Differences

This shows you the differences between two versions of the page.

--- user:sachy:lakatux [2023/02/04 17:52] – external edit 127.0.0.1
+++ user:sachy:lakatux [2023/03/23 17:03] – sachy
@@ Line 985: / Line 985: @@
   View=%view{ascii} prettyjson.py %f 2>&1
 </code>
+===== mutt vs Oauth2 =====
+Oauth2 protocol is more and more popular auth mechanism, so mutt - as the least wrong mail client - have support too. Yet the support is a bit tricky...
+First, download [[https://gitlab.com/muttmua/mutt/-/blob/master/contrib/mutt_oauth2.py|mutt_oauth2.py]] to the .mutt/ and read [[https://gitlab.com/muttmua/mutt/-/blob/master/contrib/mutt_oauth2.py.README|official README]].
+Then generate new PGP key for encryption of the Oauth secrets. "gpg --gen-key". Set the name/email to something mutty, like "mutt@mutt.mutt" to clearly distinguish it and never use in daily life. Also --edit-key to set neverending validity (default one year).
+Edit the downloaded mutt_oauth2.py and change the following:
+<code python>
+ENCRYPTION_PIPE = ['gpg', '--encrypt', '--recipient', 'mutt@mutt.mutt'] # the name of the gpgkey in last param
+...
+'client_id': '9e5f94bc-e8a4-4e73-b8be-63364c29d753', # generic client_id for Thunderbird. Valid (almost?) everywhere
+</code>
+If you want to use your own client_id, search faculty/company/google/MS support for help how to create one.
+Make first contact:
+<code bash>
+./mutt_oauth2.py LOGIN_NAME@DOMAIN.tokens --verbose --authorize # Just a file keeping the secrets...
+</code>
+Follow the instructions, I recommend to pick "authcode" when asked. Copy generated URL (whole!!!) to the browser (with JS), accept all permissions for Thunderbird (remember the fake client-id we used?) and blank page will appear. DO NOT PANIC!
+Copy the whole URL to text editor and copy out the content of code= parameter back to the mutt_oauth2 prompt. Its long, invalid, base64 stuff ending prior "&session_state=". Example:
+<code>
+.AQIABsRF82hSsEOxn1hi-mgz-LyUX56k6HNOuL5j-LOTOFGARBAGE-REALLYLOTOFGARBAGE-EVENMOREGARBAGE-vUFlgHtUs6n5bmmRQgQ7AMH8zojnZWycMA
+</code>
+Be sure not to copy newlines from vim/nano. Its one string, no newlines. NO NEWLINES!
+If done correctly, the script will respond:
+<code>
+Exchanging the authorization code for an access token
+NOTICE: Obtained new access token, expires 2023-03-23T12:30:00.00000.
+Access Token: lot-of-garbage
+</code>
+Now is time to test the Oauth2 SMTP/IMAP connection:
+<code>
+$ /mutt_oauth2.py LOGIN_NAME@DOMAIN.tokens --verbose --test # the token file
+Access Token: garbage...
+IMAP authentication succeeded
+POP authentication succeeded
+SMTP authentication succeeded
+</code>
+Good, the last thing is to edit the .mutt/muttrc (use your provider instead of Utlouk)
+<code muttrc>
+set imap_user="userid@myschool.edu"
+set folder="imap://outlook.office365.com/"
+set smtp_url="smtp://${imap_user}@smtp.office365.com:587/"
+set imap_authenticators="oauthbearer:xoauth2"
+set imap_oauth_refresh_command="/home/USER/.mutt/mutt_oauth2.py /home/USER/.mutt/LOGIN_NAME@DOMAIN.tokens"
+set smtp_authenticators=${imap_authenticators}
+set smtp_oauth_refresh_command=${imap_oauth_refresh_command}
+</code>
+If you have setup for more mailboxes, dont forget to clean the setting for all the others:
+<code muttrc>
+# reset Oauth2 to normal
+set imap_authenticators="gssapi:digest:cram-md5:sasl-ir:login"
+set imap_oauth_refresh_command=""
+set smtp_authenticators=${imap_authenticators}
+set smtp_oauth_refresh_command=""
+</code>