[Proposal] Use Windows' built-in email account support instead of communicating with email providers directly

[afustinoni-mdsol]

Describe the solution you'd like As things stand, Wino Mail integrates with email providers directly: adding a new account requires either entering username/password in the app or authorizing it via OAuth2. This leaves open the possibility for Wino - either intentionally or by takeover from a malicious actor - to upload these access tokens and allow a 3rd party access to the email accounts added without the user's knowledge.

Given that Windows 10/11 has built-in email account management and a set of APIs for email/calendar/address book apps to use to interact with them, it would be safer for Wino to not handle account credentials directly, and instead rely on the platform like the current Mail app does.

Users can add/remove or manage email accounts from the settings app, and Wino could navigate them to the relevant pages at the time of account creation.

Is your proposal implemented in Windows Mail? Yes, this is how Windows Mail operates

Additional context

Email account management UI in Windows 10 Settings app

[bkaankose]

Thank you for the proposal.

This is definitely a much better way to handle account management but it comes with a price.

1) Some capability declarations are need to access this info. These capabilities are restricted and reserved only for Microsoft apps. 2) Access token is not exposed. Your app is only titled to what Microsoft can provide. This limits some functionality that Wino has or may have in the future.

At this point it doesn't seem possible since it requires whole core library to be refactored. I understand all the concerns regarding storing tokens but there is not much I can provide to tackle this at this point unfortunately.

If there is a way to handle this better I'm willing to implement but using Email namespaces in UWP SDK means whole rewrite of the application right now.

[albertofustinoni]

I was going to open a ticket for the same feature, by chance I found this so posting here. I tried the app on a throwaway Gmail account and love its UI and the fact it's actually native, but the security concern blocks me from using it with my primary.

The language on the documentation pages makes it sound like the capabilities required are not reserved to Microsoft apps only though.

The functionality described in this topic is not available to all UWP apps. As part of the store app submission process, Microsoft must approve your use of these APIs and provision your developer account before you can publish an app that uses them.

@bkaankose Did you previously attempt submitting the app using these capabilities and got rejected? Because if that's the case the idea is immediately dead in the water as opposed to being a workload/implementation issue.

[bkaankose]

I was going to open a ticket for the same feature, by chance I found this so posting here. I tried the app on a throwaway Gmail account and love its UI and the fact it's actually native, but the security concern blocks me from using it with my primary.

The language on the documentation pages makes it sound like the capabilities required are not reserved to Microsoft apps only though.

The functionality described in this topic is not available to all UWP apps. As part of the store app submission process, Microsoft must approve your use of these APIs and provision your developer account before you can publish an app that uses them.

@bkaankose Did you previously attempt submitting the app using these capabilities and got rejected? Because if that's the case the idea is immediately dead in the water as opposed to being a workload/implementation issue.

I have never tried that because it's not something easy to achieve to be honest. Creating small PoC with those APIs won't past the submission. I would assume they only would allow fully features mail clients like Wino, but converting Wino to use those APIs is something not possible easily at this point.

[bkaankose]

Btw, current Beta version (v1.8.0+) uses WAM broker for Outlook authentication. This option puts your account into Settings -> Accounts section you mentioned since authentication is completely handled by integrated Windows instead of Wino. However, it's still not applicable for IMAP or Gmail accounts.

[albertofustinoni]

That's great to hear, even if I wouldn't be able to take advantage of it (use Gmail)!

Hopefully at some point Gmail will be able to be supported too!

[AkazaRenn]

If we implement it, will it also allow Gmail to be synced "as items arrive" without needing a background service? If that works it would be extremely valuable for Gmail users.

[bkaankose]

This is not possible without Microsoft's approval, and I don't think any Store app can use those APIs at the moment. Those APIs exist in the API layer for internal use only. I can't change whole app's infrastructure to give it a try as well since it's already complex enough.