| Summary: | Support GMail's XOAUTH authentication method | ||
|---|---|---|---|
| Product: | [Frameworks and Libraries] Akonadi | Reporter: | totte <hans.tovetjarn> |
| Component: | IMAP resource | Assignee: | Christian Mollekopf <chrigi_1> |
| Status: | RESOLVED FIXED | ||
| Severity: | wishlist | CC: | ab4bd, dvratil, elephant454, kdepim-bugs, mczupryn, vkrause |
| Priority: | NOR | ||
| Version: | 1.13.0 | ||
| Target Milestone: | --- | ||
| Platform: | Debian stable | ||
| OS: | Linux | ||
| Latest Commit: | https://commits.kde.org/kdepim-runtime/ca4b3f0907b5cbf77a7f081bcd41f328ad066c54 | Version Fixed In: | 5.5.0 |
| Sentry Crash Report: | |||
|
Description
totte
2015-10-28 15:37:23 UTC
Any way OAUTH is being currently considered? Akonadi supports it already for contacts and calendars, however it is missing in KMail. We have a working code that implements support for Google's XOAUTH mechanism, but it needs integrating into the IMAP resource. Definitely something I'm planning in the future. Git commit ca4b3f0907b5cbf77a7f081bcd41f328ad066c54 by Daniel Vrátil. Committed on 08/01/2017 at 15:11. Pushed by dvratil into branch 'master'. IMAP: add support for native GMail OAuth authentication This change adds support for XOAUTH2 authentication method used by Gmail to the IMAP resource. The XOAUTH2 support is implemented in a custom SASL plugin. The token request/refresh is done via KGAPI. When user sets imap.gmail.com as IMAP server in the resource config dialog, the dialog automatically sets all the configuration to match the one of Gmail and selects XOAUTH2 as authentication method. The access and refresh tokens are stored in KWallet like a regular password, but a special PasswordRequesterInterface implementation is used to handle the tokens and pass the right data to KIMAP::LoginJob. With this change it's no longer necessary to have the "Allow less secure apps" option enabled in Google Account settings and it's no longer necessary to use app-specific password for accounts with two-step verification (2FA) enabled. The actual password is no longer stored in KWallet and has only be typed into Google Auth form once. FIXED-IN: 5.5.0 CHANGELOG: Implement native Gmail authentication into IMAP resource M +21 -1 resources/imap/CMakeLists.txt A +1 -0 resources/imap/config.h.cmake A +141 -0 resources/imap/gmailpasswordrequester.cpp [License: LGPL (v2+)] C +20 -23 resources/imap/gmailpasswordrequester.h [from: resources/imap/settingspasswordrequester.h - 051% similarity] M +13 -1 resources/imap/imapresource.cpp A +67 -0 resources/imap/passwordrequester.cpp [License: LGPL (v2+)] A +44 -0 resources/imap/passwordrequester.h [License: LGPL (v2+)] M +1 -0 resources/imap/resourcestate.cpp A +24 -0 resources/imap/saslplugin/CMakeLists.txt A +579 -0 resources/imap/saslplugin/config.h [License: GENERATED FILE] * A +969 -0 resources/imap/saslplugin/plugin_common.c [License: UNKNOWN] * A +221 -0 resources/imap/saslplugin/plugin_common.h [License: UNKNOWN] * A +246 -0 resources/imap/saslplugin/xoauth2plugin.c [License: LGPL (v2+)] A +53 -0 resources/imap/saslplugin/xoauth2plugin_init.c [License: LGPL (v2+)] M +5 -27 resources/imap/settings.cpp M +1 -2 resources/imap/settings.h M +24 -1 resources/imap/settingspasswordrequester.cpp M +2 -0 resources/imap/settingspasswordrequester.h M +41 -6 resources/imap/setupserver.cpp M +1 -0 resources/imap/setupserver.h A +32 -0 resources/imap/utils.cpp [License: LGPL (v2+)] A +32 -0 resources/imap/utils.h [License: LGPL (v2+)] M +8 -2 resources/imap/wizard/imapwizard.es The files marked with a * at the end have a non valid license. Please read: http://techbase.kde.org/Policies/Licensing_Policy and use the headers which are listed at that page. https://commits.kde.org/kdepim-runtime/ca4b3f0907b5cbf77a7f081bcd41f328ad066c54 |