After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 746705 - Support OAuth2
Support OAuth2
Status: RESOLVED FIXED
Product: geary
Classification: Other
Component: server-support
master
Other Linux
: Normal normal
: 0.13.0
Assigned To: Geary Maintainers
Geary Maintainers
: 751243 784404 795808 (view as bug list)
Depends on: 768975
Blocks: 714877
 
 
Reported: 2015-03-24 20:10 UTC by Jim Nelson
Modified: 2019-01-15 06:16 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description Jim Nelson 2015-03-24 20:10:52 UTC 
Geary should support OAuth2 (sometimes referred to as XOAUTH2) for both IMAP and SMTP.  This is a requirement for GOA (bug #714876) and UOA (bug #714877) support.
Comment 1 Christopher Halse Rogers 2015-03-26 00:08:13 UTC 
https://github.com/RAOF/geary has some of the work required to support this done. I guess the other person who was interested in it doesn't have any more free time than me, so I'll start (slowly!) hacking at this again.
Comment 2 Debarshi Ray 2015-03-27 11:37:28 UTC 
For reference, this is evolution's implementation of the XOAUTH2 SASL mechanism:
https://git.gnome.org/browse/evolution/tree/libemail-engine/camel-sasl-xoauth2.c

It works for both GMail and Outlook.com.
Comment 3 Robert Schroll 2015-06-20 19:35:49 UTC 
*** Bug 751243 has been marked as a duplicate of this bug. ***
Comment 4 Oskar Viljasaar 2016-07-16 15:29:54 UTC 
I've got a proof of concept branch up on https://github.com/tshikaboom/geary/tree/wip-oauth2.

After three days of tedious hacking, it now at least connects, authenticates and fetches emails to/from gmail as a proof of concept :-) Geary just got a whole lot more useful to me!

I'll try to clean this up in the next few weeks and see what I can untangle from there.

Some notes:
- there is home-made, stand-alone oauth2 in there through a webkit1 viewever

- the client now depends on json-glib-1.0 and a bit more on libsoup (not just the webkit part now)

- searching for messages seems to be a bit flaky?

I guess we'll need to refactor some parts of the engine to get off the assumption that authentication can only be done with user/password credentials. etc etc.

Lots to do! :)
Comment 5 Oskar Viljasaar 2016-07-16 15:47:52 UTC 
Also note that for the moment this only stores the access token in the secret service, but we don't have any idea on how long that token is valid (we don't store it at the moment)
Comment 6 Michael Gratton 2018-02-07 03:39:46 UTC 
*** Bug 775488 has been marked as a duplicate of this bug. ***
Comment 7 Michael Gratton 2018-04-13 00:31:58 UTC 
*** Bug 784404 has been marked as a duplicate of this bug. ***
Comment 8 Michael Gratton 2018-05-10 06:24:14 UTC 
*** Bug 795808 has been marked as a duplicate of this bug. ***
Comment 9 Michael Gratton 2019-01-15 06:16:02 UTC 
Okay, so this is now supported for GOA accounts, and for GMail and Outlook.com this is now the preferred way of adding accounts. As such I'm going to resolve this as fixed.

For people not using GOA, OAuth2 support would require implementing a replacement password dialog and some changes to the new accounts editor to not show password rows and hook up the OAuth2 dialog instead. Unfortunately, that is a low priority, and hence an implementation of it would need to come from the community.

If you are interested developing an implementation, please jump in and lodge a merge request over at https://gitlab.gnome.org/GNOME/geary