Server message: Unsupported SASL mechanism type: OAUTHBEARER when trying to use OAUTHBEARER to login

[akhil1508]

Describe the bug

To Reproduce Steps to reproduce the behavior:

1. Enable the following plugin:

   
   <?php

class LoginNextcloudOIDCPlugin extends \RainLoop\Plugins\AbstractPlugin { const NAME = 'LoginNextcloudOIDC', VERSION = '0.0', RELEASE = '2022-11-11', REQUIRED = '2.21.0', CATEGORY = 'Login', DESCRIPTION = 'op';

public function Init() : void
{
    $this->addHook('imap.before-login', 'clientLogin');
    $this->addHook('smtp.before-login', 'clientLogin');
    $this->addHook('sieve.before-login', 'clientLogin');
}

public function clientLogin(\RainLoop\Model\Account $oAccount, \MailSo\Net\NetClient $oClient, \MailSo\Net\ConnectSettings $oSettings) : void
{
      $bIsOIDC = \OC::$server->getSession()->get('is_oidc');

      if(!$bIsOIDC) {
          return;
      }

      $sAccessToken = \OC::$server->getSession()->get('oidc_access_token');
       if ($sAccessToken) {
    $oSettings->Password = $sAccessToken;
    \array_unshift($oSettings->SASLMechanisms, 'OAUTHBEARER');
    }
 }

}

2. Try to login snappymail in nextcloud (with autologin with email enabled)

- I can confirm that both the session variables `is_oidc` and `oidc_access_token` are set correctly
- My main purpose here is to achieve autologin when logged in at nextcloud with OIDC
- Doing some digging, I find that the error is coming from [here](https://github.com/the-djmaze/snappymail/blob/079f334bcc4b2ad26c184c85d0de0ee9be58f968/snappymail/v/0.0.0/app/libraries/snappymail/sasl.php#L29)
- Am I doing anything wrong here? I wrote my code based on the [login-oauth2 plugin](https://github.com/the-djmaze/snappymail/blob/master/plugins/login-oauth2/index.php)

**Expected behavior**
- OAUTHBEARER mechanism should be supported as it says it is supported over [here](https://snappymail.eu/comparison)

**Please complete the following information:**
- Browser: [e.g. chromium 100, firefox 100, safari 14, mobile] Firefox 105
- IMAP daemon: [e.g. courier, dovecot] dovecot
- PHP version: 8.0.11
- SnappyMail Version: 2.22.6

**[Debug/logging information](https://github.com/the-djmaze/snappymail/wiki/FAQ#how-do-i-enable-logging)**
Place them here (few lines) or as attachments (many lines)

**Additional context**

[the-djmaze]

Please try again with the above bugfix commit.

The login-oauth2 extension never worked (that is why it is not available in admin -> extensions). It is just draft code with the old RainLoop code.

The problem with OAuth is changing passwords and that conflicts with AdditionalAccount encrypted passwords which are encrypted with main password (for security reasons i reported at RainLoop). Until a workaround is available watch out with the Additional accounts feature.

[akhil1508]

@the-djmaze thanks for the super quick reply and bug fix. Your work is much appreciated

The login-oauth2 extension never worked (that is why it is not available in admin -> extensions). It is just draft code with the old RainLoop code.

So what I'm doing here is completely wrong? Even for a single account?

The problem with OAuth is changing passwords and that conflicts with AdditionalAccount encrypted passwords which are encrypted with main password (for security reasons i reported at RainLoop). Until a workaround is available watch out with the Additional accounts feature.

This is okay with me, I only want to achieve auto login with one account for now and use the oidc access token used to login at NC to login against dovecot using oauthbearer.

[the-djmaze]

You are not doing it wrong 😉

[akhil1508]

@the-djmaze We can close this :smiley: , your fix works after adding changes from https://github.com/the-djmaze/snappymail/pull/759