-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple clients in sasl-xoauth2.conf ? #10
Comments
Can those different Gmail accounts not share the same client credentials? In principle those client credentials identify the application, not the user, and should be usable by more than one user. That's why they're split between |
Oh brilliant, I didn't realize another user could authenticate to the existing user's app. But obviously that is possible... Silly me! Thanks for the response! I'll close this ticket. |
I don’t think this should be closed; specifically, I don’t understand what you’re supposed to do if you need to provide OAuth for 2 providers, like Gmail and Yahoo!, which obviously requires providing 2 secrets, endpoints etc. What’s to do in this situation? The answer I could think right now is to compile the plugin twice with a different name, but this seems more like a workaround than a solution. |
Yeah, good point. I've added the ability to override client ID/secret and token endpoint in the token file itself. I'll commit that change in a few minutes. |
Wow, sounds really good, thank you very much, and also, many thanks for this awesome project; I will check the new version later today. |
Hi I have tested the new version, it seems to work fine. I noticed an oddity though, I think. When I filled in the details in my token file, I put a wrong
Meanwhile, in curl/curl.h, they specify this:
So, "instream" in curl's prototype is "offset" in yours. "instream" is suggested to be like an fd to the file, or in your implementation, it is an address to this class that represents this file, I think, same idea anyway. And indeed, curl seemed to use the prototype defined in its header because "offset" has that "weird" value. So, are you sure the prototype you supplied for RequestContext::Seek is correct? Shouldn't it be The curl docs say that the seek function being called "may happen when doing an HTTP PUT or POST with a multi-pass authentication method, or when an existing HTTP connection is reused too late and the server closes the connection". To me, it seems that under normal operation that seek function is never called because data fits in the packet size/MTU etc, but by me supplying that wrong token URL, I made curl have to call it and so I discovered this problem. This is not a major issue, because as I said, that function, under normal conditions is never called, but I still suggest you look into it anyway, for the sake of correctness. Also, while we're at this, why does the function need offset to be 0 to succeed? To me, not checking for that, and calling Rewind(offset) seems more logical. Then, the Rewind function could be something like this:
The function just takes into account an offset where you want to go. In the constructor of Then, does the
But I understand if you do not want/have the time to make the change, it is a bit of stuff to be done, and to be honest, if people organize their token files properly, they can use some shell scripts to mass replace outdated data in all tokens belonging to a certain provider. For me, I don't do "industrial mailing", I have a couple of addresses and the current implementation works more than fine for my needs, but yeah... I still think it would be a really good enhancement for this awesome project you have. Lastly, on my install, I have to do Anyway, what do you think? Sorry for bombarding you like that, if you want me to, I can open separate issues. Again, thank you very much for your work and your support. |
Not sure what environment you're using this in but in Ubuntu 20.04 when Postfix is started or restarted it copies a bunch of certificates into /var/spool/postfix/etc/ssl/certs/ It's this script that is called at start up that does the copying I created a post here about it. #13 |
Thanks, I saw your post some time ago, I implemented your changes but did not work fully. I stopped at a certain point to be honest, for now, everything works with that |
Thanks @valinet for pointing out the issue with the seek callback! I'd copied that from another project of mine where I also got it wrong. I'll avoid implementing the seek-for-a-non-zero-offset capability for now because I don't think it's actually ever required. As for the CA certificate file/path problem, I'll open a separate issue for that. I'm thinking a new sasl-xoauth2.conf option specifying a value for either And I like your suggestion to specify a provider dictionary in the config file. I'll open another issue for that and I'll try to get around to it sometimes soon. |
@tarickb Thank you very much for your support and for taking a look at this. |
Hi,
Firstly huge thanks for this great module
While it seems possible to have multiple tokens (and assign those in sasl_passwd accordingly), it does not seem possible to have multiple client credentials in /etc/sasl-xoauth2.conf
If I have several Gmail accounts, each with its own OAuth2 "Installed application" (unique Client ID, Client Secret, Refresh Token and Access Tokens), how can those all be utilized currently if sasl-xoauth2.conf only seems to support a single Client ID and secret pair currently?
I guess I could ask, why need an /etc/sasl-xoauth2.conf anyway, if the tokens file could contain the Client ID & Client Secret also. Or similarly, why need individual tokens files, if we could populate /etc/sasl-xoauth2.conf with all token pairs as well ?
The text was updated successfully, but these errors were encountered: