(04-28-2020, 07:40 AM)IndyBeginner Wrote: I decided to look inside the Indy code, to IdPOP3 and IdIMAP4 classes. I found differences in the part of code, where authorization is - please, look at the TIdIMAP4.Login and TIdPOP3.Login pictures in attachment. I use initial-response in connection via SMTP and IMAP, but it looks like TIdPOP3 does not support initial-response.
There are comments about that in the source code for
TIdPOP3.Login() and
TIdSASLEntries.LoginSASL(), which is the method that both
TIdPOP3 and
TIdSMTP use:
Code:
// SASL in POP3 did not originally support Initial-Response. It was added
// in RFC 2449 along with the CAPA command. If a server supports the CAPA
// command then it *should* also support Initial-Response as well, however
// many POP3 servers support CAPA but do not support Initial-Response
// (which was formalized in RFC 5034). So, until we can handle that
// descrepency better, we will simply disable Initial-Response for now.
Code:
// SASL in SMTP and DICT supported Initial-Response from the beginning,
// as should any new SASL-enabled protocol moving forward.
//
// SASL in IMAP did not originally support Initial-Response, but it was
// added in RFC 4959 along with an explicit capability ('SASL-IR') to
// indicate when Initial-Response is supported. SASL in IMAP is currently
// handled by TIdIMAP4 directly, but should it be updated to use
// TIdSASLEntries.LoginSASL() in the future then it will set the
// ACanAttemptIR parameter accordingly.
//
// SASL in POP3 did not originally support Initial-Response. It was added
// in RFC 2449 along with the CAPA command. If a server supports the CAPA
// command then it *should* also support Initial-Response as well, however
// many POP3 servers support CAPA but do not support Initial-Response
// (which was formalized in RFC 5034). So, to handle that descrepency,
// TIdPOP3 currently sets ACanAttemptIR to false. In the future, we could
// let it set ACanAttemptIR to True instead, and then if Initial-Response
// fails here for POP3 then re-attempt without Initial-Response before
// exiting with a failure.
As you can see in
TIdPOP3.Login(), it does indeed set
ACanAttemptIR=False, whereas
TIdSMTP sets
ACanAttemptIR=True unconditionally, and
TIdIMAP4 uses the
initial-response parameter based on the presence of the
SASL-IR capability.
So, to do what you want in POP3, you will have to set
ACanAttemptIR=True instead, but know that it
MAY fail on older non-Google servers.
On the other hand, the
initial-response parameter of an
AUTH command in POP3 is
optional, even by modern RFCs, so Google should not be
requiring clients to use the
initial-response parameter. If it is, that is a bug on Google's part.
(04-28-2020, 07:40 AM)IndyBeginner Wrote: So, will I manage to connect with OAuth2 with POP3 in Indy (avoiding using app password)?
If Google is
requiring the use of the
initial-response parameter in an
AUTH XOAUTH2 command, and if you don't update the source code for
TIdPOP3.Login() to set
ACanAttemptIR=True, then no, unless you handle the SASL commands manually by calling
TIdPOP3.SendCmd() directly.