From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id kBZ0HGxpcWMVTAAAbAwnHQ (envelope-from ) for ; Sun, 13 Nov 2022 23:02:20 +0100 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id eGF9HGxpcWOH8AAA9RJhRA (envelope-from ) for ; Sun, 13 Nov 2022 23:02:20 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 5D5FF27F62 for ; Sun, 13 Nov 2022 23:02:18 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ouL2x-0001Qd-AV; Sun, 13 Nov 2022 17:01:47 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ouL2v-0001QT-8X for help-guix@gnu.org; Sun, 13 Nov 2022 17:01:45 -0500 Received: from linode.us-core.com ([2600:3c01::f03c:93ff:fe26:6229]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ouL2q-00071R-Jx for help-guix@gnu.org; Sun, 13 Nov 2022 17:01:45 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=AwS0MwGLNia3MDQ WS7me6H2f4VNq//5DLen+FvcsZTM=; h=cc:to:subject:date:from:in-reply-to: references; d=lease-up.com; b=Oi/i2zPS6KLlGmFB8hzpwWE2zXs4343oJkVRyu++ gCNte0Uk1q+rNhOnEqDAWKAlPN/2Yetlv4B6PXtUy2qYZtR1VZmXWSvkKdVUBeYMydL7jC 2g5NtDei/qzg6o484N6DYUGi+DG2OMRQTGZchIJLEGiW266p2bqHa69GXp3HY= Received: by linode.us-core.com (OpenSMTPD) with ESMTPSA id a12471a1 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for ; Sun, 13 Nov 2022 22:01:33 +0000 (UTC) Received: by mail-lf1-f54.google.com with SMTP id j4so16518375lfk.0 for ; Sun, 13 Nov 2022 14:01:33 -0800 (PST) X-Gm-Message-State: ANoB5pkQuJ5Vfzz7pQ7trnd+aph4zN0GuxamOTMXoV2L5SgyfNqAAmbp t8q+8/tW2Fy0EbG5iIGaMjxaPvL3H7JEYbgQJg4= X-Google-Smtp-Source: AA0mqf5CWh+wtJbqeUWj9OEUTAFVmDOEgUMl/CAjjV44tPkupMMnvnnmSmcCwy+NqkqStto+L69cT8R7X4AJkyWLe4M= X-Received: by 2002:ac2:47ea:0:b0:4b4:1324:6ed3 with SMTP id b10-20020ac247ea000000b004b413246ed3mr3242494lfp.19.1668376888984; Sun, 13 Nov 2022 14:01:28 -0800 (PST) MIME-Version: 1.0 References: <878rkeogks.fsf@dismail.de> <10E9DE33-3EE1-45F9-A408-9D1C11CBEC46@polidoro.io> In-Reply-To: <10E9DE33-3EE1-45F9-A408-9D1C11CBEC46@polidoro.io> Date: Sun, 13 Nov 2022 14:00:52 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: mbsync with XOAUTH2 SASL mechanism To: Peter Polidoro Cc: Joshua Branson , help-guix@gnu.org Content-Type: text/plain; charset="UTF-8" Received-SPF: pass client-ip=2600:3c01::f03c:93ff:fe26:6229; envelope-from=felix.lechner@lease-up.com; helo=linode.us-core.com X-Spam_score_int: 16 X-Spam_score: 1.6 X-Spam_bar: + X-Spam_report: (1.6 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_SBL_CSS=3.335, RCVD_IN_XBL=0.375, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Felix Lechner From: Felix Lechner via Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1668376940; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=AwS0MwGLNia3MDQWS7me6H2f4VNq//5DLen+FvcsZTM=; b=ZPUWfqqR23939YNW+Lhh/ugY92T7aR1fA4nzDvGZW+HIyI+e9ieviWmQkbU+ocI0WFE7fG dnEfK0+bJXjSaGEUiUNj7+SDN2u4sl8Crd/OtpbD00fvCqI17zc9TfXZTtQFNM4MS6/wNc mZoTBtS+fGllwXN1uAaKAk37cM0G38qKVuAJBJ81uzMSOipMD69PtyiTtAEmUv1zuEfH/C FaFQZ0rhaB0SjLjPthe3ZwsNCm3ZzwRWFYTPCdCvRaqP7Yf5T+HJmPRlxKCgZs3dphQ5jL 2Kz7BaqTHORHOtWMmd2LdjbnXnFlzVsa7HQsSdQ/9KZ+znoKctHqDxdE0kzVCg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1668376940; a=rsa-sha256; cv=none; b=CwbpB+kiQcN5MNK3vSsh/tkEHnQB9oND+c2NWB9R3xP99t2GsLdJa5tZzX4eyKJTUbuFfd acroa1+6JfVII7Qm0UX0h204QYLFGPqVTudF7LEW8R6VuQ0256tyEbb5EWcXwNYoWEEdN1 P0b2XErpL47pnZIA6omgiB2yIIChWH4YoTHQ7b8jrVb76Fs6LWPLkLF2JQ1G99HQn5YijF kNGm7yx8eiRpUWVoS1bjEv8sLPbSHL4qy1CAhfO1uFQG69uOsbuvLypgj/tpKuxhjuKHYv SzRfa9NV+7vPI+ztlY9ArufEjTMxhmJi6aB/85I9iPguG5JfLrozVuBs+Fj/+g== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=lease-up.com header.s=2017 header.b="Oi/i2zPS"; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 2.95 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=lease-up.com header.s=2017 header.b="Oi/i2zPS"; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 5D5FF27F62 X-Spam-Score: 2.95 X-Migadu-Scanner: scn1.migadu.com X-TUID: pmVdrgwoeQbM Hi Peter, On Sun, Nov 13, 2022 at 11:05 AM Peter Polidoro wrote: > > I do not know if OAuth2 refers to something proprietary While I cannot help much with your issue, the "Open Authentication" standard is open--although too complex even for some insiders: Eran Hammer resigned from his role of lead author for the OAuth 2.0 project, withdrew from the IETF working group, and removed his name from the specification in July 2012. Hammer cited a conflict between web and enterprise cultures as his reason for leaving, noting that IETF is a community that is "all about enterprise use cases" and "not capable of simple". "What is now offered is a blueprint for an authorization protocol", he noted, "that is the enterprise way", providing a "whole new frontier to sell consulting services and integration solutions". In comparing OAuth 2.0 with OAuth 1.0, Hammer points out that it has become "more complex, less interoperable, less useful, more incomplete, and most importantly, less secure". He explains how architectural changes for 2.0 unbound tokens from clients, removed all signatures and cryptography at a protocol level and added expiring tokens (because tokens could not be revoked) while complicating the processing of authorization. Numerous items were left unspecified or unlimited in the specification because "as has been the nature of this working group, no issue is too small to get stuck on or leave open for each implementation to decide." (internal quotes removed) [1] Kind regards Felix Lechner [1] https://en.wikipedia.org/wiki/OAuth