[conspire] prevalence of oauth2 why?!

Peter Knaggs peter.knaggs at gmail.com
Wed Feb 24 21:09:30 PST 2021


I've been noticing a disturbing trend toward the use of oauth2 and IPv6
for almost everything nowadays in corporate circles, for example
Slack and Microsoft Exchange.

Although applications like Thunderbird can be coaxed to
authenticate using oauth2, the configuration is quite awkward,
with the drop-down for oauth2 for the outbound smtp server
only appearing after the oauth2 setting has been made for
the imap server.

I thought oauth2 was intended more as an authorization
scheme for users of all those cloud services to grant access
to various pieces of data, it wasn't primarily intended for
use as an authentication mechanism, so why is it being
so heavily pushed?

The trouble with servers requiring the client to run an
IPv6 network stack is not that Linux doesn't have good IPv6 support,
it's that IPv6 is often not supported from virtual machines on bridged
mode wifi adapters (very few wifi chipsets have support for bridged mode).
In virtualbox a workaround is to install the Oracle-proprietary extensions
to enable USB ports and use the wifi card over USB instead
(so that the guest sees it and drives it directly, instead of the host
being the driver and bridging it to the guest). But overall, servers
forcing the client to connect using only an IPv6 address seems
unnecessarily draconian.

Cheers,
Peter.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20210224/988c75e3/attachment.html>


More information about the conspire mailing list