Add XOAUTH2 support?
Kevin J. McCarthy
kevin at 8t8.us
Thu Apr 4 16:17:32 UTC 2019
On Wed, Apr 03, 2019 at 06:47:19PM -0500, Alexander Perlis wrote:
>Mutt supports OAUTHBEARER. Would patches adding XOAUTH2 be welcome?
Authentication schemes and OAUTH/XOAUTH2/etc are not really my area.
I'm Cc'ing the original contributor of the OAUTHBEARER patches.
Brandon, I would greatly appreciate your input on this matter.
Based on your description, _technically_ it wouldn't be hard to refactor
the existing functions with a XOAUTH2/OAUTHBEARER flag and just generate
the correct string for each. If it did get done, I would prefer it to
be explicit (i.e. approach #2), and would lean toward XOAUTH2 not being
auto-tried when the authenticators list is empty.
However, this feels to me like a step in the wrong direction. The RFC
is coming up on 4 years old, and as you mentioned Microsoft themselves
had a hand in producing it. Even though the patch probably wouldn't be
horrific, it is still a technical burden for an already deprecated
non-standardized scheme.
Unless Microsoft has indicated they have no intention of implementing
OAUTHBEARER support, I would lean against the change.
--
Kevin J. McCarthy
GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-dev/attachments/20190404/51ed410c/attachment.asc>
More information about the Mutt-dev
mailing list