IMAP OAUTHBEARER patch

Kevin J. McCarthy kevin at 8t8.us
Tue Jun 12 00:22:30 UTC 2018


On Mon, Jun 11, 2018 at 03:12:45PM -0700, Brandon Long wrote:
> Hey mutt-dev, long time no see.
> 
> Gmail supports RFC 7628 for using OAUTH with IMAP, and they really don't
> like you using password based auth.  You can still enable "less secure
> apps" and then generate an application specific password, but I figured it
> was time to support it.

Hi Brandon,

Thank you for sending the patch.  I will take a closer look in a few
days when I have a bit more time.  Just after a quick look I have two
comments.

It would be good to initialize ibuf[0] to '\0' before performing the
safe_strcat.

Also, are you confident of the static buffer sizes?  (I'm not familiar
with OAUTH specs, so I have no idea).  A couple years ago I had to
change imap_auth_sasl to use dynamic sized buffer because even
HUGE_STRING wasn't big enough for someone [1cab7de7].

-- 
Kevin J. McCarthy
GPG Fingerprint: 8975 A9B3 3AA3 7910 385C  5308 ADEF 7684 8031 6BDA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-dev/attachments/20180612/470ad10c/attachment.asc>


More information about the Mutt-dev mailing list