Hello Stephen. Stephen Isard wrote in <18561-1662420543-345...@sneakemail.com>: |On Mon, 5 Sep 2022, Steffen Nurpmeso steffen-at-sdaoden.eu |s-nail| wrote: |... |>|microsoft says it [basic authentication] will stop |>|working next month, which is why I am trying to set up |> |> They do?! | |They do. See |https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange\ |-onl |ine/deprecation-of-basic-authentication-exchange-online
Thanks. Microsoft instructions are pretty clear, but i will not be able to do this today. |> I have no idea how to get an application ID for S-nail that can |> simply be used. | |Nor do I, but alpine has a fairly painless process for setting up |xoauth2 for microsoft. See |https://alpineapp.email/alpine/alpine-info/misc/xoauth2.html (which |starts off by explaining that "The idea of XOAUTH2 is to create the |illusion of security"). Well i mean one thing there is with all this OAuth stuff, and that is that services are capable to identify clients, and therefore clients can be restricted in what they are allowed to do. That is not a bad thing. Especially with future protocols like JMAP, which will be able to drive the entire portfolio (mail, calendar, whatever). (Surely there are protocols which can do this already today, of course.) To me it is just that application specific passwords .. etc etc. And couldn't it have been integrated via Kerberos, etc etc. Thanks for the info. Yes i mean with the scripts from [1,2] it is fairly easy with s-nail, too. I will not integrate it into s-nail itself, because it needs HTTP, and -- this is what i said on an IETF list regarding all this, too, after someone said something "you are capable to do some HTTP, no?", in that spirit -- whereas HTTP 1.0 and 1.1 are easy, HTTP/2 is not even implemented by cURL, that uses an external library, and that in turn uses two other libraries to implement the QUIC variant, which is HTTP/3. [1] http://mmogilvi.users.sourceforge.net/software/oauthbearer.html [2] http://mmogilvi.users.sourceforge.net/downloads/oauthbearerScripts-2022-07-10.tar.bz2 My problem with it: if they want it, why not simply via some text messages via TLS, even -- what i said -- in the protocol itself, as an extension (just one back and forth it is), without JSON in the protocol, but as simple text K=V\0 pairs? But complaining does nothing to the actual reality, of course. Anyhow i will not blow up S-nail with HTTP easy now, hard later. And that "later" is soon given how they all hype QUIC at the moment. Granted: OpenSSL seems to implement its own QUIC driver, and since we do need and yes want OpenSSL, we would get QUIC via it, and then HTTP/[23] is possibly not that hard either. And maybe cURL to unfortunately not do socket programming on our own. Yes. So what you need is a client-id, and a client-secret, so that the service can decide what is to be granted for you, and the application you are actually using. These are very complicated to get, impossible to accomplish for Google in practice, except you let users go through a myriads of complicated "developer" things. Very user friendly. Whereas i somehow failed to configure Microsoft in June last year, and had lots of trouble with Google, i think it was because i use firefox-bin, as the interface was incomplete and what the help said i should use was simply not there!, it seems Alpine somehow got all this, when i look at https://repo.or.cz/alpine.git/blob/HEAD:/alpine/xoauth2.h i see 21 #define GMAIL_NAME (unsigned char *) "Gmail" 22 #define GMAIL_ID "624395471329-0qee3goofj7kbl7hsukou3rqq0igntv1.apps.googleusercontent.com" 23 #define GMAIL_SECRET "vwnqVJQrJZpR6JilCfAN5nY7" 24 #define GMAIL_TENANT NULL 25 #define GMAIL_FLAGS (OA2_AUTHORIZE) 26 27 #define OUTLOOK_NAME (unsigned char *) "Outlook" 28 #define OUTLOOK_ID "f21dcaf2-8020-469b-8135-343bfc35d046" 29 #define OUTLOOK_SECRET "Tk-DAcEi13-FeSsY_Ja4Y.-MyL66I.wIPt" 30 #define OUTLOOK_TENANT "common" 31 #define OUTLOOK_FLAGS (OA2_DEVICE) 32 33 #define YANDEX_NAME (unsigned char *) "Yandex" 34 #define YANDEX_ID "393578fee26f47858023cf59681882a7" 35 #define YANDEX_SECRET "7304c4993583498f8ab63e2f21ad6960" 36 #define YANDEX_TENANT NULL 37 #define YANDEX_FLAGS (OA2_AUTHORIZE) 38 39 #define YAHOO_NAME (unsigned char *) "Yahoo!" 40 #define YAHOO_ID "dj0yJmk9RTdyZEQ2TWxGMzV6JmQ9WVdrOWVrTllZbGgyV2tjbWNHbzlNQT09JnM9Y29uc3VtZXJzZWNyZXQmc3Y9MCZ4PTli" 41 #define YAHOO_SECRET "3a8b12d51c09b0a5c0733c36d04cd3c69e33baef" 42 #define YAHOO_TENANT NULL 43 #define YAHOO_FLAGS (OA2_AUTHORIZE) so it seems to be doable to get client IDs and client secrets for a console application for all these giants services! |I've also discovered davmail http://davmail.sourceforge.net/, which does |the xoauth2 stuff for you and shows your mail on a local server. It |works with s-nail and I'll use it if I can't manage to connect with |s-nail directly. You always find interesting software that i do not know about. Like that wrapper that made dumb console applications readline capable, and now this pretty looking thing! Not for me of course, much too large a thing. But looks pretty cool from reading! Ciao Stephen! --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
