Many people use it through Spring Security or Pac4j but the lib is relatively easy to use directly (particularly if you know the protocols) and can be used to add OIDC support to Java apps with much less complexity than those Spring or Pac4j authentication frameworks (but at the cost of having to handle some of the Web security yourself, mainly around CSRF)
In principle, I support the use of #OAuth2 for #IMAP/#SMTP authentication; I just wish it didn't make it so much harder to use my preferred mail clients for corporate #email accounts because each client's OAuth2 app key needs to be approved by the sysadmin.
Currently cranky that I can't use Mutt with a couple of O365 accounts, and wondering if I can do something sneaky like rip OAuth2 keys out of Thunderbird or something.
I'm messing around with #oauth2 on google. I want to do some of my own picture investigations.
I finally was able to retrieve 'mediaItems'. Now on to ingesting them into a little database... I think I'm going to go with #duckdb. Just because I need some experience with it.
Might as well use #sqlachemy so I can be reminded how much I dislike it.
How's your day going so far? Tell me what you've accomplished or what you hope to accomplish.
For me, I'm starting the day off my usual S'mores flavored iced coffee and just going to rest and relax. Yesterday was a very lazy day and I hope to do more of the same today.
Fraser will cover how distributed #authentication has evolved, and the place of technologies like #FIDO2#passkeys and external #OAuth2 providers in the new landscape.
@thunderbird Having been through this process at work recently, it seems that a possible cause of problems could be #Thunderbird not being set up to allow cookies (which privacy conscious users naturally tend not to permit). It seems that some #OAuth2 login pages may need cookies to be allowed in order to work, so it is probably worth adding this to the support page as a suggestion to check this setting.
For user accounts that have enabled multifactor authentication, how do you handle self-service password resets? On online platforms, it is usually possible to reset the password via email. I think that is fine for accounts that don't use multifactor authentication. But what if a user logs in with their phone number (They have no email, just the phone) and use text message as their second factor? Sending a password reset code via text message would be a bit stupid. This would mean that the user doesn't really have two-factor authentication if you can reset the first-factor with the second-factor.
I do currently not allow self-service password resets if a user has multifactor enabled. They are required to get in contact with customer support in that case. For our use-case this is ok, but it's obviously not very user-friendly. However, I don't really see a solution in the case where the phone number is the primary identifier and second-factor. I am interested in some thoughts on the topic.
I've been learning Android development the last week or so since I finally switched over to Android for my main device. For the most part, I understand how it works and feel like I've made progress.
But right now I feel kinda stuck. I haven't been able to find a good tutorial for using oauth in an app. I've tried looking at various open source projects for examples, but I'm still confused. Does anyone in the AndroidDev world know anything that might help?
Prior to #GoDaddy killing my #POP#Email client access on June 2 as part of #Microsoft's mandate to force users onto its #Exchange protocol, I switched from #Outlook 2016 to #Thunderbird 114 Beta (which still connects w/ #POP3 + #OAuth2 - unsure if it's a glitch, but it works)
At work, we recently migrated to MS 365 for part of our email management and I discovered a tiny useful piece of software that simplifies for me the OAUTH2 based idiosyncratic system of Outlook and its friends.
A proxy now allows me to still use mutt, fetchmail, msmtp and exim to read and write emails.
[Question] Stay with Gitea or jump to Forgejo?
Does anyone who’s more on the pulse of stuff than I know if I should stick with Gitea or jump to Forgejo while I can?...