[Alpine-info] O365 XOAUTH2 via fetchmail

[Eduardo Chappa]

On Wed, 20 Apr 2022, Andrew C Aitchison wrote:


> OAUTH2 support has been has been in the contrib section of fetchmail 7 

> for at least 4 years. On Saturday (16 April 2022) Matthias Andree, the 

> fetchmail maintainer, wrote 

> https://sourceforge.net/p/fetchmail/mailman/fetchmail-users/?viewmonth=202204&viewday=16

>

>    So if the abomination of hundreds of pages of a "standard" just for

>    authentication by itself does NOT suffice to implement OAuth2, then

>    we should probably leave it out and remove the experimental bits that

>    are in fetchmail's code before a release, even from contrib, and

>    replace them with a document README.OAuth2 that starts with "why does

>    fetchmail not implement OAuth2".

>

>    Or else somebody show me to a mail service that is not just some SOHO

>    site and that *does* implement OAuth2 without requiring jumping

>    through arbitrary hoops and showing dressage tricks or play sit up

>    and beg or something, then we can implement it and document "why you

>    cannot use OAuth2 with Google" instead.

>

> so I fear that the reluctance to support OAUTH2 has not gone away :-(


This worries me because fetchmail, mutt, alpine, etc. are all in the same 
boat. Our survival partly depends on the existence of our competitors, 
because having a mutt user access a server tells administrators to take 
care of a need that later might come from an Alpine user, and so having a 
bunch of programs that need access to user data, that respect privacy and 
security helps all of us.

In addition, we (mutt, fetchmail, alpine, etc.) all have to move to 
modernize our clients, and this is one of the ways in which we have to do 
it. There are other steps that need to be taken to modernize Alpine that 
need to be done, which will come later. I accept that IMAP and SMTP access 
will be gone from some of my accounts but I still need access to that data 
through Alpine, so lots of work still remains to be done for that to 
happen and what I hope is that other clients (mutt, fetchmail, etc.) will 
do the same. Alpine has a robust library to access remote mailboxes and 
lacks support for some modern access methods. I am working on bringing 
those to Alpine too, and I hope people will realize that we might have to 
leave IMAP and SMTP behind some day too, and that that's okay, because we 
will still have everything we had in the past without these protocols.

We are not there yet. We still live in the world of IMAP and SMTP, but it 
is starting to go away with companies like Google and Microsoft pushing 
their products and methods and restricting access to their services to 
competitors like Alpine for reasons of privacy and security concerns. We 
have to be ready and we will be ready. We will get there, and I hope that 
other developers like those of Mutt and Fetchmail realize about this now 
so we can all continue coexisting when the world (or Google and Microsoft) 
have turned the page on IMAP and SMTP and they do not support these 
protocols anymore.

-- 
Eduardo