I might just highjack this slightly by asking Amin if oidc-agent is able
to handly multiple accounts since this seems to be a limitation to
oauth2ms, but not to oama etc.

Btw, I have come across the first admins disabling device code flow for
authentication as microsoft apparently declares it a security risk (I
can't cite any sources on this yet).

best, P

* Mahnamfar, Amin (SCC) <[email protected]> [2026-06-26 11:04]:
> Hi everyone,
> 
>  
> 
> With the ongoing deprecation of Basic Authentication by major providers like
> Microsoft Office 365 and Google, I know many CLI mail users are struggling
> to keep their headless setups working with modern OAuth2 requirements.
> 
>  
> 
> I notice many users are relying on third-party scripts like oauth2ms or
> adapting mutt_oauth2.py to feed tokens to mbsync's PassCmd hook. 
> 
>  
> 
> I recently worked with the oidc-agent team to document a clean, native
> alternative. oidc-agent is a dedicated daemon (similar to ssh-agent)
> specifically designed to fetch and refresh OAuth2 tokens in the background.
> It securely handles encryption natively and supports the "Device Code" flow
> for completely headless servers.
> 
>  
> 
> It can seamlessly feed a valid access token directly into mbsync using the
> standard PassCmd hook, without users needing to manually configure GPG pipes
> or manage token files.
> 
>  
> 
> We just published step-by-step instructions on how to set this up here:
> 
> https://indigo-dc.github.io/oidc-agent/usage/email-clients/
> 
>  
> 
> Would the maintainers be open to adding oidc-agent to the official
> documentation or wiki as a recommended OAuth2 helper? 
> 
>  
> 
> We believe this will give the community a much more robust option to keep
> using mbsync without disruption. I'd be happy to submit a patch for your
> docs if you are open to it!
> 
>  
> 
> Best regards,
> 
> Amin Mahnamfar
> 




> _______________________________________________
> isync-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/isync-devel



_______________________________________________
isync-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/isync-devel

Reply via email to