Indy, OAuth 2.0 with protocol POP - Printable Version +- Atozed Forums (https://www.atozed.com/forums) +-- Forum: Indy (https://www.atozed.com/forums/forum-8.html) +--- Forum: Indy General Discussion (https://www.atozed.com/forums/forum-9.html) +--- Thread: Indy, OAuth 2.0 with protocol POP (/thread-1644.html) |
Indy, OAuth 2.0 with protocol POP - IndyBeginner - 04-27-2020 Hi, is it possible to receive mails using POP3 with OAuth 2.0 with newest version of Indy? I manage to receive mails using IMAP with OAuth 2.0 as well as sending with SMTP with OAuth 2.0, but I cannot do it with POP3 (I can do it using App Password (ASP), but I want to avoid it). Thank You for Your quick replies RE: Indy, OAuth 2.0 with protocol POP - rlebeau - 04-27-2020 (04-27-2020, 09:16 AM)IndyBeginner Wrote: is it possible to receive mails using POP3 with OAuth 2.0 with newest version of Indy? Indy does not have any native support for OAuth at this time. There are some 3rd party implementations floating around, though. (04-27-2020, 09:16 AM)IndyBeginner Wrote: I manage to receive mails using IMAP with OAuth 2.0 as well as sending with SMTP with OAuth 2.0, but I cannot do it with POP3 Why not? What is the actual problem you are experiencing? Using OAuth with POP3 shouldn't be any different than using it with IMAP and SMTP. How are you using OAuth with IMAP and SMTP to begin with? Are you sure that your POP3 server even supports OAuth? Please be more specific. RE: Indy, OAuth 2.0 with protocol POP - IndyBeginner - 04-28-2020 Let mi start explaining: I manage to connect via SMTP basing on project: https://github.com/geoffsmith82/GmailAuthSMTP . In the similar way, I did it on IMAP. But, when I try to connect via POP3, like I do it via IMAP, I failed. On most forums, people write, that Google do not suport OAuth 2.0 on POP3, e.g.: https://support.google.com/mail/thread/23553381?hl=en . These are posts from the end of the year 2019, BUT on the official Google site, they claim that OAuth 2.0 is supported, e.g.: https://developers.google.com/gmail/imap/xoauth2-protocol . Last update is in the beginning of April. I decided to look inside the Indy code, to IdPOP3 and IdIMAP4 classes. I found differences in the part of code, where authorization is - please, look at the TIdIMAP4.Login and TIdPOP3.Login pictures in attachment. I use initial-response in connection via SMTP and IMAP, but it looks like TIdPOP3 does not support initial-response. So, will I manage to connect with OAuth2 with POP3 in Indy (avoiding using app password)? RE: Indy, OAuth 2.0 with protocol POP - rlebeau - 04-28-2020 (04-28-2020, 07:40 AM)IndyBeginner Wrote: I decided to look inside the Indy code, to IdPOP3 and IdIMAP4 classes. I found differences in the part of code, where authorization is - please, look at the TIdIMAP4.Login and TIdPOP3.Login pictures in attachment. I use initial-response in connection via SMTP and IMAP, but it looks like TIdPOP3 does not support initial-response. There are comments about that in the source code for TIdPOP3.Login() and TIdSASLEntries.LoginSASL(), which is the method that both TIdPOP3 and TIdSMTP use: Code: // SASL in POP3 did not originally support Initial-Response. It was added Code: // SASL in SMTP and DICT supported Initial-Response from the beginning, As you can see in TIdPOP3.Login(), it does indeed set ACanAttemptIR=False, whereas TIdSMTP sets ACanAttemptIR=True unconditionally, and TIdIMAP4 uses the initial-response parameter based on the presence of the SASL-IR capability. So, to do what you want in POP3, you will have to set ACanAttemptIR=True instead, but know that it MAY fail on older non-Google servers. On the other hand, the initial-response parameter of an AUTH command in POP3 is optional, even by modern RFCs, so Google should not be requiring clients to use the initial-response parameter. If it is, that is a bug on Google's part. (04-28-2020, 07:40 AM)IndyBeginner Wrote: So, will I manage to connect with OAuth2 with POP3 in Indy (avoiding using app password)? If Google is requiring the use of the initial-response parameter in an AUTH XOAUTH2 command, and if you don't update the source code for TIdPOP3.Login() to set ACanAttemptIR=True, then no, unless you handle the SASL commands manually by calling TIdPOP3.SendCmd() directly. |