On Wed, Apr 03, 2019 at 06:47:19PM -0500, Alexander Perlis wrote:
Mutt supports OAUTHBEARER. Would patches adding XOAUTH2 be welcome?

Authentication schemes and OAUTH/XOAUTH2/etc are not really my area. I'm Cc'ing the original contributor of the OAUTHBEARER patches. Brandon, I would greatly appreciate your input on this matter.

Based on your description, _technically_ it wouldn't be hard to refactor the existing functions with a XOAUTH2/OAUTHBEARER flag and just generate the correct string for each. If it did get done, I would prefer it to be explicit (i.e. approach #2), and would lean toward XOAUTH2 not being auto-tried when the authenticators list is empty.

However, this feels to me like a step in the wrong direction. The RFC is coming up on 4 years old, and as you mentioned Microsoft themselves had a hand in producing it. Even though the patch probably wouldn't be horrific, it is still a technical burden for an already deprecated non-standardized scheme.

Unless Microsoft has indicated they have no intention of implementing OAUTHBEARER support, I would lean against the change.

--
Kevin J. McCarthy
GPG Fingerprint: 8975 A9B3 3AA3 7910 385C  5308 ADEF 7684 8031 6BDA

Attachment: signature.asc
Description: PGP signature

Reply via email to