add support of OAUTHBEARER

[EdouardVanbelle]

Hello please find the implementation of the OAUTHBEARER authentification
(https://www.rfc-editor.org/rfc/rfc7628.html)

[schengawegga]

Thank you. I am very busy at the moment. I will have a look next week.

[EdouardVanbelle]

Hello @schengawegga, no worries. Let me know if you need explanations

[Neustradamus]

@EdouardVanbelle: Nice, good job!

Linked to:

• OAuth improvements (+ add user_create hook) roundcube/roundcubemail#9274
• oauth: feat: use OIDC claims on user creation roundcube/roundcubemail#9286
• oauth: feat: add support of PKCE roundcube/roundcubemail#9287
• oauth: security: add support of nonce roundcube/roundcubemail#9288
• oauth: select auth scheme (XOAUTH2 vs OAUTHBEARER) roundcube/roundcubemail#9289
• add support of OAUTHBEARER #79
• add support of OAUTHBEARER Net_Sieve#10
• oauth: add a generic method OAUTH to choose automatically a supported method Net_Sieve#11

[Neustradamus]

@schengawegga: It has been merged in Roundcube!

Now, I hope that SCRAM will be added in Roundcube soon!
I hope help from @EdouardVanbelle...

[EdouardVanbelle]

Hello @schengawegga I added a new commit to this PR: when specifying the fake 'OAUTH' method,
library will elect the best method between 'XOAUTH2' and 'OAUTHBEARER'

Happy new year !

[schengawegga]

Hey @EdouardVanbelle ,

thanks for your contribution. I will review and test this soon. But maybe not in this year, because my family wants some time with me, too ;-)

I wish you a happy new year.

[EdouardVanbelle]

Hello @Neustradamus I do not work anymore in OVHCloud
By the way you can contact me via edouard at vanbelle dot fr

[Neustradamus]

@EdouardVanbelle: Thanks, I will do it, you can remove your comment :)

[alecpl]

All auth* methods are protected, so this one should too, I suppose.

[EdouardVanbelle]

I did not touch on previous methods already in place, I can correct it to move it into protected, no clue if it is already used outside of this library, I don't think so

[EdouardVanbelle]

I corrected it in favor of a protected method
@schengawegga let me know your preferences

[schengawegga]

My preference is like @alecpl, to protect all auth* methods, to be straight on this kind of methods.
But, i as you said @EdouardVanbelle, if anybody uses this method from outside, it will break backwards compatibility, and have to be released on a new major version. I also do not think, that anybody uses this from outside, but it is possible.

@alecpl @jparise what do you think about that? can we do a bugfix to change authXOAuth2 method to protected without releasing this under a new major version?

[EdouardVanbelle]

While waiting any feedback I kept the original signature and added a FIXME in comment

[EdouardVanbelle]

Thank you @alecpl for your review !

@schengawegga, I hope you will find the time to review this small change ;)

[EdouardVanbelle]

Hello @schengawegga, apologies for the delay, busy time...
I applied your suggestions

[Neustradamus]

@EdouardVanbelle: Good job!

If you can help @alecpl to have SCRAM supports into Roundcube, it will be nice...

[schengawegga]

Thank you very much @EdouardVanbelle @alecpl
I will do a release of 1.12.0 in the next days.

[EdouardVanbelle]

Hello @schengawegga do you know when you can arrange time to release your new version ? :)

[schengawegga]

@EdouardVanbelle Version 1.12.0 released

[Neustradamus]

@schengawegga: Thanks, good job too!