On Wed, Apr 03, 2019 at 06:47:19PM -0500, Alexander Perlis wrote:
Mutt supports OAUTHBEARER. Would patches adding XOAUTH2 be welcome?
Authentication schemes and OAUTH/XOAUTH2/etc are not really my area. I'm Cc'ing the original contributor of the OAUTHBEARER patches. Brandon, I would greatly appreciate your input on this matter.
Based on your description, _technically_ it wouldn't be hard to refactor the existing functions with a XOAUTH2/OAUTHBEARER flag and just generate the correct string for each. If it did get done, I would prefer it to be explicit (i.e. approach #2), and would lean toward XOAUTH2 not being auto-tried when the authenticators list is empty.
However, this feels to me like a step in the wrong direction. The RFC is coming up on 4 years old, and as you mentioned Microsoft themselves had a hand in producing it. Even though the patch probably wouldn't be horrific, it is still a technical burden for an already deprecated non-standardized scheme.
Unless Microsoft has indicated they have no intention of implementing OAUTHBEARER support, I would lean against the change.
-- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature
