Sending this as an RFC to get early feedback on the overall direction. This series adds OAuth2 support for SMTP notification targets, motivated by Microsoft's upcoming deprecation of basic authentication for SMTP [1]. Google and Microsoft are supported as OAuth2 providers.
The main architectural decisions are: - OAuth2 refresh tokens are treated as state, not config. They are persisted in a separate JSON file and managed entirely from the Rust side via standard I/O. - The oauth2 crate is used with a local ureq backend (newtype over ureq::Agent), since the upstream ureq feature is currently patched out in Debian due to a ureq 2/3 version mismatch [2]. - Token refresh is triggered both proactively via pveupdate and when sending a notification to handle idle periods and providers like Microsoft that rotate refresh tokens on every use. Known issues: - Microsoft is untested (no test tenant, somehow impossible to create a free test account) [1] https://techcommunity.microsoft.com/blog/exchange/updated-exchange-online-smtp-auth-basic-authentication-deprecation-timeline/4489835 [2] https://git.proxmox.com/?p=debcargo-conf.git;a=blob;f=src/oauth2/debian/patches/disable-ureq.patch;h=828b883a83a86927c5cd32df055226a5e78e8bea;hb=refs/heads/proxmox/trixie proxmox: Arthur Bied-Charreton (5): notify: Introduce xoauth2 module notify: Add state file handling notify: Update Endpoint trait and Bus to use State notify: smtp: add OAuth2/XOAUTH2 authentication support notify: Add test for State proxmox-notify/Cargo.toml | 5 + proxmox-notify/debian/control | 12 +- proxmox-notify/src/api/common.rs | 70 ++++++- proxmox-notify/src/api/smtp.rs | 144 +++++++++++--- proxmox-notify/src/context/mod.rs | 2 + proxmox-notify/src/context/pbs.rs | 4 + proxmox-notify/src/context/pve.rs | 4 + proxmox-notify/src/context/test.rs | 4 + proxmox-notify/src/endpoints/gotify.rs | 4 +- proxmox-notify/src/endpoints/sendmail.rs | 4 +- proxmox-notify/src/endpoints/smtp.rs | 227 +++++++++++++++++++++-- proxmox-notify/src/endpoints/webhook.rs | 4 +- proxmox-notify/src/lib.rs | 157 ++++++++++++++-- proxmox-notify/src/xoauth2.rs | 146 +++++++++++++++ 14 files changed, 718 insertions(+), 69 deletions(-) create mode 100644 proxmox-notify/src/xoauth2.rs proxmox-perl-rs: Arthur Bied-Charreton (1): notify: update bindings with new OAuth2 parameters common/src/bindings/notify.rs | 44 +++++++++++++++++++++++++++++++---- 1 file changed, 40 insertions(+), 4 deletions(-) proxmox-widget-toolkit: Arthur Bied-Charreton (2): utils: Add OAuth2 flow handlers notifications: Add opt-in OAuth2 support for SMTP targets src/Utils.js | 84 +++++++++++++++ src/panel/SmtpEditPanel.js | 191 +++++++++++++++++++++++++++++++-- src/window/EndpointEditBase.js | 1 + 3 files changed, 265 insertions(+), 11 deletions(-) pve-manager: Arthur Bied-Charreton (5): notifications: Add OAuth2 parameters to schema and add/update endpoints notifications: Add refresh-targets endpoint notifications: Trigger notification target refresh in pveupdate notifications: Handle OAuth2 callback in login handler notifications: Opt into OAuth2 authentication PVE/API2/Cluster/Notifications.pm | 89 +++++++++++++++++++++++++++++++ bin/pveupdate | 9 ++++ www/manager6/Utils.js | 10 ++++ www/manager6/Workspace.js | 20 +++++++ 4 files changed, 128 insertions(+) pve-cluster: Arthur Bied-Charreton (1): notifications: Add refresh_targets subroutine to PVE::Notify src/PVE/Notify.pm | 6 ++++++ 1 file changed, 6 insertions(+) pve-docs: Arthur Bied-Charreton (1): notifications: Add section about OAuth2 to SMTP targets docs notifications.adoc | 44 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 40 insertions(+), 4 deletions(-) Summary over all repositories: 24 files changed, 1197 insertions(+), 88 deletions(-) -- Generated by murpp 0.9.0
