Hiya,

On Sun, 25 Aug 2013, Kyle L. Huff wrote:

> Perhaps in addition to moving the call to checkpassword() to
> after the parameter collection it might be intuitive to add a new
> type to checkpasswd() - say, "XOAUTH2 Access Token" - to prompt
> for an omitted bearer. This would handle cases where the auth
> mech was explicitly defined as AUTH=XOAUTH2, but no bearer
> token was provided.

Nice idea - I will look into moving checkpasswd().

> Below is an example of the behavior of a few examples with the
> included patches. Hopefully this gives you a better context of the
> current behavior.
>
> command: curl --url "smtps://smtp.domain.com:465" -u
> user.name_at_domain.com;AUTH=XOAUTH2 --bearer ya29.AHES...xMbS
> result: prompts for password; auth LOGIN is attempted

Interesting - I would have expected OAUTH to be attempted :(

> Also, I removed the check for conn->bearer from the functions
> imap_perform_authenticate and smtp_perform_authenticate, as
> I believe this check lacks sanity. With that check If the bearer is
> absent the result would is "No known authentication mechanisms
> supported!", which I believe should result in code 334 "Authentication
> Failure". Any check for the bearer should be done elsewhere (if at all).

That makes more sense.

Finally, I see from the patch files that you've used a slightly different
name and email address for your commits than the one you post here as.

I would prefer to use the same so the change log in git is more "humanly"
readable - I can fix this up rather than posting new patches but just wanted
to check if you would prefer "Kyle L. Huff" or "Kyle Huff" ?

Kind Regards

Steve
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-08-25