Re: [PATCH] b4: allow using xoauth2/bearer token to authenticate to SMTP servers

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
To: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Cc: tools@kernel.org, Tomas Melin <tomas.melin@vaisala.com>
Subject: Re: [PATCH] b4: allow using xoauth2/bearer token to authenticate to SMTP servers
Date: Fri, 6 Mar 2026 09:35:26 -0800	[thread overview]
Message-ID: <aasPUY9XWOBy96rx@google.com> (raw)
In-Reply-To: <177281752583.2015423.2312633416921696209@lemur>

On Fri, Mar 06, 2026 at 12:18:45PM -0500, Konstantin Ryabitsev wrote:
> On Fri, 06 Mar 2026 08:20:18 -0800, Dmitry Torokhov <dmitry.torokhov@gmail.com> wrote:
> > Allow using XOAUTH2 as an authentication protocol and assume that when
> > XOAUTH2 is specified the password is actually a bearer token (typically
> > not stored in the config but rather returned via "git credentials".
> > 
> > Recognize "oauth", "oauth2" as aliases for "xoauth2".
> 
> Hmm... we do have another series already for XOAUTH2 support:
> https://lore.kernel.org/tools/20260205-smtp-oauth2-outlook-v2-2-6a5eb233b285@vaisala.com/
> 
> However, it's outstanding with a few requests. I wonder if we can take 
> this one as a first patch and then build the other series on top of 
> this.
> 
> Cc'ing Tomas on this.
> 
> > diff --git a/src/b4/__init__.py b/src/b4/__init__.py
> > index eab290b..9a5d25b 100644
> > --- a/src/b4/__init__.py
> > +++ b/src/b4/__init__.py
> > @@ -4331,7 +4331,11 @@ def get_smtp(dryrun: bool = False) -> Tuple[Union[smtplib.SMTP, smtplib.SMTP_SSL
> >                  raise smtplib.SMTPException('No password specified for connecting to %s', server)
> >          if auser and apass:
> >              # Let any exceptions bubble up
> > -            smtp.login(auser, apass)
> > +            if smtpauth in ('oauth', 'oauth2', 'xoauth2'):
> > +                auth_str = f'user={auser}\x01auth=Bearer {apass}\x01\x01'
> > +                smtp.auth('XOAUTH2', lambda: auth_str)
> 
> This is what the agent tells me about this, and it seems valid.
> 
> smtplib.SMTP.auth() calls authobject(challenge) with a positional
> bytes argument when the server replies 334 (the XOAUTH2 error-detail
> challenge). Because this lambda accepts no arguments, that call
> raises TypeError, masking the real authentication error.

Right, I guess because of implicit initial_response_ok argument to
smtp.auth() when I tested it the lambda was called without arguments and
the authentication went through (with gmail).

> 
> Suggest:
>     smtp.auth('XOAUTH2', lambda x=None: auth_str if x is None else '')
> 
> This way the initial response (no args) returns the auth string, and
> a 334 challenge returns an empty string so the server sends its real
> error code.
> 
> I'm happy to take this with this fix, but I'm also going to wait on 
> Tomas's thoughts.

Totally fine with me.

Thanks.

-- 
Dmitry

next prev parent reply	other threads:[~2026-03-06 17:35 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-06 16:20 [PATCH] b4: allow using xoauth2/bearer token to authenticate to SMTP servers Dmitry Torokhov
2026-03-06 17:18 ` Konstantin Ryabitsev
2026-03-06 17:35   ` Dmitry Torokhov [this message]
2026-03-09  7:28     ` Tomas Melin
2026-03-09  7:49       ` Dmitry Torokhov
2026-03-09  9:50         ` Tomas Melin
2026-03-09 17:13           ` Dmitry Torokhov
2026-03-10  6:48             ` Tomas Melin
2026-03-10  7:10               ` Dmitry Torokhov
2026-03-11 15:41               ` Konstantin Ryabitsev
2026-03-13  2:05 ` Konstantin Ryabitsev

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aasPUY9XWOBy96rx@google.com \
    --to=dmitry.torokhov@gmail.com \
    --cc=konstantin@linuxfoundation.org \
    --cc=tomas.melin@vaisala.com \
    --cc=tools@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.