I've recently seen the new Gmail API announced boasting of OAuth 2.0 user authentication.
I'm a bit concerned as within our enterprise Google Apps domain I've already integrated with Gmail using XOAUTH2. (Essentially XOAUTH2 includes OAuth 2.0 support for IMAP authentication).
Should I be concerned?
Does the new Gmail API spell the beginning of the end for XOAUTH2?
XOAUTH2 continues to be the preferred mechanism for authenticating to Gmail IMAP. XOAUTH2 is standard OAuth 2.0 plus a nonstandard SASL binding for OAuth. There is an emerging IETF standard SASL-OAuth binding. Once that becomes a standard, Gmail may implement it and encourage new development to use that mechanism. However, we'll continue to support XOAUTH2 for a long time.
The OAuth 2.0 part of XOAUTH2 is the same as you would use to authenticate to the Gmail API, so if you wanted to convert to the Gmail API, you could reuse any authorized tokens you already have.