cURL / Mailing Lists / curl-library / Single Mail


Re: [PATCH] OAUTH 2.0 Bearer token support SMTP/IMAP (XOAUTH2)

From: Kyle L. Huff <>
Date: Sat, 24 Aug 2013 22:10:58 -0400

On Sat, Aug 24, 2013 at 4:58 PM, Steve Holme <> wrote:

> Many thanks for your efforts here.

My pleasure! It almost seems like writing it was less effort than your review.
(and maybe that is evident with all the white-space issues I missed...)

> Do you know if OAUTH 2.0 is supported in POP3 as well?

POP3 might support OAUTH 2.0, but I have not found a provider that has
implemented it. I know that presently the google POP3 service does not
support OAUTH 2.0.

> * I'm not sure the check for conn->xoauth2_bearer is best placed in
> smtp_statemach_act() as it a) doesn't allow for returning an error code and
> b) isn't checked when the initial response is used - suggest moving it into
> smtp_state_auth_xoauth2_resp()

You are correct, that was a vestige of some testing I was doing. I removed it.

> case 'u' (line 1639) but the check for err is still outside that if
> statement

I was trying to avoid an error if no password was specified, since the bearer
token is the password. I have since changed it to only evaluate err if
the bearer
token is not present. I still don't like this though, because it only
works if the
user has specified the --bearer parameter before the --user parameter. Perhaps
there is way I am not aware of to look ahead in the options provided to
determine if the --bearer parameter has been specified, negating the need for a

> The most important items in this list were the lack of setting state2 in
> smtp_perform_authenticate() and the use of a stack based buffer in the sasl
> code.

All of the items you mentioned have been corrected and the only notes for any
of the items you listed are added above. When I wrote the stack based buffer
in the sasl file, I was without internet access using an older version of cURL
source -- it felt dirty at the time but I tried to match the conventions used
elsewhere in the same file. I should have checked those areas after I pulled in
the more recent commits.

> Additionally, could you please split patch 1 into two separate patches: one
> for adding bearer token support and the second for adding the support to
> SMTP as that will help keep things separate when I come to commit your
> changes which I will do one at a time allowing the auto builds to pick up
> anything I may have missed.

Not a problem; git makes that easy!

Thank you very much for your attention to this project and the related patches.

Kyle L. Huff

List admin:

Received on 2013-08-25