mmh. what about Security? If they download locally via imap all your email for all your accounts or there is something more. anyway it is nice to read on Security page "Oauth2 over IMAP/SMTP "
Thanks for your feedback! Cypht is a thin client that only accesses E-mail using IMAP (or POP3). No E-mail content is maintained locally except in the server side session, and the browser local storage (session only). Cypht does store your E-mail account credentials between logins if you chose to (this behavior can be disabled). Outside of that, we only aggregate content in the browser, not on the server or in any permanent manner. There is a performance price, but it's worth it IMO.
I'm hosting my own e-mail; do you know if it's possible to set up exim / dovecot to support OAuth2 and what benefit would that provide over using e.g. LOGIN over tls?
Note that this seems to implement the Google-specific XOAUTH2, and doesn't implement the RFC7628 standard[0]. There is currently no open-source implementation of the Google-specific method on the server side, and a partial implementation of RFC7628 for Cyrus SASL[1]. Dovecot, unfortunately, contains its own SASL implementation which doesn't work with this, so you'd have to write your own from scratch.