[PATCH pve-manager 1/5] notifications: Add OAuth2 parameters to schema and add/update endpoints

Wed, 04 Feb 2026 08:16:21 -0800 

Add auth-method, as well as optional
oauth2-{client-id,client-secret,tenant-id,refresh-token} parameters to
prepare for OAuth2 support.

The auth-method parameter was previously implicit and inferred by
proxmox-notify based on the presence of a password. It is now made
explicit, however still kept optional and explicitly inferred in the
{update,create}_endpoint handlers to avoid breaking the API.

Signed-off-by: Arthur Bied-Charreton <[email protected]>
---
 PVE/API2/Cluster/Notifications.pm | 55 +++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/PVE/API2/Cluster/Notifications.pm 
b/PVE/API2/Cluster/Notifications.pm
index 8b455227..a45a15b2 100644
--- a/PVE/API2/Cluster/Notifications.pm
+++ b/PVE/API2/Cluster/Notifications.pm
@@ -941,6 +941,13 @@ my $smtp_properties = {
         default => 'tls',
         optional => 1,
     },
+    'auth-method' => {
+        description =>
+            'Determine which authentication method shall be used for the 
connection.',
+        type => 'string',
+        enum => [qw(google-oauth2 microsoft-oauth2 plain none)],
+        optional => 1,
+    },
     username => {
         description => 'Username for SMTP authentication',
         type => 'string',
@@ -951,6 +958,26 @@ my $smtp_properties = {
         type => 'string',
         optional => 1,
     },
+    'oauth2-client-id' => {
+        description => 'OAuth2 client ID',
+        type => 'string',
+        optional => 1,
+    },
+    'oauth2-client-secret' => {
+        description => 'OAuth2 client secret',
+        type => 'string',
+        optional => 1,
+    },
+    'oauth2-tenant-id' => {
+        description => 'OAuth2 tenant ID',
+        type => 'string',
+        optional => 1,
+    },
+    'oauth2-refresh-token' => {
+        description => 'OAuth2 refresh token',
+        type => 'string',
+        optional => 1,
+    },
     mailto => {
         type => 'array',
         items => {
@@ -1108,6 +1135,11 @@ __PACKAGE__->register_method({
         my $mode = extract_param($param, 'mode');
         my $username = extract_param($param, 'username');
         my $password = extract_param($param, 'password');
+        my $auth_method = extract_param($param, 'auth-method');
+        my $oauth2_client_secret = extract_param($param, 
'oauth2-client-secret');
+        my $oauth2_client_id = extract_param($param, 'oauth2-client-id');
+        my $oauth2_tenant_id = extract_param($param, 'oauth2-tenant-id');
+        my $oauth2_refresh_token = extract_param($param, 
'oauth2-refresh-token');
         my $mailto = extract_param($param, 'mailto');
         my $mailto_user = extract_param($param, 'mailto-user');
         my $from_address = extract_param($param, 'from-address');
@@ -1115,6 +1147,10 @@ __PACKAGE__->register_method({
         my $comment = extract_param($param, 'comment');
         my $disable = extract_param($param, 'disable');
 
+        if (!defined $auth_method) {
+            $auth_method = defined($password) ? 'plain' : 'none';
+        }
+
         eval {
             PVE::Notify::lock_config(sub {
                 my $config = PVE::Notify::read_config();
@@ -1126,6 +1162,11 @@ __PACKAGE__->register_method({
                     $mode,
                     $username,
                     $password,
+                    $auth_method,
+                    $oauth2_client_id,
+                    $oauth2_client_secret,
+                    $oauth2_tenant_id,
+                    $oauth2_refresh_token,
                     $mailto,
                     $mailto_user,
                     $from_address,
@@ -1187,6 +1228,11 @@ __PACKAGE__->register_method({
         my $mode = extract_param($param, 'mode');
         my $username = extract_param($param, 'username');
         my $password = extract_param($param, 'password');
+        my $auth_method = extract_param($param, 'auth-method');
+        my $oauth2_client_secret = extract_param($param, 
'oauth2-client-secret');
+        my $oauth2_client_id = extract_param($param, 'oauth2-client-id');
+        my $oauth2_tenant_id = extract_param($param, 'oauth2-tenant-id');
+        my $oauth2_refresh_token = extract_param($param, 
'oauth2-refresh-token');
         my $mailto = extract_param($param, 'mailto');
         my $mailto_user = extract_param($param, 'mailto-user');
         my $from_address = extract_param($param, 'from-address');
@@ -1197,6 +1243,10 @@ __PACKAGE__->register_method({
         my $delete = extract_param($param, 'delete');
         my $digest = extract_param($param, 'digest');
 
+        if (!defined $auth_method) {
+            $auth_method = defined($password) ? 'plain' : 'none';
+        }
+
         eval {
             PVE::Notify::lock_config(sub {
                 my $config = PVE::Notify::read_config();
@@ -1208,6 +1258,11 @@ __PACKAGE__->register_method({
                     $mode,
                     $username,
                     $password,
+                    $auth_method,
+                    $oauth2_client_id,
+                    $oauth2_client_secret,
+                    $oauth2_tenant_id,
+                    $oauth2_refresh_token,
                     $mailto,
                     $mailto_user,
                     $from_address,
-- 
2.47.3

Reply via email to