[RFC] imap-send: support oauth2

[RFC] imap-send: support oauth2

[Nicolas Morey-Chaisemartin]

2FA/OAuth2 becoming a more and more regular thing these days (and a lot of SUSE devs being recently impacted by it), I've thrown together a quick patch
to allow imap-send to support it.
This uses https://github.com/jeffmahoney/oauth2-clientd. It can be used with Outlook365 or Gmail. It creates a file with a token to be used to authenticate.
As libcurl supports this type of authentication, it is quite easy from there.

With this patch you still get prompted for you password even though it is not used but it overall works.

Before going any further on this, I wanted some feedback on the approach itself.

---
 imap-send.c | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/imap-send.c b/imap-send.c
index bb085d66d105..951d6bca696a 100644
--- a/imap-send.c
+++ b/imap-send.c
@@ -91,6 +91,7 @@ struct imap_server_conf {
 	const char *folder;
 	const char *user;
 	const char *pass;
+	const char *oauth;
 	int use_ssl;
 	int ssl_verify;
 	int use_html;
@@ -105,6 +106,7 @@ static struct imap_server_conf server = {
 	NULL,	/* folder */
 	NULL,	/* user */
 	NULL,	/* pass */
+	NULL,   /* oauth */
 	0,   	/* use_ssl */
 	1,   	/* ssl_verify */
 	0,   	/* use_html */
@@ -1355,6 +1357,8 @@ static int git_imap_config(const char *var, const char *val, void *cb)
 		return git_config_string(&server.tunnel, var, val);
 	else if (!strcmp("imap.authmethod", var))
 		return git_config_string(&server.auth_method, var, val);
+	else if (!strcmp("imap.oauth", var))
+		return git_config_string(&server.oauth, var, val);
 	else if (!strcmp("imap.port", var))
 		server.port = git_config_int(var, val);
 	else if (!strcmp("imap.host", var)) {
@@ -1432,7 +1436,23 @@ static CURL *setup_curl(struct imap_server_conf *srvc, struct credential *cred)
 
 	server_fill_credential(&server, cred);
 	curl_easy_setopt(curl, CURLOPT_USERNAME, server.user);
-	curl_easy_setopt(curl, CURLOPT_PASSWORD, server.pass);
+
+	if (server.oauth) {
+		struct strbuf sb = STRBUF_INIT;
+		size_t sz;
+		char *token;
+
+		sz = strbuf_read_file(&sb, server.oauth, 0);
+		if (sz < 0)
+			die("failed to read oauth token file");
+
+		strbuf_trim_trailing_newline(&sb);
+		token = strbuf_detach(&sb, &sz);
+		curl_easy_setopt(curl, CURLOPT_XOAUTH2_BEARER, token);
+		free(token);
+	} else {
+		curl_easy_setopt(curl, CURLOPT_PASSWORD, server.pass);
+	}
 
 	strbuf_addstr(&path, server.use_ssl ? "imaps://" : "imap://");
 	strbuf_addstr(&path, server.host);
-- 
2.31.1.5.g533053588dc3

RE: [RFC] imap-send: support oauth2

[Felipe Contreras]

Nicolas Morey-Chaisemartin wrote:
> 2FA/OAuth2 becoming a more and more regular thing these days (and a lot of SUSE devs being recently impacted by it), I've thrown together a quick patch
> to allow imap-send to support it.
> This uses https://github.com/jeffmahoney/oauth2-clientd. It can be used with Outlook365 or Gmail. It creates a file with a token to be used to authenticate.
> As libcurl supports this type of authentication, it is quite easy from there.

While trying to implement this is nice, it takes way more effort just to
get a client id and secret than it takes to setup an app password.

Plus I think this is abusing Google Cloud Platform. The point is to
register an application once, and that application can have thousands of
users, not thousands of users registering thousands of applications each
used by a single user.

If you have an email service with OAuth2 authentication that doesn't
require a client secret, then yeah; OAuth2 makes sense. I am not aware
of any popular one though.

Cheers.

-- 
Felipe Contreras