Hi everyone,

 

With the ongoing deprecation of Basic Authentication by major providers like
Microsoft Office 365 and Google, I know many CLI mail users are struggling
to keep their headless setups working with modern OAuth2 requirements.

 

I notice many users are relying on third-party scripts like oauth2ms or
adapting mutt_oauth2.py to feed tokens to mbsync's PassCmd hook. 

 

I recently worked with the oidc-agent team to document a clean, native
alternative. oidc-agent is a dedicated daemon (similar to ssh-agent)
specifically designed to fetch and refresh OAuth2 tokens in the background.
It securely handles encryption natively and supports the "Device Code" flow
for completely headless servers.

 

It can seamlessly feed a valid access token directly into mbsync using the
standard PassCmd hook, without users needing to manually configure GPG pipes
or manage token files.

 

We just published step-by-step instructions on how to set this up here:

https://indigo-dc.github.io/oidc-agent/usage/email-clients/

 

Would the maintainers be open to adding oidc-agent to the official
documentation or wiki as a recommended OAuth2 helper? 

 

We believe this will give the community a much more robust option to keep
using mbsync without disruption. I'd be happy to submit a patch for your
docs if you are open to it!

 

Best regards,

Amin Mahnamfar

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
isync-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/isync-devel

Reply via email to