2. About XOAUTH2
XOAUTH2 is:
- Modern Authentication platform of IMAP,
POP, SMTP
- Using “Access Token” Instead of password
- 1. get Access Token by OAuth2
- 2. create Initial Client Response
- 3. authenticate by Initial Client Response
3. IMAP Protocol Exchange
S: * OK Gimap ready for requests from 999.999.999.999 s2mb342107909paf
C: 1 capability
S: * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1
XYZZY SASL-IR AUTH=XOAUTH AUTH=XOAUTH2 AUTH=PLAIN AUTH=PLAIN-CLIENTTOKEN
S: 1 OK Thats all she wrote! s2mb342107909paf
C: 2 authenticate xoauth2 dXNlcj1hbWFnYWtpLnRv…
S: * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1
UIDPLUS COMPRESS=DEFLATE ENABLE MOVE CONDSTORE ESEARCH UTF8=ACCEPT
S: 2 OK example@gmail.com authenticated (Success)
Specify Initial Client Response which is created from username
and access token
4. POP Protocol Exchange
S: +OK Gpop ready for requests from 999.999.999.999 sl3mb196836996iec
C: CAPA
S:
S:
S:
S:
S:
S:
S:
S:
S:
S:
+OK Capability list follows
USER
RESP-CODES
EXPIRE 0
LOGIN-DELAY 300
TOP
UIDL
X-GOOGLE-RICO
SASL PLAIN XOAUTH2
.
C: AUTH XOAUTH2 dXNlcj1hbWFnYWtpLnRv…
S: +OK Welcome.
Specify Initial Client Response which is created from
username and access token
5. SMTP Protocol Exchange
S: 250 SMTPUTF8
C: EHLO example.com
S:
S:
S:
S:
S:
S:
S:
S:
250-mx.google.com at your service, [999.999.999.999]
250-SIZE 35882577
250-8BITMIME
250-AUTH LOGIN PLAIN XOAUTH XOAUTH2 PLAIN-CLIENTTOKEN
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
C: AUTH XOAUTH2 dXNlcj1hbWFnYWtpLnRv…
S: 235 2.7.0 Accepted
Specify Initial Client Response which is created from
username and access token
6. XOAUTH2 Initial Client Response
Format of Initial Client Response is:
(^A = 001)
Can be created by following command:
base64("user=" {User} "^Aauth=Bearer " {Access Token} "^A^A")
echo -en "user=example@gmail.com001auth=Bearer
vF9dft4qmTc2Nvb3RlckBhdHRhdmlzdGEuY29tCg==001001" | base64
7. Login Flow
● Mail Client: Windows 8.1 Mail
● Mail Provider: Google Apps
○ Single-Sign on with HDE One Access Control
13. State of XOAUTH2 on Google
Disabled PLAIN Auth(password) on Default
14. Supporting Mail Services / Mailers
Mail Services Mailers
● More applications will support
Yes No
Gmail
Google Apps
Outlook.com
Office 365 (Exchange online)
Yahoo! mail
Yes No
Windows 8.1 mail Outlook
Thunderbird