emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: oauth2 support for Emacs email clients

From: Andrew Cohen
Subject: Re: oauth2 support for Emacs email clients
Date: Tue, 03 Aug 2021 16:21:35 +0800
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) 
>>>>> "RW" == Roland Winkler <winkler@gnu.org> writes:

    RW> A year ago, there was a long thread "Making GNUS continue to
    RW> work with Gmail".  Has there been any progress along these
    RW> lines?

I have this working (my institution has required MS Azure
authentication for some time and I had to put this together to continue
using email :)) using oauth2.el 

It is not pretty, and not very user friendly (the setup on the MS and/or
gmail side is pretty horrible but you seem to have already survived this
part).

It requires two minor lisp changes (which I haven't yet pushed to
master): one for imap support of xoauth2, the other for smtpmail support
(see below).

But the truly hacky part---the information for refreshing the token is
stored in an auth-source file, where the "secret" is a function that
refreshes the token and returns the new credential.

Once set up it works pretty well (although it asks for the password for
the auth-source file frequently---I haven't had time to learn how
auth-source decides when a password is required so this should be easily
fixable---its not frequent enough to really bother me and my emacs time
is very limited these days).

If you want to try it let me know and I'll try to walk you through the setup.

diff --git a/lisp/gnus/nnimap.el b/lisp/gnus/nnimap.el
index 3e2a202a6c..3cf65453f3 100644
--- a/lisp/gnus/nnimap.el
+++ b/lisp/gnus/nnimap.el
@@ -599,6 +599,13 @@ nnimap-login
              (eq nnimap-authenticator 'anonymous)
             (eq nnimap-authenticator 'login)))
     (nnimap-command "LOGIN %S %S" user password))
+   ((and (nnimap-capability "AUTH=XOAUTH2")
+         (eq nnimap-authenticator 'xoauth2))
+    (nnimap-command  "AUTHENTICATE XOAUTH2 %s"
+                     (base64-encode-string
+                      (format "user=%s\001auth=Bearer %s\001\001"
+                              (nnimap-quote-specials user)
+                              (nnimap-quote-specials password)))))
    ((and (nnimap-capability "AUTH=CRAM-MD5")
         (or (null nnimap-authenticator)
             (eq nnimap-authenticator 'cram-md5)))
diff --git a/lisp/mail/smtpmail.el b/lisp/mail/smtpmail.el
index c1e2280033..a9c99aaf98 100644
--- a/lisp/mail/smtpmail.el
+++ b/lisp/mail/smtpmail.el
@@ -614,6 +614,14 @@ smtpmail-try-auth-method
           (base64-encode-string (concat "\0" user "\0" password) t))
    235))
 
+(cl-defmethod smtpmail-try-auth-method
+  (process (_mech (eql xoauth2)) user password)
+  (smtpmail-command-or-throw
+   process
+   (concat "AUTH XOAUTH2 "
+           (base64-encode-string
+            (concat "user=" user "\1auth=Bearer " password "\1\1") t))))
+
 (defun smtpmail-response-code (string)
   (when string
     (with-temp-buffer





-- 
Andrew Cohen
reply via email to
[Prev in Thread] Current Thread [Next in Thread]