From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Andrew Cohen Newsgroups: gmane.emacs.devel Subject: Re: oauth2 support for Emacs email clients Date: Tue, 03 Aug 2021 16:21:35 +0800 Message-ID: <87r1fb7xbk.fsf@ust.hk> References: <52589.36892.953561.24840@gargle.gargle.HOWL> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="24317"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) To: emacs-devel@gnu.org Cancel-Lock: sha1:fY/L4kgDbhtZSIkaW+c0SZAPRTc= Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Tue Aug 03 10:22:32 2021 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mAph1-00068f-N7 for ged-emacs-devel@m.gmane-mx.org; Tue, 03 Aug 2021 10:22:31 +0200 Original-Received: from localhost ([::1]:40740 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mApgz-0008Fv-Tp for ged-emacs-devel@m.gmane-mx.org; Tue, 03 Aug 2021 04:22:29 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:38696) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mApgR-0007WH-GO for emacs-devel@gnu.org; Tue, 03 Aug 2021 04:21:55 -0400 Original-Received: from ciao.gmane.io ([116.202.254.214]:52240) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mApgP-0000iS-BT for emacs-devel@gnu.org; Tue, 03 Aug 2021 04:21:55 -0400 Original-Received: from list by ciao.gmane.io with local (Exim 4.92) (envelope-from ) id 1mApgM-00058I-Bp for emacs-devel@gnu.org; Tue, 03 Aug 2021 10:21:50 +0200 X-Injected-Via-Gmane: http://gmane.org/ Received-SPF: pass client-ip=116.202.254.214; envelope-from=ged-emacs-devel@m.gmane-mx.org; helo=ciao.gmane.io X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, NICE_REPLY_C=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:271954 Archived-At: >>>>> "RW" == Roland Winkler writes: RW> A year ago, there was a long thread "Making GNUS continue to RW> work with Gmail". Has there been any progress along these RW> lines? I have this working (my institution has required MS Azure authentication for some time and I had to put this together to continue using email :)) using oauth2.el It is not pretty, and not very user friendly (the setup on the MS and/or gmail side is pretty horrible but you seem to have already survived this part). It requires two minor lisp changes (which I haven't yet pushed to master): one for imap support of xoauth2, the other for smtpmail support (see below). But the truly hacky part---the information for refreshing the token is stored in an auth-source file, where the "secret" is a function that refreshes the token and returns the new credential. Once set up it works pretty well (although it asks for the password for the auth-source file frequently---I haven't had time to learn how auth-source decides when a password is required so this should be easily fixable---its not frequent enough to really bother me and my emacs time is very limited these days). If you want to try it let me know and I'll try to walk you through the setup. diff --git a/lisp/gnus/nnimap.el b/lisp/gnus/nnimap.el index 3e2a202a6c..3cf65453f3 100644 --- a/lisp/gnus/nnimap.el +++ b/lisp/gnus/nnimap.el @@ -599,6 +599,13 @@ nnimap-login (eq nnimap-authenticator 'anonymous) (eq nnimap-authenticator 'login))) (nnimap-command "LOGIN %S %S" user password)) + ((and (nnimap-capability "AUTH=XOAUTH2") + (eq nnimap-authenticator 'xoauth2)) + (nnimap-command "AUTHENTICATE XOAUTH2 %s" + (base64-encode-string + (format "user=%s\001auth=Bearer %s\001\001" + (nnimap-quote-specials user) + (nnimap-quote-specials password))))) ((and (nnimap-capability "AUTH=CRAM-MD5") (or (null nnimap-authenticator) (eq nnimap-authenticator 'cram-md5))) diff --git a/lisp/mail/smtpmail.el b/lisp/mail/smtpmail.el index c1e2280033..a9c99aaf98 100644 --- a/lisp/mail/smtpmail.el +++ b/lisp/mail/smtpmail.el @@ -614,6 +614,14 @@ smtpmail-try-auth-method (base64-encode-string (concat "\0" user "\0" password) t)) 235)) +(cl-defmethod smtpmail-try-auth-method + (process (_mech (eql xoauth2)) user password) + (smtpmail-command-or-throw + process + (concat "AUTH XOAUTH2 " + (base64-encode-string + (concat "user=" user "\1auth=Bearer " password "\1\1") t)))) + (defun smtpmail-response-code (string) (when string (with-temp-buffer -- Andrew Cohen