Apologies in advance for nodejs, but I thought it might help anyway. 👍 |
Thanks! There's no scope in the project creation for Mail. But I might just try locally without the scope and see. As for the nodejs - unfortunately my day job is more and more JS every day so that's not a problem! |
Update on this. It doesn't work without the scope. Back in October I pinged Dylan Casey who manages Yahoo's OAuth2 infrastructure as to why. He said he'd get back to me. No word so I've asked for an update. |
good to hear, thanks for the effort! 👍 |
So to be clear: it's still the case that to use K-9 with Yahoo mail I will need to change the setting in my account there about "less secure apps" or whatever? |
Apparently Sky's version of Yahoo is getting this now and you may not be able to pick the option (TBA). It's still blocked by Yahoo not giving a damn. My 5 cents says move away from a provider who had a major security breach and then implemented this purely to save face as PR move. |
In yahoo account security page, you can create an "application password" to use in K9. So it seems they choose to deprecate XOAUTH2 |
The app pwd stuff works.in case anyone faces issues, just clear cache, FC app and launch. It would work.. |
Are there any instructions on how to use the "application password"? I can get one from Yahoo, but I can't figure out where to set it in K9. |
@DwayneJengSage Just use it in the password field, without any space. It will be normal password option. |
I guess XOAUTH2 is dead by now. The application password options works like a charm. |
Expected behavior
Yahoo accounts should be able to sign in, without enabling less secure apps.
NB: For POP3 XOAUTH2 isn't available on Yahoo. POP3 is deprecated anyway. We should probably also tell Yahoo users (notification) to migrate from POP3.
Actual behavior
Denied.
Steps to reproduce
Environment
K-9 Mail version: master
Android version: 7.0
Account type (IMAP, POP3, WebDAV/Exchange): IMAP
Developer notes
The work to implement some of the XOAUTH2 code is done in #1295
However the assumption was made that it would be Google accounts. So much of token refresh code works out of the box. This isn't true for Yahoo accounts. So some work needs to be done in terms of:
I suspect we'll have a hardcoded URL in the app somewhere for Yahoo's endpoint. But I'm speculating until I get my hands dirty again
The text was updated successfully, but these errors were encountered: