A better secured auth method?

[s77rt]

Hi,

How can we authenticate to a jmap server in production ?

The current implemented auth method is far away from being a secure one. The password is fully stored in plaintext and it also can be access with App.credentials.password

[neilj]

That depends on the JMAP server. Authentication is not part of the JMAP standard; it's standard HTTP authentication. As a basic demo, this webmail builds in support for HTTP Basic Auth; this requires storing the password to work.

[s77rt]

@neilj I can't find much docs about the JMAP server Can you attach some links?

[neilj]

It depends which server you are talking to; you will need to consult the documentation of the service or server you are using.