Jonathan Nieder wrote:
> I'll send a debdiff in a separate message.
Patch attached. Thoughts of all kinds welcome.
>From 31e72e18b9a9c97d67b685bbbe5b1278f5381835 Mon Sep 17 00:00:00 2001
From: Jonathan Nieder
Date: Sun, 5 Aug 2018 17:32:40 -0700
Subject: Apply Brandon Long's oauthbearer patches
---
debian/changelog | 11 +
debian/patches/series | 3 +
.../upstream/905551-oauthbearer-imap.patch| 237 +
.../upstream/905551-oauthbearer-refresh.patch | 467 ++
.../upstream/905551-oauthbearer-smtp.patch| 190 +++
5 files changed, 908 insertions(+)
create mode 100644 debian/patches/upstream/905551-oauthbearer-imap.patch
create mode 100644 debian/patches/upstream/905551-oauthbearer-refresh.patch
create mode 100644 debian/patches/upstream/905551-oauthbearer-smtp.patch
diff --git a/debian/changelog b/debian/changelog
index cc82620c..8dc191d7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+mutt (1.10.1-2) UNRELEASED; urgency=low
+
+ * debian/patches:
++ added upstream patches for OAUTHBEARER support by Brandon Long
+ (Closes: #905551).
+ + upstream/905551-oauthbearer-imap.patch
+ + upstream/905551-oauthbearer-smtp.patch
+ + upstream/905551-oauthbearer-refresh.patch
+
+ -- Jonathan Nieder Sun, 05 Aug 2018 17:31:32 -0700
+
mutt (1.10.1-1) unstable; urgency=medium
* New upstream release.
diff --git a/debian/patches/series b/debian/patches/series
index a19d2d26..12be8181 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,3 +9,6 @@ debian-specific/828751-pinentry-gpg2-support.patch
misc/gpg.rc-paths.patch
misc/smime.rc.patch
upstream/528233-readonly-open.patch
+upstream/905551-oauthbearer-imap.patch
+upstream/905551-oauthbearer-smtp.patch
+upstream/905551-oauthbearer-refresh.patch
diff --git a/debian/patches/upstream/905551-oauthbearer-imap.patch b/debian/patches/upstream/905551-oauthbearer-imap.patch
new file mode 100644
index ..06159d1c
--- /dev/null
+++ b/debian/patches/upstream/905551-oauthbearer-imap.patch
@@ -0,0 +1,237 @@
+From: Brandon Long
+Date: Mon, 11 Jun 2018 10:39:49 -0700
+Subject: Initial support for OAUTHBEARER for IMAP.
+
+commit 798f749eeeb98ed04028521a2eb3e505c1a83574 upstream.
+
+Gmail supports RFC 7628 for using OAUTH with IMAP, and they really don't
+like you using password based auth. You can still enable "less secure
+apps" and then generate an application specific password, but I figured it
+was time to support it.
+
+Being mutt, I punted on some of the "hard" work to an external script, ie
+getting/refreshing the OAUTH tokens. This avoids the issue of how do you
+have a client-id and client-secret for an open source project, and the fact
+that OAUTH discovery is still nascent, so you'd likely need separate things
+for each of the providers.
+
+At least for Gmail, you can use the oauth2.py script from Google's
+gmail-oauth2-tools:
+https://github.com/google/gmail-oauth2-tools/blob/master/python/oauth2.py
+
+You'd need to get your own oauth client credentials for Gmail here:
+https://console.developers.google.com/apis/credentials
+
+Then, you'd use oauth2.py with --generate_oauth2_token to get a refresh
+token, and configure mutt with:
+
+set imap_authenticators="oauthbearer"
+set imap_user=""
+set imap_pass=`/path/to/oauth2.py --quiet --user=
+--client_id= --client_secret=
+--refresh_token=`
+
+For this patch, I didn't add any new configuration, but I'm open to
+suggestions on that.
+
+The patch also only support SASL-IR to reduce round-trips to the server,
+but it's certainly possible to change that if we think there are
+OAUTHBEARER IMAP servers that don't support SASL-IR. It also requires the
+connection to be encrypted as the access token is re-usable for an hour or
+so. Again, Gmail only allows encrypted IMAP connections, not sure if any
+OAUTHBEARER services allow non-encrypted.
+
+Turns out that auth failure leaves you in SASL mode, so I have a hack to
+issue a noop command on error. Not sure if that's just OAUTHBEARER
+oddness, or whether I should be using lower level mutt imap functions.
+---
+ imap/Makefile.am| 7 +--
+ imap/auth.c | 1 +
+ imap/auth.h | 1 +
+ imap/auth_oauth.c | 104
+ imap/command.c | 1 +
+ imap/imap_private.h | 1 +
+ 6 files changed, 112 insertions(+), 3 deletions(-)
+ create mode 100644 imap/auth_oauth.c
+
+diff --git a/imap/Makefile.am b/imap/Makefile.am
+index 527b044f..199f6d6b 100644
+--- a/imap/Makefile.am
b/imap/Makefile.am
+@@ -13,12 +13,13 @@ else
+ AUTHENTICATORS = auth_anon.c auth_cram.c
+ endif
+
+-EXTRA_DIST = README TODO auth_anon.c auth_cram.c auth_gss.c auth_sasl.c
++EXTRA_DIST = README TODO auth_anon.c auth_cram.c auth_gss.c auth_oauth.c \
++ auth_sasl.c
+
+ AM_CPPFLAGS = -I$(top_srcdir) -I../intl
+
+ noinst_LIBRARIES = libimap.a
+ noinst_HEADERS = auth.h imap_private.h