IMAP OAUTHBEARER patch
Will Yardley
mutt-dev at veggiechinese.net
Wed Jun 13 04:42:33 UTC 2018
On Tue, Jun 12, 2018 at 09:36:34PM -0700, Brandon Long wrote:
> On Tue, Jun 12, 2018 at 8:32 PM Will Yardley <mutt-dev at veggiechinese.net>
> wrote:
>
> > On Mon, Jun 11, 2018 at 03:12:45PM -0700, Brandon Long wrote:
> > > Gmail supports RFC 7628 for using OAUTH with IMAP, and they really don't
> > > like you using password based auth. You can still enable "less secure
> > > apps" and then generate an application specific password, but I figured
> > it
> > > was time to support it.
> >
> > Awesome! Just curious, given the recent thread about 2FA, can this (and
> > does this) support 2 factor auth for IMAP as well?
>
> Recent thread?
Sorry, I meant:
http://lists.mutt.org/pipermail/mutt-users/Week-of-Mon-20180611/000250.html
> Generally speaking, OAUTHBEARER is not a two-factor authentication. When
> it comes to Google and GSuite, it doesn't require you to enable "less
> secure apps" and it doesn't require an Application Specific Password (ASP)
> when you have 2FA enabled on your account. It works by requiring you to
> login to Google (with 2FA if that's enabled), and getting a long lived
> "refresh token". It then exchanges that for a short lived "access token",
> which is good for about one hour. It's also "scoped" in that when you
> request the refresh token, you're asking for access to specific resources,
> in this case read/write access to your Gmail account. It's also "scoped"
> in the sense that it's tied to a specific application.
So with that, do you have to click through to a web browser to login? Or
does the Python script you're using allow terminal input for 2FA (and if
so, does it work correctly from within Mutt)?
It would be awesome if (either now or later), you could both avoid using
an application specific password, _and_ enter your 2 FA auth via console
prompts, vs. copying / pasting or clicking on a link.
w
More information about the Mutt-dev
mailing list