Re: oauth2 support for Emacs email clients

all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

From: Andrew Cohen <acohen@ust.hk>
To: emacs-devel@gnu.org
Subject: Re: oauth2 support for Emacs email clients
Date: Tue, 03 Aug 2021 16:21:35 +0800	[thread overview]
Message-ID: <87r1fb7xbk.fsf@ust.hk> (raw)
In-Reply-To: 52589.36892.953561.24840@gargle.gargle.HOWL

>>>>> "RW" == Roland Winkler <winkler@gnu.org> writes:

    RW> A year ago, there was a long thread "Making GNUS continue to
    RW> work with Gmail".  Has there been any progress along these
    RW> lines?

I have this working (my institution has required MS Azure
authentication for some time and I had to put this together to continue
using email :)) using oauth2.el 

It is not pretty, and not very user friendly (the setup on the MS and/or
gmail side is pretty horrible but you seem to have already survived this
part).

It requires two minor lisp changes (which I haven't yet pushed to
master): one for imap support of xoauth2, the other for smtpmail support
(see below).

But the truly hacky part---the information for refreshing the token is
stored in an auth-source file, where the "secret" is a function that
refreshes the token and returns the new credential.

Once set up it works pretty well (although it asks for the password for
the auth-source file frequently---I haven't had time to learn how
auth-source decides when a password is required so this should be easily
fixable---its not frequent enough to really bother me and my emacs time
is very limited these days).

If you want to try it let me know and I'll try to walk you through the setup.

diff --git a/lisp/gnus/nnimap.el b/lisp/gnus/nnimap.el
index 3e2a202a6c..3cf65453f3 100644
--- a/lisp/gnus/nnimap.el
+++ b/lisp/gnus/nnimap.el
@@ -599,6 +599,13 @@ nnimap-login
              (eq nnimap-authenticator 'anonymous)
             (eq nnimap-authenticator 'login)))
     (nnimap-command "LOGIN %S %S" user password))
+   ((and (nnimap-capability "AUTH=XOAUTH2")
+         (eq nnimap-authenticator 'xoauth2))
+    (nnimap-command  "AUTHENTICATE XOAUTH2 %s"
+                     (base64-encode-string
+                      (format "user=%s\001auth=Bearer %s\001\001"
+                              (nnimap-quote-specials user)
+                              (nnimap-quote-specials password)))))
    ((and (nnimap-capability "AUTH=CRAM-MD5")
         (or (null nnimap-authenticator)
             (eq nnimap-authenticator 'cram-md5)))
diff --git a/lisp/mail/smtpmail.el b/lisp/mail/smtpmail.el
index c1e2280033..a9c99aaf98 100644
--- a/lisp/mail/smtpmail.el
+++ b/lisp/mail/smtpmail.el
@@ -614,6 +614,14 @@ smtpmail-try-auth-method
           (base64-encode-string (concat "\0" user "\0" password) t))
    235))
 
+(cl-defmethod smtpmail-try-auth-method
+  (process (_mech (eql xoauth2)) user password)
+  (smtpmail-command-or-throw
+   process
+   (concat "AUTH XOAUTH2 "
+           (base64-encode-string
+            (concat "user=" user "\1auth=Bearer " password "\1\1") t))))
+
 (defun smtpmail-response-code (string)
   (when string
     (with-temp-buffer





-- 
Andrew Cohen

next prev parent reply	other threads:[~2021-08-03  8:21 UTC|newest]

Thread overview: 75+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-03  5:00 oauth2 support for Emacs email clients Roland Winkler
2021-08-03  6:32 ` Uwe Brauer
2021-08-03  8:21 ` Andrew Cohen [this message]
2021-08-03 19:38   ` Roland Winkler
2021-08-04  0:56     ` Andrew Cohen
2021-08-04  7:27       ` Andrew Cohen
2021-08-04  7:41       ` Andreas Schwab
2021-08-04 23:12         ` Andrew Cohen
2021-08-04  7:03   ` Lars Ingebrigtsen
2021-08-04  7:21     ` Andrew Cohen
2021-08-05 10:34       ` Lars Ingebrigtsen
2021-08-03  9:00 ` Gregory Heytings
2021-08-03 19:27   ` Roland Winkler
2021-08-03 22:02     ` Gregory Heytings
2021-08-05  0:21     ` Andrew Cohen
2021-08-10 14:39       ` Roland Winkler
2021-08-11  0:43         ` Andrew Cohen
2021-08-11  0:54           ` Andrew Cohen
2021-08-12  2:16             ` Richard Stallman
2021-08-12  2:33               ` Andrew Cohen
2021-08-03 20:21   ` Arthur Miller
2021-08-03 20:40     ` Gregory Heytings
2021-08-03 21:14       ` Eric Abrahamsen
2021-08-03 21:19         ` Gregory Heytings
2021-08-14 10:46       ` Richard Stallman
2021-08-14 11:12         ` Gregory Heytings
2021-08-14 11:47           ` Ulrich Mueller
2021-08-15  3:04           ` Richard Stallman
2021-08-15  3:04           ` Making your own application credentials as a user Richard Stallman
2021-08-15  4:10             ` Tim Cross
2021-08-03  9:20 ` oauth2 support for Emacs email clients Eric S Fraga
2021-08-03 11:17   ` Tim Cross
2021-08-03 12:55     ` Gregory Heytings
2021-08-03 13:14       ` tomas
2021-08-05 14:15         ` Richard Stallman
2021-08-03 15:04     ` Eric S Fraga
2021-08-03 19:45       ` Roland Winkler
2021-08-04  6:58         ` Eric S Fraga
2021-08-03 19:41   ` Roland Winkler
2021-08-04  6:59     ` Eric S Fraga
2021-08-04 14:45     ` Thomas Fitzsimmons
2021-08-04 22:45       ` Tim Cross
2021-08-04 23:29         ` Thomas Fitzsimmons
2021-08-05  7:45         ` Ulrich Mueller
2021-08-08  3:58       ` Richard Stallman
2021-08-09  8:30         ` Eric S Fraga
2021-08-12  2:15           ` Richard Stallman
2021-08-12 18:59             ` Roland Winkler
2021-08-03 23:38 ` Richard Stallman
2021-08-08  6:01   ` Roland Winkler
2021-08-08  6:30     ` Andreas Schwab
2021-08-08 23:48       ` Roland Winkler
2021-08-09  0:01         ` Andrew Cohen
2021-08-08  8:52     ` David Engster
2021-08-08 14:22       ` Thomas Fitzsimmons
2021-08-08 14:47         ` David Engster
2021-08-08 15:30           ` Thomas Fitzsimmons
2021-08-08 16:00             ` David Engster
2021-08-08 23:31               ` Roland Winkler
2021-08-10  2:01               ` Thomas Fitzsimmons
2021-08-10  9:07                 ` David Engster
2021-08-10 14:41                   ` Thomas Fitzsimmons
2021-08-10 15:56                     ` David Engster
2021-08-11  6:37                       ` Alexandre Garreau
2021-08-11  3:00                   ` Richard Stallman
2021-08-11  9:57                     ` David Engster
2021-08-13  3:10                       ` Richard Stallman
2021-08-11  2:55                 ` Richard Stallman
2021-08-14 15:00                   ` Thomas Fitzsimmons
2021-08-14 15:26                     ` Gregory Heytings
2021-08-08 16:05             ` Tim Cross
2021-08-09  8:39               ` Eric S Fraga
2021-08-10  3:29       ` Richard Stallman
2021-08-10  6:08         ` Tim Cross
2021-08-10 14:18           ` Roland Winkler

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:3e2a202a6 dfblob:3cf65453f dfblob:c1e228003 dfblob:a9c99aaf9 )
 OR (
bs:"Re: oauth2 support for Emacs email clients" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87r1fb7xbk.fsf@ust.hk \
    --to=acohen@ust.hk \
    --cc=emacs-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.