cURL / Mailing Lists / curl-library / Single Mail


RE: [PATCH] OAUTH 2.0 Bearer token support SMTP/IMAP (XOAUTH2)

From: Steve Holme <>
Date: Sun, 25 Aug 2013 19:03:38 +0100


On Sun, 25 Aug 2013, Kyle L. Huff wrote:

> Perhaps in addition to moving the call to checkpassword() to
> after the parameter collection it might be intuitive to add a new
> type to checkpasswd() - say, "XOAUTH2 Access Token" - to prompt
> for an omitted bearer. This would handle cases where the auth
> mech was explicitly defined as AUTH=XOAUTH2, but no bearer
> token was provided.

Nice idea - I will look into moving checkpasswd().

> Below is an example of the behavior of a few examples with the
> included patches. Hopefully this gives you a better context of the
> current behavior.
> command: curl --url "smtps://" -u
>;AUTH=XOAUTH2 --bearer ya29.AHES...xMbS
> result: prompts for password; auth LOGIN is attempted

Interesting - I would have expected OAUTH to be attempted :(

> Also, I removed the check for conn->bearer from the functions
> imap_perform_authenticate and smtp_perform_authenticate, as
> I believe this check lacks sanity. With that check If the bearer is
> absent the result would is "No known authentication mechanisms
> supported!", which I believe should result in code 334 "Authentication
> Failure". Any check for the bearer should be done elsewhere (if at all).

That makes more sense.

Finally, I see from the patch files that you've used a slightly different
name and email address for your commits than the one you post here as.

I would prefer to use the same so the change log in git is more "humanly"
readable - I can fix this up rather than posting new patches but just wanted
to check if you would prefer "Kyle L. Huff" or "Kyle Huff" ?

Kind Regards

List admin:
Received on 2013-08-25