Skip to content

Implemented XOAUTH2 authentication for POP3 #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
TDannhauer merged 1 commit into from
Aug 7, 2025
Merged

Implemented XOAUTH2 authentication for POP3 #36

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions lib/Horde/Imap/Client/Socket/Pop3.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -270,6 +270,12 @@ protected function _login()
$auth_mech = array($this->_init['authmethod']);
}

// Always try XOAUTH2 first when defined
if (in_array('XOAUTH2', $auth_mech) && $this->getParam('xoauth2_token')) {
$auth_mech = array_diff($auth_mech, ['XOAUTH2']);
array_unshift($auth_mech, 'XOAUTH2');
}

foreach ($auth_mech as $method) {
try {
$this->_tryLogin($method);
Expand Down Expand Up @@ -405,6 +411,18 @@ protected function _tryLogin($method)
));
break;

case 'XOAUTH2':
if (!($xoauth2_token = $this->getParam('xoauth2_token')))
throw new Horde_Imap_Client_Exception("Expected an XOAUTH2 token");
Copy link
Contributor

@TDannhauer TDannhauer May 16, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If Horde_Imap_Client_Password_Xoauth2 is now used for IMAP as well as POP3, shouldn't the class be renamed/relocated to avoid confusion and fit poperly into the structure?

Copy link
Contributor Author

@jstanden jstanden May 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@TDannhauer Hello Torben! I'm not sure I follow.

The library is named Horde_Imap, so all of the existing classes (including POP3) are already prefixed:

  • Horde_Imap_Client_Socket_Connection_Pop3
  • Horde_Imap_Client_Socket_Pop3
  • Horde_Imap_Client_Ids_Pop3

The password classes are:

  • Horde_Imap_Client_Base_Password
  • Horde_Imap_Client_Password_Xoauth2

That feels consistent. The directory structure follows the class naming convention.

I do need to fix an XOAUTH2 protocol issue between Microsoft POP3 and Gmail POP3, though. The implementation uses a single line AUTH statement, but Microsoft only supports the two-line style (with the token on a second line).

Copy link
Contributor

@TDannhauer TDannhauer Aug 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sorry missed that. Fine for me.


/* @var Horde_Imap_Client_Password_Xoauth2 $xoauth2_token */

$this->_sendLine('AUTH XOAUTH2');
$this->_sendLine($xoauth2_token->getPassword(), array(
'debug' => sprintf('AUTH XOAUTH2 [Auth Response (username: %s)]', $xoauth2_token->username)
));
break;

case 'APOP':
/* If UTF8 (+ USER) is active, and non-ASCII exists, need to apply
* SASLprep to username/password. RFC 6856[2.2]. Reject if
Expand Down