Use OAUTH login optionally / in addition to traditional IMAP login

[mstilkerich]

Hello,

when having set up authentication via OAUTH, roundcube 1.5 still displays the form for username / password login. So I guess it is a use case to have OAUTH as a login option in addition to traditional logins to IMAP servers.

However, rcmail::autoselect_host() does not work in such cases unless the IMAP resource server is the first entry in the default_host configuration. Which happens to normally not be the best choice for manual login, if username/password auth schemes are supported by the server at all. The autoselection based on domain part of the username does not work, since after OAUTH login, no username (or host) is available in the request. It would be nice to have a solution for such set ups.

I see the following options, but maybe I am missing something.

Option 1: Specify IMAP host as part of the oauth settings for the OAUTH configuration.

Thus with OAUTH login, the storage host would not be selected from the default_host config setting, but from a different setting.

Example: $config['oauth_storage_host'] = "ssl://imap.gmail.com";

IMO this would make the most sense, since it does not affect the possibility to have several hosts user-selectable for username/password login. That is, default_host would not be used with OAUTH login.

Option 2: Make the OAUTH username available to rcmail::autoselect_host()

Then, the selection can take place based on the domain part of the username, like so:

$config['default_host'] = [
        0 => 'imap.example.com',
        'ssl://imap.gmail.com' => [ 'gmail.com', 'googlemail.com' ],
];

However, it appears this does not allow multiple custom hosts for manual login, because the dropdown is not shown as soon as I have a string key in that array. E.g. this would not work:

$config['default_host'] = [
        0 => 'imap.example.com',
        1=> 'imap2.example.com',
        'ssl://imap.gmail.com' => [ 'gmail.com', 'googlemail.com' ],
];

Also, it requires the OAUTH server to use usernames that have a domain part (don't know if this is always the case).

Option 3: Make the OAUTH storage server the first host in default_host

This is what works for the current implementation, but as I wrote above it is not optimal from a users point of view.
This means the OAUTH host shows up as first entry in the drop down list for the username/password login, and might typically not be usable for that form of login.

$config['default_host'] = [
     'ssl://imap.gmail.com',
     'imap.example.com',
];

[thomascube]

Indeed it's possible to have both OAuth and default login with host selection configured but I think it's a rare situation. The best solution to this I assume to be the suggested Option 1. It has the least side-effects to the default cases. The issue has low prio, though.