OAuth for Gmail

Introduction

With OAuth, your Gmail email account can by synchronized with Nuevasync without ever revealing your Google password. It also restricts access to e-mail alone: the authorization you grant cannot be used to access any other Google service or to login to Google's website. That authorization is combined with our own unique key to provide secure access to your account.

How does it work?

Interested users may wish to check OAuth.net and the Wikipedia OAuth pages for detailed information on how OAuth works. In brief, instead of using your username and password to login to Google services, Nuevasync uses its own identification to request authorization from Google to access your account for a specific, limited purpose. After you log into your account at Google to authorize our request, we are given an access token by Google. We can't use the token for anything but the specific purpose (aka "scope") of accessing e-mail. The token can also be revoked by you at any time, immediately cutting off access, without having to change your Google password. After we have the token, it is used along with our own portion, called a "key", to stamp every communication with Gmail with a unique signature. The signature provides secure access, because not only does it combine your token and our key for identification, it uses "secrets", which are required to produce an accurate signature but are not transmitted with the request, preventing forgeries. All these features as a whole provide a system that is much more secure-and private-than standard, password-based authentication mechanisms.

Is that all?

No, it is important to note that all our e-mail communication with Google, with or without OAuth authentication, is done under SSL/TLS encryption, and that all communication between mobile devices and our synchronization services is likewise encrypted. This mean you have end-to-end encryption from your phone to Nuevasync to Google and back again.


New Users and OAuth

New users don't need to take any special steps to use OAuth. When you setup your Gmail to synchronize, OAuth will be used by default.

New User Instructions

  • To enable e-mail, click the 'change' in the e-mail row.

email0a.png

  • Choose 'GMail/IMAP' and save.

email0b.png


email0c.png

  • On the quick setup page, follow the instructions and enter (or confirm) your Gmail or Google Apps e-mail address.
email3.png

  • When prompted by Google, click 'Grant Access.'
email4.png

  • That is all there is to it!
email6.png




Existing Users and OAuth

Users that were syncing before OAuth was introduce can upgrade to an OAuth token. This token removes and replaces the password we had stored with the new, secure token.

Existing User Instructions

  • From the status page, click 'setup' in the e-mail row.

email6.png

  • On the setup page, click the 'Request GMail Authorization' button in the lower right.

email7.png

  • When prompted by Google, click 'Grant Access.'
email4.png

  • That is all there is to it!
email6.png