Quoting Oswald Buddenhagen (2020-08-04 23:22:40) > what is the fundamental advantage over using a SASL plugin like > https://github.com/tarickb/sasl-xoauth2 ? >
There's more: https://github.com/robn/sasl2-oauth https://github.com/moriyoshi/cyrus-sasl-xoauth2.git All provide the same functionality - so, fundamental advantage? None. (I think it's the same functionality... I didn't actually use any of those tools, just briefly looked at the implementation) It would actually be better if this was handled by SASL. From pragmatic point of view? Currently, this (or any other SASL oauth) plugin isn't available in any of the upstream SASL implementations. I also can't find any attempts to merge it upstream. (it also isn't packaged by any of the distros that I'm using) I don't expect this to change anytime soon. From what I can see, this particular plugin only handles gmail: https://github.com/tarickb/sasl-xoauth2/blob/master/src/token_store.cc#L41 (that can be changed rather easily, well... mostly, there's a Google CLA required to contribute) It also doesn't handle the initial authorization - external tool (which can also generate tokens) still needs to be used for that. And that's fine - though I would expect oauth plugin to not access the tokens directly and instead use some kind of library (this library should also be used to handle the initial authorization and deal with abstracting the way that tokens are stored and accessed, similar to how krb5 is handled in sasl. Passing filesystem path as password is... not ideal ;) ). But it handles refresh, so that's kind of nice. The reasoning behind this patch, is mainly due to SASL lagging behind. Since client oauth2 support in various programming languages is more mature than SASL (hacking a simple CLI to generate tokens is rather easy), I thought that adding a built-in auth method that basically just wraps the token in a format string and base64 encodes it, is simple enough, that perhaps it makes sense. -Michał _______________________________________________ isync-devel mailing list isync-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/isync-devel
