File Under: Identity, Social, Web Apps

Gmail Now More Secure With OAuth Support

Google has announced OAuth support for Gmail. The new features means that third-party applications can now access your Gmail account without needing your username and password.

OAuth allows outside applications to access your Gmail account with a single click — you’ll be redirected to Gmail where you can approve (or reject) applications that want access to your contacts and mail. Twitter has had OAuth support for a while, so if you’ve ever given a third-party website or application the permission to post something to your tweet stream, you’ve used this type of interaction before.

At the moment OAuth support is a Google Labs feature. Interested developers can get an overview of the process on the Google Labs site.

The most obvious benefit is social networking sites which often want to import your address book so you can find your friends on the new site. Previously, that meant handing over your username and password, something savvy users were loath to do. Now, outside sites can grab your address data without forcing you to give away the keys to your e-mail account.

Perhaps more important in the long-run, OAuth support also means that outside applications can interact with your mail. For the launch of OAuth support, Syphir has developed an iphone application that allows you to apply complex filters to your mail and use those filters to push, for example, only messages from your boss, on to your iPhone.

Unlike other push notification and Gmail apps in the iTunes Store, Syphir’s SmartPush never sees or stores your Gmail password thanks to the new OAuth support.

Other examples include Backupify, which will backup your Gmail account for safe, off-Google storage. Previously Backupify used traditional IMAP, which meant the site stored your username and password. Thanks to OAuth that’s no longer necessary.

Although OAuth is intended for webapps, it’s possible that desktop e-mail clients — like Mozilla’s Thunderbird — may also adopt the OAuth method.

See Also: