unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed
* mbsync with XOAUTH2 SASL mechanism
@ 2022-11-01 15:13 Peter Polidoro
  2022-11-13 18:27 ` Joshua Branson
  0 siblings, 1 reply; 6+ messages in thread
From: Peter Polidoro @ 2022-11-01 15:13 UTC (permalink / raw)
  To: help-guix

I am trying to setup an oauth2 email account to work with Emacs 
using mbsync (from the isync guix package) and mu4e.

I setup oauth2ms to fetch the token and setup mbsync to use 
oauth2ms for the PassCmd and XOAUTH2 for the AuthMechs.

Now when I run mbsync, I get the error:

IMAP error: selected SASL mechanism(s) not available;
   selected: XOAUTH2
   available: SCRAM-SHA-1 SCRAM-SHA-256 GS2-IAKERB GS2-KRB5 GSSAPI 
   GSS-SPNEGO DIGEST-MD5 EXTERNAL OTP CRAM-MD5 PLAIN ANONYMOUS

I found instructions online saying I need to install the xoauth2 
sasl plugin from https://github.com/moriyoshi/cyrus-sasl-xoauth2

What is the proper Guix way of getting mbsync to work with 
XOAUTH2? Should I try to package cyrus-sasl-xoauth2 or modify the 
isync package or something else? Thanks!


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: mbsync with XOAUTH2 SASL mechanism
  2022-11-01 15:13 mbsync with XOAUTH2 SASL mechanism Peter Polidoro
@ 2022-11-13 18:27 ` Joshua Branson
  2022-11-13 19:04   ` Peter Polidoro
                     ` (2 more replies)
  0 siblings, 3 replies; 6+ messages in thread
From: Joshua Branson @ 2022-11-13 18:27 UTC (permalink / raw)
  To: Peter Polidoro; +Cc: help-guix

Peter Polidoro <peter@polidoro.io> writes:

> I am trying to setup an oauth2 email account to work with Emacs using mbsync
> (from the isync guix package) and mu4e.
>
> I setup oauth2ms to fetch the token and setup mbsync to use oauth2ms for the
> PassCmd and XOAUTH2 for the AuthMechs.
>
> Now when I run mbsync, I get the error:
>
> IMAP error: selected SASL mechanism(s) not available;
>   selected: XOAUTH2
>   available: SCRAM-SHA-1 SCRAM-SHA-256 GS2-IAKERB GS2-KRB5 GSSAPI    GSS-SPNEGO
>  DIGEST-MD5 EXTERNAL OTP CRAM-MD5 PLAIN ANONYMOUS
>
> I found instructions online saying I need to install the xoauth2 sasl plugin
> from https://github.com/moriyoshi/cyrus-sasl-xoauth2
>
> What is the proper Guix way of getting mbsync to work with XOAUTH2? Should I try
> to package cyrus-sasl-xoauth2 or modify the isync package or something else?
> Thanks!
>

Man this sounds complicated!  haha.  I use isync too...but I do the
really really lazy (insecure) way via ~/.authinfo.

Joshua


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: mbsync with XOAUTH2 SASL mechanism
  2022-11-13 18:27 ` Joshua Branson
@ 2022-11-13 19:04   ` Peter Polidoro
  2022-11-13 22:00     ` Felix Lechner via
  2022-11-14 23:05   ` Tobias Geerinckx-Rice
  2022-11-15 15:43   ` jbranso
  2 siblings, 1 reply; 6+ messages in thread
From: Peter Polidoro @ 2022-11-13 19:04 UTC (permalink / raw)
  To: Joshua Branson; +Cc: help-guix


> Man this sounds complicated!  haha.  I use isync too...but I do the
> really really lazy (insecure) way via ~/.authinfo.
> 
> Joshua

I wish I did not have to have such a complicated setup. My work email account has just stopped allowing basic password authentication, however, so I can no longer use Emacs for my work email until I figure this out.

I do not know if OAuth2 refers to something proprietary, if so I apologize for bringing it up here. My only goal is to be able to use Emacs rather than proprietary software for my work email.

I submitted a patch for a “cyrus-sasl-xoauth2” package that may allow this to work, but I do not yet know enough about Guix packaging to complete the package. If anyone has a similar problem and has advice or can help I would really appreciate it. Thanks!

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: mbsync with XOAUTH2 SASL mechanism
  2022-11-13 19:04   ` Peter Polidoro
@ 2022-11-13 22:00     ` Felix Lechner via
  0 siblings, 0 replies; 6+ messages in thread
From: Felix Lechner via @ 2022-11-13 22:00 UTC (permalink / raw)
  To: Peter Polidoro; +Cc: Joshua Branson, help-guix

Hi Peter,

On Sun, Nov 13, 2022 at 11:05 AM Peter Polidoro <peter@polidoro.io> wrote:
>
> I do not know if OAuth2 refers to something proprietary

While I cannot help much with your issue, the "Open Authentication"
standard is open--although too complex even for some insiders:

Eran Hammer resigned from his role of lead author for the OAuth 2.0
project, withdrew from the IETF working group, and removed his name
from the specification in July 2012. Hammer cited a conflict between
web and enterprise cultures as his reason for leaving, noting that
IETF is a community that is "all about enterprise use cases" and "not
capable of simple". "What is now offered is a blueprint for an
authorization protocol", he noted, "that is the enterprise way",
providing a "whole new frontier to sell consulting services and
integration solutions". In comparing OAuth 2.0 with OAuth 1.0,
Hammer points out that it has become "more complex, less
interoperable, less useful, more incomplete, and most importantly,
less secure". He explains how architectural changes for 2.0 unbound
tokens from clients, removed all signatures and cryptography at a
protocol level and added expiring tokens (because tokens could not be
revoked) while complicating the processing of authorization. Numerous
items were left unspecified or unlimited in the specification because
"as has been the nature of this working group, no issue is too small
to get stuck on or leave open for each implementation to decide."
(internal quotes removed) [1]

Kind regards
Felix Lechner

[1] https://en.wikipedia.org/wiki/OAuth


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: mbsync with XOAUTH2 SASL mechanism
  2022-11-13 18:27 ` Joshua Branson
  2022-11-13 19:04   ` Peter Polidoro
@ 2022-11-14 23:05   ` Tobias Geerinckx-Rice
  2022-11-15 15:43   ` jbranso
  2 siblings, 0 replies; 6+ messages in thread
From: Tobias Geerinckx-Rice @ 2022-11-14 23:05 UTC (permalink / raw)
  To: Joshua Branson; +Cc: help-guix

[-- Attachment #1: Type: text/plain, Size: 217 bytes --]

Joshua Branson 写道:
> really really lazy (insecure) way via ~/.authinfo.

I'll keep this tangent short:

  ~ λ file .authinfo.gpg 
  .authinfo.gpg: data

(There is no step 2.)

Kind regards,

T G-R

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: mbsync with XOAUTH2 SASL mechanism
  2022-11-13 18:27 ` Joshua Branson
  2022-11-13 19:04   ` Peter Polidoro
  2022-11-14 23:05   ` Tobias Geerinckx-Rice
@ 2022-11-15 15:43   ` jbranso
  2 siblings, 0 replies; 6+ messages in thread
From: jbranso @ 2022-11-15 15:43 UTC (permalink / raw)
  To: Tobias Geerinckx-Rice; +Cc: help-guix

November 14, 2022 6:09 PM, "Tobias Geerinckx-Rice" <me@tobias.gr> wrote:

> Joshua Branson 写道:
> 
>> really really lazy (insecure) way via ~/.authinfo.
> 
> I'll keep this tangent short:
> 
> ~ λ file .authinfo.gpg
> .authinfo.gpg: data
> 
> (There is no step 2.)

hahaha!  what up friend?  My problem with that method 
(and yes I was once stupid enough to pull this off), was that I had 
created such a file with my gpg key, and then lost that key.  All my
passwords gone.  :(  Sad day.  

I'll tell you what, I'll go ahead and try to use a .authinfo.gpg again
and try password based encryption.  Can't hurt as long as I remember the password
somewhere.

Joshua

> 
> Kind regards,
> 
> T G-R


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2022-11-15 15:52 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-01 15:13 mbsync with XOAUTH2 SASL mechanism Peter Polidoro
2022-11-13 18:27 ` Joshua Branson
2022-11-13 19:04   ` Peter Polidoro
2022-11-13 22:00     ` Felix Lechner via
2022-11-14 23:05   ` Tobias Geerinckx-Rice
2022-11-15 15:43   ` jbranso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).