adding OAuth

[russellbell at gmail.com]

	Quoth Ken Hornstein: 'Adding OAuth support to Cyrus-SASL would
be ... a large pain in the ass.'  
	Thanks for the reply.  I had no idea how hard it was.  I defer
to others' judgment.  I don't know that I'd do the work, at least not
by myself.

	KH: 'To support OAuth2 for Gmail requires your project to
register with Google and obtain a specific key (well, what you get is
a "client_id" and a "client_secret"); we did that for nmh.  It's not
clear to me how that would work for Cyrus-SASL; would every
application have to register an API key?'
	This isn't a problem for me: sendmail is the only app that
matters to me.

	KH: 'the key difference here is the GSSAPI library and
Kerberos utilities take care of all that for you; all you need to do
as an application programmer is make GSSAPI calls and you get the
necessary info back.  There is not, AFAIK, a comparable library in C
that is designed for this work'
	liboauth is a collection of c functions implementing the
http://oauth.net API - does that help?
	I found a plugin for mutt that does this; mutt uses sendmail.
I also found Java and VB scripts.  I think it's possible as a
wrap-around - I just have to reverse-engineer it.  I also found a
description of how to do it by telnetting to the SMTP port, passing
the token, a couple of extra steps.

	KH: 'The actual implementation requires you to parse JSON'
	One script I found to do this uses normal (JSON-ignorant) Unix
tools to extract client_id and client_secret, the only parts that
matter.  (Fields are comma-separated; colons separates the name of the
field from its value).

	Quoth I: 'gmail put both messages from this mailing list in my
spam folder.
	KH: 'I think this is not a Cyrus-SASL issue?'
	It's certainly gmail's fault - but they're so big mistakes
they make hurt others.  I've done nothing to change my spam
preferences at gmail and false spam marking happens about 1 in 10K.  I
mentioned it as data for the administrators to consider.

russell bell