Google is transforming the Email experience by extending the authentication to OAuth standard in it’s popular email service: Gmail. The move aims to harden the security of email accounts, after the having featured alerts for Simultaneous Logins, https implementation over last few days.
Normally, when a user authorises a third party developer (e.g. Facebook) to see their contacts list, he has to give-out password which is a very insecure way of doing things especially when the 3rd part app is not as trustworthy.
Now with OAuth, users will be transparently able to login, share contacts, just like they do with Twitter accounts. The feature is now available to developers via the Google Code Labs website.
Most Google APIs support this OAuth standard, and starting today it is also available for the IMAP/SMTP feature of Gmail.
Google added that it was working with Yahoo! and Mozilla on a formal Internet standard for using OAuth with IMAP/SMTP.
The apps have started arrive, The best example is the iPhone app: SmartPush – An Email client with push support based on OAuth on Gmail’s IMAP
While it is possible for a user to authorize this access by disclosing their Google Account password to the third party app, it is more secure for the app developer to use the industry standard protocol called OAuthwhich enables the user to give their consent for specific access without sharing their password. Most Google APIs support this OAuth standard, and starting today it is also available for the IMAP/SMTP feature of Gmail.
Google is next working with Mozilla (for thunderbird) and other companies to standardize this across email clients.