On 2025-05-22 at 17:27:16, Aditya Garg wrote:
> +static char *xoauth2_base64(const char *user, const char *access_token)
> +{
> + int raw_len, b64_len;
> + char *raw, *b64;
> +
> + /* Compose the XOAUTH2 string
> + * "user=" {User} "^Aauth=Bearer " {Access Token} "^A^A"
> + * https://developers.google.com/workspace/gmail/imap/xoauth2-protocol#initial_client_response
> + */
> + raw_len = strlen(user) + strlen(access_token) + 20;
> + raw = xmallocz(raw_len + 1);
> + snprintf(raw, raw_len + 1, "user=%s\001auth=Bearer %s\001\001", user, access_token);
> +
> + /* Base64 encode */
> + b64 = xmallocz(ENCODED_SIZE(strlen(raw)));
> + b64_len = EVP_EncodeBlock((unsigned char *)b64, (unsigned char *)raw, strlen(raw));
> + free(raw);
> +
> + if (b64_len < 0) {
> + free(b64);
> + return NULL;
> + }
> + return b64;
> +}
> +
> #else
>
> static char *cram(const char *challenge_64 UNUSED,
> @@ -895,6 +959,20 @@ static char *cram(const char *challenge_64 UNUSED,
> "you have to build git-imap-send with OpenSSL library.");
> }
>
> +static char *oauthbearer_base64(const char *user UNUSED,
> + const char *access_token UNUSED)
> +{
> + die("If you want to use OAUTHBEARER authenticate method, "
> + "you have to build git-imap-send with OpenSSL library.");
> +}
I don't think this is a good idea. Linux distros and other parties who
distribute OpenSSL cannot legally distribute Git linked against it and
we should not require people to use OpenSSL for this. It looks like all
you need here is a base64 encoder and it should be pretty easy to write
such an encoder. There's a minimal decoder as part of decode_b_segent
in mailinfo.c and I'm pretty sure we could just add a suitable encoder
that writes to a strbuf like we have for percent-encoding.
Alternatively, you could just push this into the credential helper with
the new credential helper extensions by adding support for that to git
imap-send and let the helper implement the base64 encoding. That's kind
of the reason I implemented it in the first place.
--
brian m. carlson (they/them)
Toronto, Ontario, CA
Attachment:
signature.asc
Description: PGP signature
