SMTP Auth is not using XOAUTH2 even when specified with --login-options 'AUTH=XOAUTH2' \ #10259
Description
I did this
I want to send an E-Mail over SMTP using OAUTH2.
curl --ssl-reqd -v \
--url 'smtp://smtp.gmail.com' \
--user $USERNAME \
--login-options 'AUTH=XOAUTH2' \
--oauth2-bearer $ACCESSTOKEN \
--mail-from [email protected] \
--mail-rcpt [email protected] \
--upload-file mail.txt
For GMail this fails with
< 250-smtp.gmail.com at your service, [2001:9e8:3c3:7c00:8d8:c156:791a:89a]
< 250-SIZE 35882577
< 250-8BITMIME
< 250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
< 250-ENHANCEDSTATUSCODES
< 250-PIPELINING
< 250-CHUNKING
< 250 SMTPUTF8
} [5 bytes data]
> AUTH OAUTHBEARER
{ [5 bytes data]
< 334
} [5 bytes data]
> TOKEN
{ [5 bytes data]
< 334 eyJzdGF0dXMiOiJpbnZhbGlkX3JlcXVlc3QiLCJzY29wZSI6Imh0dHBzOi8vbWFpbC5nb29nbGUuY29tLyJ9 -> {"status":"invalid_request","scope":"https://mail.google.com/"}
} [5 bytes data]
> AQ==
{ [5 bytes data]
< 535-5.7.8 Username and Password not accepted. Learn more at
< 535 5.7.8 https://support.google.com/mail/?p=BadCredentials b6-20020aa7d486000000b0048447efe3fcsm2477734edr.84 - gsmt
curl: (67) Login denied
The bearer token is sent with AUTH OAUTHBEARER and formatted according to the format on line 72:
Lines 68 to 73 in 5a9a5e1
Which should be supported according to: < 250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
But since I specified --login-options 'AUTH=XOAUTH2' this method should be used.
I expected the following
According to Google the bearer token should be sent with AUTH XOAUTH2
https://developers.google.com/gmail/imap/xoauth2-protocol
And this token format should be used:
Lines 95 to 100 in 5a9a5e1
Microsoft describes the same standard.
https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth
According to this site these are the main provider using SASL XOAUTH2 as the authentication mechanism:
https://mailtrap.io/blog/smtp-auth/
Since I never got it working, I don't know if this is the reason for the login the problem. But curl should use the specified login mechanism.
Thank you for all your work.
curl/libcurl version
$ curl -V
curl 7.86.0 (x86_64-w64-mingw32) libcurl/7.86.0 OpenSSL/1.1.1s (Schannel) zlib/1.2.13 brotli/1.0.9 zstd/1.5.2 libidn2/2.3.3 libssh2/1.10.0 nghttp2/1.51.0
Release-Date: 2022-10-26
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL SSPI threadsafe TLS-SRP UnixSockets zstd
AND
$version
[1] "7.64.1"
$ssl_version
[1] "(OpenSSL/1.1.1k) Schannel"
$libz_version
[1] "1.2.12"
$libssh_version
[1] "libssh2/1.9.0"
$libidn_version
[1] NA
$host
[1] "x86_64-w64-mingw32"
$protocols
[1] "dict" "file" "ftp" "ftps" "gopher" "http" "https" "imap" "imaps" "ldap" "ldaps" "pop3" "pop3s"
[14] "rtsp" "scp" "sftp" "smtp" "smtps" "telnet" "tftp"
$ipv6
[1] TRUE
$http2
[1] FALSE
$idn
[1] TRUE
operating system
Window 10 22H2 Build 19045.2364