Package: sasl-xoauth2 Version: 0.20-1+b1 Severity: grave Tags: patch upstream
After upgrading the libcurl4t64 package from 8.16.0-1 to 8.17.0~rc3-1, sasl-xoauth2 stopped working. The output of `sasl-xoauth2-tool test-token-refresh` is the following, and is consistent with the Postfix log: Config check passed. auth failed: 2025-10-31 12:37:23: TokenStore::Read: file=/var/lib/postfix/sasl-xoauth2/<snip> 2025-10-31 12:37:23: TokenStore::Read: refresh=1//03k<snip>206, user= 2025-10-31 12:37:23: TokenStore::Refresh: attempt 1 2025-10-31 12:37:23: TokenStore::Refresh: token_endpoint: https://accounts.google.com/o/oauth2/token 2025-10-31 12:37:23: TokenStore::Refresh: request: client_id=69<snip> 0a9.apps.googleusercontent.com &client_secret=GOCS<snip>Ykw&grant_type=refresh_token&refresh_token=1//03k<snip>hxM 2025-10-31 12:37:23: TokenStore::Refresh: code=0, response={ "access_token": "ya2<snip>206", "expires_in": 3599, "scope": "https://mail.google.com/";, "token_type": "Bearer" } 2025-10-31 12:37:23: TokenStore::Refresh: request failed Token refresh failed. Note the `code=0` which should be `code=200`. This is despite the request clearly being successful, since we get a proper response back. This is being investigated upstream and I already sent in a patch: https://github.com/tarickb/sasl-xoauth2/issues/115
