diff options
author | Frode Aannevik <frode.aa@gmail.com> | 2019-07-10 21:00:28 +0200 |
---|---|---|
committer | Drew DeVault <sir@cmpwn.com> | 2019-07-11 19:36:14 -0400 |
commit | b0eaf5191c9bc5b128e347625b7eef998ba63c41 (patch) | |
tree | ca9fe0155e4a01bb84d3aca248b37bf844145f8b /worker/imap | |
parent | 217e85a55d0c1047bef1e2bc41783ccd4629bfc1 (diff) |
Support imaps with oauthbearer authentication (Gmail)
imaps+oauthbearer://user:token@host?token_endpoint=...
- the config Source password is used as access token if
no token_endpoint parameter is set
- the config Source password is used as refresh token if
token_endpoint parameter is set, and used to exchange
with an access token
The implementation has only been tested with Gmail.
source = imaps+oauthbearer://{username}:{refersh_token}@imap.gmail.com:993? \
client_id=XX&\
client_secret=XX&\
token_endpoint=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Ftoken
client credentials created with
https://console.developers.google.com/apis/credentials
refresh token created with
https://github.com/google/gmail-oauth2-tools/blob/master/python/oauth2.py
rel: https://todo.sr.ht/~sircmpwn/aerc2/42
Diffstat (limited to 'worker/imap')
-rw-r--r-- | worker/imap/worker.go | 34 |
1 files changed, 28 insertions, 6 deletions
diff --git a/worker/imap/worker.go b/worker/imap/worker.go index 88f8b37..de86994 100644 --- a/worker/imap/worker.go +++ b/worker/imap/worker.go @@ -9,7 +9,9 @@ import ( "github.com/emersion/go-imap" idle "github.com/emersion/go-imap-idle" "github.com/emersion/go-imap/client" + "golang.org/x/oauth2" + "git.sr.ht/~sircmpwn/aerc/lib" "git.sr.ht/~sircmpwn/aerc/models" "git.sr.ht/~sircmpwn/aerc/worker/types" ) @@ -23,11 +25,12 @@ type imapClient struct { type IMAPWorker struct { config struct { - scheme string - insecure bool - addr string - user *url.Userinfo - folders []string + scheme string + insecure bool + addr string + user *url.Userinfo + folders []string + oauthBearer lib.OAuthBearer } client *imapClient @@ -71,6 +74,20 @@ func (w *IMAPWorker) handleMessage(msg types.WorkerMessage) error { w.config.insecure = true } + if strings.HasSuffix(w.config.scheme, "+oauthbearer") { + w.config.scheme = strings.TrimSuffix(w.config.scheme, "+oauthbearer") + w.config.oauthBearer.Enabled = true + q := u.Query() + if q.Get("token_endpoint") != "" { + w.config.oauthBearer.OAuth2 = &oauth2.Config{ + ClientID: q.Get("client_id"), + ClientSecret: q.Get("client_secret"), + Scopes: []string{q.Get("scope")}, + } + w.config.oauthBearer.OAuth2.Endpoint.TokenURL = q.Get("token_endpoint") + } + } + w.config.addr = u.Host if !strings.ContainsRune(w.config.addr, ':') { w.config.addr += ":" + w.config.scheme @@ -110,7 +127,12 @@ func (w *IMAPWorker) handleMessage(msg types.WorkerMessage) error { if !hasPassword { // TODO: ask password } - if err := c.Login(username, password); err != nil { + + if w.config.oauthBearer.Enabled { + if err := w.config.oauthBearer.Authenticate(username, password, c); err != nil { + return err + } + } else if err := c.Login(username, password); err != nil { return err } } |