Skip to content

Support generic OAuth for non-HTTP hosts #1956

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Support generic OAuth for non-HTTP hosts #1956

wants to merge 1 commit into from

Conversation

pl4nty
Copy link

@pl4nty pl4nty commented Jun 14, 2025
edited
Loading

Non-HTTP hosts can support OAuth using absolute authorize/token endpoints, like EXO/Outlook.com SMTP. Example:

[sendemail]
smtpServer = smtp-mail.outlook.com
smtpUser = example@outlook.com
smtpEncryption = tls
smtpServerPort = 587
smtpAuth = XOAUTH2

[credential "smtp://smtp-mail.outlook.com:587"]
oauthClientId = a95fbac5-cbbb-4032-b10d-fb756c457ba1
oauthAuthorizeEndpoint = https://login.microsoftonline.com/common/oauth2/v2.0/authorize
oauthTokenEndpoint = https://login.microsoftonline.com/common/oauth2/v2.0/token
oauthScopes = offline_access https://outlook.office.com/SMTP.Send

@pl4nty
Support generic OAuth for non-HTTP hosts
844dab8 
Non-HTTP hosts can support OAuth using absolute authorize/token endpoints, like Outlook.com SMTP. Example:

```
[sendemail]
smtpServer = smtp-mail.outlook.com
smtpUser = example@outlook.com
smtpEncryption = tls
smtpServerPort = 587
smtpAuth = XOAUTH2

[credential "smtp://smtp-mail.outlook.com:587"]
oauthClientId = a95fbac5-cbbb-4032-b10d-fb756c457ba1
oauthAuthorizeEndpoint = https://login.microsoftonline.com/common/oauth2/v2.0/authorize
oauthTokenEndpoint = https://login.microsoftonline.com/common/oauth2/v2.0/token
oauthScopes = offline_access https://outlook.office.com/SMTP.Send
```
pl4nty
pl4nty commented Jun 14, 2025
View reviewed changes
src/shared/Core/GenericHostProvider.cs
@@ -67,14 +67,8 @@ public override async Task<ICredential> GenerateCredentialAsync(InputArguments i

Uri uri = input.GetRemoteUri();

// Determine the if the host supports Windows Integration Authentication (WIA) or OAuth
if (!StringComparer.OrdinalIgnoreCase.Equals(uri.Scheme, "http") &&
Copy link
Author

@pl4nty pl4nty Jun 14, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Naive approach of just removing the guard, but we could check each endpoint instead (including DeviceCode if present?). They should be relative with HTTP(S) host, or absolute HTTP(S)

@pl4nty
Copy link
Author

pl4nty commented Jun 14, 2025

This might need a docs update too. I'd like to include git send-email examples for Gmail/Outlook.com, but Git Bash doesn't ship with the required Authen-SASL version 2.1800 yet.

I also had to test this change on an alternate account. My tom@tplant.com.au Outlook.com SMTP is broken on multiple clients, probably due to the grandfathered custom domain. Outlook support weren't helpful unfortunately.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pl4nty