Nginx patch to support OAuth SASL mechanism
[SASL XOAUTH2]
In this mechanism, OAuth Token should be base64 encoding of the following format string;
[email protected]^Aauth=Bearer vF9dft4qmTc2Nvb3RlckBhdHRhdmlzdGEuY29tCg==^A^A
(*)^A represents a Control+A (\001) here.
The base64 encoded value is sent to server with Authenticate command and XOAUTH2 parameter of IMAP like this;
AUTHENTICATE XOAUTH2 dXNlcj1zb21ldXNlckBleGFtcGxlLmNvbQFhdXRoPUJlYXJlciB2RjlkZnQ0cW1UYzJOdmIzUmxja0JoZEhSaGRtbHpkR0V1WTI5dENnPT0BAQo=
Full protcol flow example of IMAP is the following;
[connection begins]
C: C01 CAPABILITY
S: * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA XLIST CHILDREN XYZZY SASL-IR AUTH=XOAUTH2
S: C01 OK Completed
C: A01 AUTHENTICATE XOAUTH2 dXNlcj1zb21ldXNlckBleGFtcGxlLmNvbQFhdXRoPUJlYXJlciB2RjlkZnQ0cW1UYzJOdmIzUmxja0JoZEhSaGRtbHpkR0V1WTI5dENnPT0BAQo=
S: A01 OK Success
[connection continues...]
When nginx recieve AUTHENTICATE command, HTTP headers below are used by nginx to communicate with the authentication server.
Auth-Method: oauth
Auth-User: [email protected]
Auth-Pass: dXNlcj1zb21ldXNlckBleGFtcGxlLmNvbQFhdXRoPUJlYXJlciB2RjlkZnQ0cW1UYzJOdmIzUmxja0JoZEhSaGRtbHpkR0V1WTI5dENnPT0BAQo=
Auth-Protocol: imap
Detais about other headers are documented here.
[SASL OAUTHBEARER]
TBD
[SASL OAUTH10A]
TBD