From b0eaf5191c9bc5b128e347625b7eef998ba63c41 Mon Sep 17 00:00:00 2001 From: Frode Aannevik Date: Wed, 10 Jul 2019 21:00:28 +0200 Subject: Support imaps with oauthbearer authentication (Gmail) imaps+oauthbearer://user:token@host?token_endpoint=... - the config Source password is used as access token if no token_endpoint parameter is set - the config Source password is used as refresh token if token_endpoint parameter is set, and used to exchange with an access token The implementation has only been tested with Gmail. source = imaps+oauthbearer://{username}:{refersh_token}@imap.gmail.com:993? \ client_id=XX&\ client_secret=XX&\ token_endpoint=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Ftoken client credentials created with https://console.developers.google.com/apis/credentials refresh token created with https://github.com/google/gmail-oauth2-tools/blob/master/python/oauth2.py rel: https://todo.sr.ht/~sircmpwn/aerc2/42 --- worker/imap/worker.go | 34 ++++++++++++++++++++++++++++------ 1 file changed, 28 insertions(+), 6 deletions(-) (limited to 'worker/imap') diff --git a/worker/imap/worker.go b/worker/imap/worker.go index 88f8b376..de869941 100644 --- a/worker/imap/worker.go +++ b/worker/imap/worker.go @@ -9,7 +9,9 @@ import ( "github.com/emersion/go-imap" idle "github.com/emersion/go-imap-idle" "github.com/emersion/go-imap/client" + "golang.org/x/oauth2" + "git.sr.ht/~sircmpwn/aerc/lib" "git.sr.ht/~sircmpwn/aerc/models" "git.sr.ht/~sircmpwn/aerc/worker/types" ) @@ -23,11 +25,12 @@ type imapClient struct { type IMAPWorker struct { config struct { - scheme string - insecure bool - addr string - user *url.Userinfo - folders []string + scheme string + insecure bool + addr string + user *url.Userinfo + folders []string + oauthBearer lib.OAuthBearer } client *imapClient @@ -71,6 +74,20 @@ func (w *IMAPWorker) handleMessage(msg types.WorkerMessage) error { w.config.insecure = true } + if strings.HasSuffix(w.config.scheme, "+oauthbearer") { + w.config.scheme = strings.TrimSuffix(w.config.scheme, "+oauthbearer") + w.config.oauthBearer.Enabled = true + q := u.Query() + if q.Get("token_endpoint") != "" { + w.config.oauthBearer.OAuth2 = &oauth2.Config{ + ClientID: q.Get("client_id"), + ClientSecret: q.Get("client_secret"), + Scopes: []string{q.Get("scope")}, + } + w.config.oauthBearer.OAuth2.Endpoint.TokenURL = q.Get("token_endpoint") + } + } + w.config.addr = u.Host if !strings.ContainsRune(w.config.addr, ':') { w.config.addr += ":" + w.config.scheme @@ -110,7 +127,12 @@ func (w *IMAPWorker) handleMessage(msg types.WorkerMessage) error { if !hasPassword { // TODO: ask password } - if err := c.Login(username, password); err != nil { + + if w.config.oauthBearer.Enabled { + if err := w.config.oauthBearer.Authenticate(username, password, c); err != nil { + return err + } + } else if err := c.Login(username, password); err != nil { return err } } -- cgit