Re: [exim] a tool to relay to Gmail using AUTH XOAUTH2

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: exim-users
Subject: Re: [exim] a tool to relay to Gmail using AUTH XOAUTH2
On 2019-09-18 at 23:05 +0200, Heiko Schlittermann via Exim-users wrote:
> Wouldn't it be better to integrate it into Exim itself?
> Can't we use the authenticators for this? Write a new
> driver, xoauth2, and use it in the transport section?


If recollection serves, XOAUTH2 can require prompting for reconfirmation
via opening a web-browser and after "whatever happens there" POSTing
back to a localhost listening port to provide the actual credential.

XOAUTH2 is really for desktop apps, like email clients talking to the
submission port, and not well suited to an MTA performing unattended
delivery.

So from Exim's side, this would be "Okay, what hooks can we provide for
'mostly unattended' delivery, grabbing a human for intervention when
needed".

So if this were to be in Exim, it would instead need to be something
like: "keep using this credential in this file, but when it fails,
execute this other command instead and pause usage of this authenticator
until the mod-time on the credential file changes" and an external tool
to manage the refresh. And suggested monitoring integrations.

At which point, a local sidecar proxy for talking to Gmail where the
proxy manages all of that might actually be the better approach, thus
the OP's design.

-Phil