Add XOAUTH2 support?

Kevin J. McCarthy kevin at
Thu Apr 4 16:17:32 UTC 2019

On Wed, Apr 03, 2019 at 06:47:19PM -0500, Alexander Perlis wrote:
>Mutt supports OAUTHBEARER. Would patches adding XOAUTH2 be welcome?

Authentication schemes and OAUTH/XOAUTH2/etc are not really my area. 
I'm Cc'ing the original contributor of the OAUTHBEARER patches. 
Brandon, I would greatly appreciate your input on this matter.

Based on your description, _technically_ it wouldn't be hard to refactor 
the existing functions with a XOAUTH2/OAUTHBEARER flag and just generate 
the correct string for each.  If it did get done, I would prefer it to 
be explicit (i.e. approach #2), and would lean toward XOAUTH2 not being 
auto-tried when the authenticators list is empty.

However, this feels to me like a step in the wrong direction.  The RFC 
is coming up on 4 years old, and as you mentioned Microsoft themselves 
had a hand in producing it.  Even though the patch probably wouldn't be 
horrific, it is still a technical burden for an already deprecated 
non-standardized scheme.

Unless Microsoft has indicated they have no intention of implementing 
OAUTHBEARER support, I would lean against the change.

Kevin J. McCarthy
GPG Fingerprint: 8975 A9B3 3AA3 7910 385C  5308 ADEF 7684 8031 6BDA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <>

More information about the Mutt-dev mailing list