From a70e408dee5521f0d16ab288c02fa6e0e41114b5 Mon Sep 17 00:00:00 2001 From: M66B Date: Thu, 20 Jun 2019 12:07:07 +0200 Subject: [PATCH] Updated FAQ --- FAQ.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/FAQ.md b/FAQ.md index 737347b8b3..e8e6c2c375 100644 --- a/FAQ.md +++ b/FAQ.md @@ -1827,15 +1827,18 @@ Alternatively, you can *Delete local messages* by long pressing the folder(s) in **(111) Can you add OAuth authentication?** -OAuth authentication requires creating an online (Google, Microsoft, etc) app, -which would make authentication for many people dependent on one account, which is a bad idea. +(X)OAuth authentication, formerly available as *Select account* for Google accounts, requires creating an online (Google, Microsoft, etc) app, +which would make authentication for many people dependent on one (developer) account, which is a bad idea. -Google requires requesting special permission for the online app every year and has appeared to be unreliable in granting this permission. -When requested permission for FairEmail, the request was denied with the remark that send permission would be enough, right ... +Google requires requesting special permission for the online app and has appeared to be unreliable in granting this permission. +When requested permission for FairEmail, the request was denied with the remark that send permission would be enough, ... right. +An appeal was completely ignored, which is unfortunately typical for Google. +Also, Google requires a yearly security assessment which will cost between $15,000 and $75,000. +This is how you exclude independent developers ... Outlook and Hotmail do not properly support OAuth for IMAP/SMTP connections. [MSAL](https://github.com/AzureAD/microsoft-authentication-library-for-android) is supported for business accounts only -and OAuth requires embedding a client secret in the app. +and requires embedding a client secret in the app, which is not a good idea for an open source app.