moriyoshi
commented
4 years ago Thanks for the heads-up. There are several points worth a note:
- The issue cyrusimap/cyrus-sasl#522 refers to RFC 7628, which describes a mechanism similar to XOAUTH2, but those are different in how to build the payload sent to the server.
OAUTHBEARERuses base64-encoded HTTP-esque key-value pairs while XOAUTH2 uses plain base64-encoded KV. - Addition of XOAUTH2 to cyrus-sasl was discussed before on the list. https://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2018-May/003132.html The key point is the client plugin needs some external mechanism that initiates initial token retrieval and subsequent token refreshment and it isn't standardized at the moment.
FYI: https://github.com/moriyoshi/cyrus-sasl-xoauth2/pull/4 implements a conversation protocol with the external credential provider. For now it isn't my intention to make it official.
Hi @moriyoshi,
would you may add an PR of your cyrus-sasl-xoauth2-plugin to https://github.com/cyrusimap/cyrus-sasl
ref: https://github.com/cyrusimap/cyrus-sasl/issues/522