A while ago I wrote a small utility mailctl [1] to provide IMAP/SMTP clients
(like msmtp, fdm, isync, mutt, etc.) with the capabilities of renewal and
authorization of OAuth2 credentials. mailctl acts as a kind of smart
password manager. In particular, access token renewal happens automatically
in the background transparent to the user.
Since the program written in Haskell I also provided precompiled binaries to
spare my potential users, most of them not Haskellers, from the
complications of compiling it. The program have become moderately popular.
However, little I knew how big can of worms I opened by releasing it to the
public.
As many others pointed out, the two main reasons for the difficulties with
OAuth are 1) the OAuth "standard" is terrible complex 2) the service
providers' API documentation is an impenetrable obscure mess, always one
step behind of the current working system. I have the feeling that the
second one is not just negligence but might also be an intentional hidden
lock-in mechanism by forcing the use of the vendors' ever changing API
libraries.
Since the program written in Haskell I also provided precompiled binaries to spare my potential users, most of them not Haskellers, from the complications of compiling it. The program have become moderately popular. However, little I knew how big can of worms I opened by releasing it to the public.
As many others pointed out, the two main reasons for the difficulties with OAuth are 1) the OAuth "standard" is terrible complex 2) the service providers' API documentation is an impenetrable obscure mess, always one step behind of the current working system. I have the feeling that the second one is not just negligence but might also be an intentional hidden lock-in mechanism by forcing the use of the vendors' ever changing API libraries.
[1] https://sr.ht/~petrus/mailctl/ also mirrored at https://github.com/pdobsan/mailctl