From 544b72cde1ddda7e5de4a55d68c44ffae52c6550 Mon Sep 17 00:00:00 2001
From: Timo Wilken
Date: Mon, 3 Apr 2023 15:36:51 +0200
Subject: Use aerc's native XOAUTH2 support

To avoid jank when refreshing access tokens, let aerc do it itself rather than
shelling out to mutt_oauth2.py.
---
 tw/home/files/aerc/accounts.conf | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'tw/home/files')

diff --git a/tw/home/files/aerc/accounts.conf b/tw/home/files/aerc/accounts.conf
index ea3a4536..ef96997d 100644
--- a/tw/home/files/aerc/accounts.conf
+++ b/tw/home/files/aerc/accounts.conf
@@ -1,14 +1,17 @@
 [CERN]
-source            = imaps+xoauth2://timo.wilken%40cern.ch@outlook.office365.com
-outgoing          = smtp+xoauth2://timo.wilken%40cern.ch@smtp.office365.com
+# https://man.sr.ht/~rjarry/aerc/providers/microsoft.md#office365-with-xoauth2
+source            = imaps+xoauth2://timo.wilken%40cern.ch@outlook.office365.com?client_id=9e5f94bc-e8a4-4e73-b8be-63364c29d753&token_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/token&scope=https://outlook.office.com/SMTP.Send https://outlook.office.com/IMAP.AccessAsUser.All offline_access
+outgoing          = smtp+xoauth2://timo.wilken%40cern.ch@smtp.office365.com:587?client_id=9e5f94bc-e8a4-4e73-b8be-63364c29d753&token_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/token&scope=https://outlook.office.com/SMTP.Send https://outlook.office.com/IMAP.AccessAsUser.All offline_access
 smtp-starttls     = true
-# To authorize for the first time:
+# To authorize for the first time (to get refresh token):
 # mutt_oauth2.py ~/.local/share/aerc/twilken.tokens --authorize --authflow authcode --provider microsoft \
 #    --email timo.wilken@cern.ch --client-id 9e5f94bc-e8a4-4e73-b8be-63364c29d753 --client-secret '' \
 #    --encryption-pipe 'gpg --encrypt --recipient C2249BBE5E8761C943A0CFA1B7B3914BF63ACD7C'
 # Confirm empty client secret. When done, copy-paste ?code= value from final URL to the command-line.
-source-cred-cmd   = mutt_oauth2.py ~/.local/share/aerc/twilken.tokens --encryption-pipe 'gpg --encrypt --recipient C2249BBE5E8761C943A0CFA1B7B3914BF63ACD7C'
-outgoing-cred-cmd = mutt_oauth2.py ~/.local/share/aerc/twilken.tokens --encryption-pipe 'gpg --encrypt --recipient C2249BBE5E8761C943A0CFA1B7B3914BF63ACD7C'
+# Then, to store the refresh token:
+# gpg --decrypt ~/.local/share/aerc/twilken.tokens | jq -r .refresh_token | pass insert -e -f cern/exol/refresh-token
+source-cred-cmd   = pass cern/exol/refresh-token
+outgoing-cred-cmd = pass cern/exol/refresh-token
 default           = INBOX
 from              = Timo Wilken <timo.wilken@cern.ch>
 aliases           = twilken@cern.ch
-- 
cgit v1.2.3