isync: add optional support for XOAUTH2 authentication method

[wentasah]

Description of changes

Based on discussion around #108480 (comment), we should make it easier for users to use isync with support for the XOAUTH2 authentication method. This PR allows users to enable the integration simply by:

isync.override { withCyrusSaslXoauth2 = true; }

cc @jackmac92

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 23.05 Release Notes (or backporting 22.11 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

[lheckemann]

This only adds 0.1MiB of closure size to isync, so I think we should enable this by default, or even make it completely unconditional. The condition name is pretty unwieldy and only discoverable by reading the package expression, and if we enable it by default we'll get a version with support in the binary cache.

[wentasah]

Ok. I enabled it by default but kept it conditional if somebody needs an unwrapped binary for some reason.

[github-actions]

Successfully created backport PR for release-23.05:

• [Backport release-23.05] isync: add optional support for XOAUTH2 authentication method #235400

[dschrempf]

Hi! After this PR, when synchronizing mails with mbsync -a I get

IMAP command 'AUTHENTICATE XOAUTH2 SOMEHASH=' returned an error: NO [AUTHENTICATIONFAILED] Invalid credentials (Failure)

I have been and I am using an application password. Is there a tutorial or more extensive information available about how to set up xoauth2 with mbsync? Thank you!

EDIT: Deactivating XOAUTH2 by using

  pkgs.isync.override { withCyrusSaslXoauth2 = false; };

fixes the authentication issue, but of course also deactivates XOAUTH2.

[wentasah]

Hi, I'm currently traveling without a computer. I guess that xoauth2 authentication gets higher priority than other methods. You might be able to disable it by AuthMechs in mbsync config.

I use xoauth2 with https://github.com/harishkrupo/oauth2ms, which gets the authentication token. I'll write more after getting to a computer.

[dschrempf]

Hi.

I tried using

AuthMechs PLAIN

in my .mbsyncrc, but then mbsync complains:

IMAP error: selected SASL mechanism(s) not available;
   selected: PLAIN
   available: EXTERNAL XOAUTH2

I think this is because this PR overwrites the SASL lib dir, which only provides XOAUTH2. Could that be?

Further, I realized the XOAUTH2 is obsolete: See http://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml.

At the moment, I need to use the override to be able to use mbsync. I would think this also affects others.

[primeos]

Thanks a lot for your report @dschrempf! :)
IMO there are definitely enough reasons to disable the XOAUTH2 support by default so I've opened #235959 for it.