Gmail and OAuth in 2024
-
I haven't used Vivaldi Mail client and just decided to give it a try.
What I see now after I added my Gmail account to the mail client, is that the client uses OAuth and now Vivaldi started OAuth session in all other browser windows, not only mail client, so I am effectively authenticated in all Google services. This is something I want to avoid. Is there a way for mail client to authenticate independently?
I found that the issue was raised by users in 2021 https://forum.vivaldi.net/topic/66664/gmail-and-oauth, but things have changed a little since then, as less secure apps sign-in was disabled by Google https://support.google.com/accounts/answer/6010255?hl=en a month agoStarting on September 30, 2024, less secure apps, third-party apps, or devices that have you sign in with only your username and password will no longer be supported for Google Workspace accounts. For exact dates, visit Google Workspace Updates. To continue to use a specific app with your Google Account, you’ll need to use a more secure type of access that doesn’t share password data. Learn how to use Sign in with Google.
so probably the solution from those old thread is no longer valid and we cannot authenticate by app password into mail client anymore. Is there any other solution?
Vivaldi poses itself as a privacy-focused browser, so pushing the user to authenticate to Google session to use mail client is unacceptable. -
@astero Unsure... I think is only disabled for workspaces accounts (educational/enterprise).
Personal Gmail still works with app password or at least mine still work.
-
@astero said in Gmail and OAuth in 2024:
Vivaldi started OAuth session in all other browser windows
What does this mean exactly, other windows are showing the OAuth dialogue?
-
@mib2berlin said in Gmail and OAuth in 2024:
What does this mean exactly, other windows are showing the OAuth dialogue?
this means I am authenticated in all Google services immediately without any dialogs. When I type Gmail.com I get into my mailbox, in Google maps I am signed in my Google account, everywhere. Why the mail client authentication is linked with with the browser session?
-
@astero
Hm, it is not, I tested this with logout of my Google services, add mail account, go through the OAuth process.
Still not logged in Google, YT, Gmail web client.
Then I login into my second Google account, so the Vivaldi mail client use one account and the Gmail web client use a different account.
No idea why you are logged in automatically, I am not.
Cheers, mib
-
any idea why my browser behaves differently? I'm on the latest vivaldi 7.0. Here is my mail settings
-
@astero What may have occurred, is when you added the Gmail account to the Vivaldi Mail client, the Gmail login web page (which creates the OAuth token), may also have dropped a cookie that authenticates you for all Google services.
-
@edwardp said in Gmail and OAuth in 2024:
What may have occurred, is when you added the Gmail account to the Vivaldi Mail client, the Gmail login web page (which creates the OAuth token), may also have dropped a cookie that authenticates you for all Google services.
so this is undesirable behavior. Why Vivaldi does not prevent this?
-
by the way, I am seeing the opposite but equally stupid behavior with Vivaldi account. Even though I added Vivaldi mail account to the mail client, the Vivaldi forum and Vivaldi socials accounts stay unauthenticated, when I want the unified login into all Vivaldi services, not to sign in into each and other separately.
Why does Vivaldi behave so inconsistently with authentication? -
@Hadden89 said in Gmail and OAuth in 2024:
Personal Gmail still works with app password or at least mine still work.
yeah, you are correct. App Passwords still work, it just moved to the another settings section. Thanks for pointing out, I was able to add Gmail thru app passwords
-
@astero said in Gmail and OAuth in 2024:
@edwardp said in Gmail and OAuth in 2024:
What may have occurred, is when you added the Gmail account to the Vivaldi Mail client, the Gmail login web page (which creates the OAuth token), may also have dropped a cookie that authenticates you for all Google services.
so this is undesirable behavior. Why Vivaldi does not prevent this?
The OAuth token is generated by the Google/Gmail login page you are presented, during the addition of the account. It is Google that is providing the (separate) cookie that authenticates you across their services. That, apparently came from this Google login, which is outside Vivaldi's purview.
-
I created a bug VB-111328 for this problem.
