On Thu, Aug 6, 2020 at 9:02 PM Oswald Buddenhagen <oswald.buddenha...@gmx.de> wrote: > On Thu, Aug 06, 2020 at 07:53:18PM +0200, Michał Winiarski wrote: > >Do you think this information (perhaps phrased in a more verbose > >manner) could be added to the docs? > > > yes. i'll give oauth a shot myself and if i'm successful with your > instructions i'll add them.
I just wanted to report that I gave the whole `XOAUTH2` a try and it seems to work, although not without quite a few hurdles... I'll quickly list the steps bellow for those interested: * one needs the SASL XOAUTH2 provider, found at https://github.com/moriyoshi/cyrus-sasl-xoauth2; (after building it results an `libxoauth2.so` that should be copied at /usr/lib64/sasl2/libxoauth2.so`) * (at least on OpenSUSE there is a `sasl2-kdexoauth2` that works, but it grables `stderr` with some data which seems to be part of some UI integration;) * one also needs the `oauth2l` tool, found at https://github.com/google/oauth2l; (after building it results an `oauth2l` executable that should be copied at `/usr/lobal/bin/oauth2l`) * the most obscure part is obtaining the `credentials.json` file... * it requires a Google account; * you need to open https://console.developers.google.com/ * (sell your soul to Google and accept the terms and conditions;) * create a new project (I called it `GMail sync`, but it can be renamed afterwards;) * from the `Credentials` left section, create an `OAuth Client ID`, choose `Desktop app`; * download the `credentials.json` file from there; * I've named this file `client.json`; * for each GMail account prepare a different credentials cache (I think `oauth2l` is tailored towards a different use-case): ~~~~ oauth2l fetch --type oauth --scope https://mail.google.com/ --credentials ./client.json --cache ./u...@gmail.com.json --refresh ~~~~ * take the URL from printed by the tool, open it in the browser, do the authentication dance (you'll receive quite some scary errors that the application is untrusted), paste back the resulting token in the console; * use `PassCmd oauth2l ...` with the same command as above; All in all it works fine, but the setup was far from straight forward... Personally I would have preferred to be able to use "application passwords" even for non 2-factor-auth accounts... Hope it helps, Ciprian. _______________________________________________ isync-devel mailing list isync-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/isync-devel
