AUTH XOAUTH2 may require a line break.

[michaelcadilhac]

I'm connecting to outlook.office365.com via POP3s, and it's rejecting my auth. I had used the OAuth2 script contributed to Mutt to generate my tokens, and the script itself has a "test" mode to see if the authentification is accepted over POP3s; it worked for them. Exploring further, they send the AUTH line in two steps:

https://gitlab.com/muttmua/mutt/-/blob/master/contrib/mutt_oauth2.py#L393

That is, first AUTH XOAUTH2\r\n then the base64 payload. As far as I see, both syntaxes are OK from the standard point of view, so it might be due to a limit in the length of a line sent. In any case, I've simply changed the following in mpop, and it works perfectly now:

--- src/pop3.c  2021-11-04 07:02:01.000000000 +0000
+++ src/pop3.c      2022-08-24 02:45:13.544564722 +0100
@@ -2351,7 +2351,9 @@
     b64_len = BASE64_LENGTH(oa_len) + 1;
     b64 = xmalloc(b64_len);
     base64_encode(oauth, oa_len, b64, b64_len);
-    e = pop3_send_cmd(session, errstr, "AUTH XOAUTH2 %s", b64);
+    e = pop3_send_cmd(session, errstr, "AUTH XOAUTH2");
+    if (e == POP3_EOK && (e = pop3_get_msg(session, 1, errstr)) == POP3_EOK)
+      e = pop3_send_cmd(session, errstr, "%s", b64);
     free(oauth);
     free(b64);
     if (e != POP3_EOK)

[marlam]

Thank you very much for analyzing and fixing this problem!

A patch with the same effect is now in the main git repository (I just restructured it a little bit so that the code is as close as possible to the existing AUTH LOGIN etc, so that I don't have to think twice when reading the AUTH code in the future ;)

I also applied this change to msmtp.

[michaelcadilhac]

Fantastic, thanks Martin!