Gmail tucks up in bed with OAuth for third party app coders
Google account password no longer flea in ear
Google has added the OAuth standard to Gmail in a move to tighten up the security of its email accounts when a user authorises a third party developer to see their contacts list.
The feature is now available to developers via the Google Code Labs website.
Previously a user wanting to provide their contacts to a third party website or app such as Facebook were required to authorise that platform to access their Google account password.
OAuth stamps out that requirement, said Google's senior product manager Eric Sachs in a blog post yesterday.
"Most Google APIs support this OAuth standard, and starting today it is also available for the IMAP/SMTP feature of Gmail," he said.
Google added that it was working with Yahoo! and Mozilla on "a formal Internet standard for using OAuth with IMAP/SMTP".
It said SmartPush application developer Syphir was one of the first outfits to use the feature for Apple's iPhone.
"Unlike other push apps, Sypher's SmartPush application never sees or stores the user’s Gmail password thanks to this new OAuth support," said Sachs. ®