On Fri, May 30, 2025 at 1:32 PM Aditya Garg <gargaditya08@xxxxxxxx> wrote: > OAuth2.0 is a new way of authentication supported by various email providers > these days. OAUTHBEARER and XOAUTH2 are the two most common mechanisms used > for OAuth2.0. OAUTHBEARER is described in RFC5801[1] and RFC7628[2], whereas > XOAUTH2 is Google's proprietary mechanism (See [3]). > > [1]: https://datatracker.ietf.org/doc/html/rfc5801 > [2]: https://datatracker.ietf.org/doc/html/rfc7628 > [3]: https://developers.google.com/workspace/gmail/imap/xoauth2-protocol#initial_client_response > > Signed-off-by: Aditya Garg <gargaditya08@xxxxxxxx> Not a proper review, just something I spotted several versions back but assumed that someone else -- providing a proper review -- would mention... > diff --git a/imap-send.c b/imap-send.c > @@ -885,6 +889,66 @@ static char *cram(const char *challenge_64, const char *user, const char *pass) > +static char *oauthbearer_base64(const char *user, const char *access_token) > +{ > + /* Compose the OAUTHBEARER string > + * > + * "n,a=" {User} ",^Ahost=" {Host} "^Aport=" {Port} "^Aauth=Bearer " {Access Token} "^A^A > + * > + * The first part `n,a=" {User} ",` is the gs2 header described in RFC5801. > + * * gs2-cb-flag `n` -> client does not support CB > + * * gs2-authzid `a=" {User} "` > + * > + * The second part are key value pairs containing host, port and auth as > + * described in RFC7628. > + * > + * https://datatracker.ietf.org/doc/html/rfc5801 > + * https://datatracker.ietf.org/doc/html/rfc7628 > + */ On this project, multi-line comments are formatted like this: /* * Line 1 * Line 2 * ... */ The same observation applies to other parts of this patch, as well.
