On Thu, 21 Mar 2019 09:49:50 -0400 Tom Horsley horsley1953@gmail.com wrote:
I can't for the life of me tell: Is Office 365 "multifactor authentication" the same as OAUTH2?
Yes, but not enough. Our university decided to set up a third party authenticator called OKTA so these things need to talk to each other.
We have figured out how to do this talking and can download e-mail writing our python code but it comes down in json format. I don't want to have to write an entire MTA or e-mail client just to read my e-mail. So I was looking at some other option that can be used.
I came across something called JMAP but I am not sure if it is relevant. All this is a bit beyond our domain of expertise and that presents a problem.
I've been trying to find a fetchmail-like thing that supports OAUTH2 so google will stop badgering me about using an insecure access, and there is a python thing called "getmail" which, in theory, has a plugin for doing OAUTH2 access.
I haven't tried to set it up yet, so I don't know if it works to make gmail happy or not. (I keep seeing references to fetchmail 7 having support for it, but I can't find any pointers to even a beta of fetchmail 7).
fetchmail 7 alpha has support for this but it is specific for gmail (which is your use case). I have built an RPM for this and am running it, but I have noticed that the copr site also has a new RPM here:
https://copr.fedorainfracloud.org/coprs/vcrhonek/fetchmail-7.0.0-alpha/
I know that my RPM works and retrieves e-mail from other servers that do not use this 2FA drivel. I am sure that the copr one does too, but i have not tried it. Btw, fetchmail's options on ssl has changed (you need sslmode wrapped) in 7 alpha.
It is not enough to run fetchmail. You need some python code to get your token which is here:
http://mmogilvi.users.sourceforge.net/software/oauthbearer.html
Note also that you will need to figure out a way to send mail via postfix or some other option. That webpage is pretty detailed.
Best option is to ignore OAUTH2 for as long as you can.
As I said, this is not relevant to my case.
HTH, Best wishes, Ranjan