Add XOAUTH2 support?

felixs besteck455 at
Fri Apr 12 07:10:40 UTC 2019

On Wed, Apr 10, 2019 at 04:57:50PM -0500, Alexander Perlis wrote:
> In case it helps inform a decision, here's the OAuth2 status of several
> IMAP providers:
>   OAUTHBEARER: Google, Yahoo, ATT, Comcast, Sky
>  XOAUTH2 only: Microsoft, AOL, Yandex
>       Neither: Apple, Cox, Zoho,, GMX, FastMail, 1&1
> For each service, I searched for the IMAP server name, then did
>   openssl s_client -crlf -connect IMAPSERVERNAME:993
> Typically they respond with * OK [CAPABILITY blablabla], but in some
> cases only with * OK so then I typed "a CAPABILITY".

> On Thu, 2019-04-04 at 10:37 -0700, Brandon Long wrote:
> > XOAUTH2 is just OAUTHBEARER but based on an earlier draft, so yes,
> > it's very similar.  We had to ship it at Google because we we're
> > deprecating oauth1 and our XOAUTH with it, and the rfc was taking
> > longer than we'd hoped.
> > 
> > Given the large population of users, I'd be for
> > supporting it, maybe with the caveat that we'll remove it when they
> > support OAUTHBEARER.  Up to you.

Thanks for this update; at least it has informed my decision not to go
for XOAUTH2 SASL. I hadn't read the RFC, just the Google page related to
their XOAUTH2 (Gmail API pages, don't have the link here), which  on the
other hand might be outdated by now.

I'm still struggling a bit with Google's OAUTH2 implementation, but
that'll be the subject of another message which I promised to a certain
list member.



More information about the Mutt-users mailing list