Thread (198 messages) 198 messages, 6 authors, 2025-06-20

Re: [PATCH 2/2] imap-send: add support for OAuth2.0 authentication

From: Aditya Garg <hidden>
Date: 2025-05-22 19:49:29


On 23-05-2025 01:15 am, brian m. carlson wrote:
On 2025-05-22 at 17:27:16, Aditya Garg wrote:
quoted
+static char *xoauth2_base64(const char *user, const char *access_token)
+{
+	int raw_len, b64_len;
+	char *raw, *b64;
+
+	/* Compose the XOAUTH2 string
+	 * "user=" {User} "^Aauth=Bearer " {Access Token} "^A^A"
+	 * https://developers.google.com/workspace/gmail/imap/xoauth2-protocol#initial_client_response
+	 */
+	raw_len = strlen(user) + strlen(access_token) + 20;
+	raw = xmallocz(raw_len + 1);
+	snprintf(raw, raw_len + 1, "user=%s\001auth=Bearer %s\001\001", user, access_token);
+
+	/* Base64 encode */
+	b64 = xmallocz(ENCODED_SIZE(strlen(raw)));
+	b64_len = EVP_EncodeBlock((unsigned char *)b64, (unsigned char *)raw, strlen(raw));
+	free(raw);
+
+	if (b64_len < 0) {
+		free(b64);
+		return NULL;
+	}
+	return b64;
+}
+
 #else
 
 static char *cram(const char *challenge_64 UNUSED,
@@ -895,6 +959,20 @@ static char *cram(const char *challenge_64 UNUSED,
 	    "you have to build git-imap-send with OpenSSL library.");
 }
 
+static char *oauthbearer_base64(const char *user UNUSED,
+		  const char *access_token UNUSED)
+{
+	die("If you want to use OAUTHBEARER authenticate method, "
+	    "you have to build git-imap-send with OpenSSL library.");
+}
I don't think this is a good idea.  Linux distros and other parties who
distribute OpenSSL cannot legally distribute Git linked against it and
we should not require people to use OpenSSL for this.  It looks like all
you need here is a base64 encoder and it should be pretty easy to write
such an encoder.  There's a minimal decoder as part of decode_b_segent
in mailinfo.c and I'm pretty sure we could just add a suitable encoder
that writes to a strbuf like we have for percent-encoding.

Alternatively, you could just push this into the credential helper with
the new credential helper extensions by adding support for that to git
imap-send and let the helper implement the base64 encoding.  That's kind
of the reason I implemented it in the first place.
We can still use curl to use these. Curl has a dedicated API for OAuth2.0.

That is what I am doing with v2.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help