Support for OAUTH2

Question

Support for OAUTH2

swordfish22 opened this issue 3 years ago · 6 comments

Support for OAUTH2 would be desirable.

Answer 1 · 2021-11-24T14:58:22.000Z

A search for OAUTH clients on GitHub finds a number of implementations in various languages, including a Python implementation from Google. I'm slightly surprised there are none in C++ however.

A viable approach should be an auth module that embeds the Python interpreter and provides an interface to libESMTP via Python's C API as this avoids issues like finding a suitable library to handle https, used as an out-of-band mechansim in OAUTH.

Answer 2 · 2021-11-24T16:03:56.000Z

There is a C Plugin for Postfix, with a bunch of Python scripts to handle updating of the tokens. It's not the best documented code ever.

http://mmogilvi.users.sourceforge.net/software/oauthbearer.html
https://github.com/moriyoshi/cyrus-sasl-xoauth2

Answer 3 · 2021-11-24T16:37:10.000Z

RFC 5849 and RFC 6749 describe the OAUTH v1 and 2 protocols. RFC 7628 describes integration with SASL.

Answer 4 · 2022-02-03T23:47:42.000Z

One way to add OAUTH2 support (and in particular XOAUTH2, as used by Google) would be to replace the experimental GNU SASL support with Cyrus SASL, as there is a Cyrus SASL plugin for XOAUTH2.

Answer 5 · 2022-02-04T16:17:52.000Z

Actually I was thinking about this approach as I'd used Cyrus SASL in the past. I think there is some value in allowing this as an (experimental) alternative to the GNU SASL support; the obvious thing here is to have a compile time selection to select the SASL implementation - I think it should also be possible to have GNU or Cyrus alongside libESMTP's existing SASL implementation.

…

On 03/02/2022 23:47, Reuben Thomas wrote: One way to add OAUTH2 support (and in particular XOAUTH2, as used by Google) would be to replace the experimental GNU SASL support with Cyrus SASL, as there is a Cyrus SASL plugin <https://github.com/tarickb/sasl-xoauth2> for XOAUTH2. — Reply to this email directly, view it on GitHub <#12 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AFJ6VAFSYGPQR3I36TDSXIDUZMH2TANCNFSM5IWBH74Q>. Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. You are receiving this because you were assigned.Message ID: ***@***.***>

Answer 6 · 2022-10-22T20:24:36.000Z

Is there any suggestion on how to enable mail bot operation? How could the credentials provided automatically on client-auth?

I am not quite sure how to deal with python stuff in a C-world as mentioned above.

I also don't understand, whether OAUTH is for providing credentials. A short lookup told me it is for auth delegation, meaning signing in into an application by another one.