Re: [Fetchmail-users] Working with Office 365; fetchmail_oauth2.py

[Matthias A. <mat...@gm...>]

Am 14.10.22 um 11:01 schrieb rbell--- via Fetchmail-users:
> 	A mail server I use uses Office 365, recently switched to its
> OAuth2.  I've gotten OAuth2 to work with gmail, which is different.
> 	I downloaded github.com/lubonbvba/fetchmail_oauth2 but see no
> instructions to make it work - does it?
> 	Another person mentions using fetchmail 7 - what does
> fetchmail say about that?

fetchmail 7 is an alpha version, without integrated OAuth2, and only
with a few hooks. Being alpha, I take the liberty to change interfaces
and requirements liberally and incompatibly all over the map, no
promises, no guarantees, no support.­  Not that that's different from
other free and open source software unless you have a maintenance
contract...

OAuth2 is "hooks and external scripts" at best because the big OAuth2
proponents (Google and Microsoft) have not only used it as
authentication scheme but where you can still just give your credentials
to your mail client, but **also** require applications to be registered,
possibly some "tenant" stuff with rulers (or their delegates) of your
organization needing to permit the application and/or application and a
particular user's access and all other sorts of political obstacles to
get OAuth2 use, which are usually a bigger issue than the technical
issues -- that is why OAuth2 is not fully integrated and will not
currently be. OAuth2 *in practice* is abused to control what
applications can access YOUR OWN mail.

Do you need to register your slippers or mailbox key with $YOURCOUNTRY's
Postal Service before you can open your mailbox and get your mail out?
No. But that is what Google and Microsoft do with OAuth2 in practice.

With mail providers requiring applications to be registered, possibly
fee-paying assessment - no thanks.

I have asked several times for someone to show me "open door" OAuth2
access use cases (providers), where it really is just some
authentication scheme similar to Kerberos, but nobody showed me one yet.
So apparently OAuth2 is only relevant for the Big Data business.

And that's why currently OAuth2 for a single free software author is
about as unattractive as a tooth ache.

Having said that, if you are willing to put up with a doubly unsupported
setup (a. fetchmail 7 being alpha, and b. OAUTH2 being experimental, and
likely staying so eternally unless the political landscape changes), get
fetchmail 7 and README.OAUTH2, or - as you have set out - venture into
proxies or authentication token obtaining libraries (I find Simon
Robinson's documentation on email-oauth2-proxy has many external links,
so glad multiple questions made me interested in that).

That is cutting edge territory, nowhere near production quality.
"Cutting" edge as in bleeding. Only recommended for toying around,
development, experimentation, learning and sharing.

Many of the OAuth2 modules are also written in Python, which may make
you personally uncomfortable, as you have disclosed in the other message
on Simon Robinson's OAuth2 proxy.

I suppose I will integrate OAuth2 no sooner than someone shows me a big
provider with more than three fetchmail users which will just use OAuth2
as authentication scheme, without requiring client registration and
other nonsense.

Regards,
Matthias