|
@@ -0,0 +1,508 @@
|
|
|
+# HG changeset patch
|
|
|
+# User Sean Burke <sean@thunderbird.net>
|
|
|
+# Date 1666520198 -39600
|
|
|
+# Node ID 37f32ce1863bbee3639d6a0a75cbbc7c225b9dc7
|
|
|
+# Parent 07b10a62a5d560b3f6d4499180bf27c2fcc5c6c3
|
|
|
+Bug 1685414 - switch Thunderbird OAuth2 to desktop client auth. r=darktrojan,sancus a=wsmwk
|
|
|
+
|
|
|
+Differential Revision: https://phabricator.services.mozilla.com/D158588
|
|
|
+
|
|
|
+diff --git a/calendar/providers/caldav/calDavCalendar.js b/calendar/providers/caldav/calDavCalendar.js
|
|
|
+--- a/calendar/providers/caldav/calDavCalendar.js
|
|
|
++++ b/calendar/providers/caldav/calDavCalendar.js
|
|
|
+@@ -1593,23 +1593,22 @@ calDavCalendar.prototype = {
|
|
|
+ if (this.mUri.host == "apidata.googleusercontent.com") {
|
|
|
+ if (!this.oauth) {
|
|
|
+ let sessionId = this.id;
|
|
|
+ let pwMgrId = "Google CalDAV v2";
|
|
|
+ let authTitle = cal.l10n.getAnyString(
|
|
|
+ "global", "commonDialogs", "EnterUserPasswordFor2", [this.name]
|
|
|
+ );
|
|
|
+ this.oauth =
|
|
|
+- new OAuth2(
|
|
|
+- OAUTH_BASE_URI + "oauth2/auth",
|
|
|
+- OAUTH_BASE_URI + "oauth2/token",
|
|
|
+- OAUTH_SCOPE,
|
|
|
+- OAUTH_CLIENT_ID,
|
|
|
+- OAUTH_HASH
|
|
|
+- );
|
|
|
++ new OAuth2(OAUTH_SCOPE, {
|
|
|
++ authorizationEndpoint: OAUTH_BASE_URI + "oauth2/auth",
|
|
|
++ tokenEndpoint: OAUTH_BASE_URI + "oauth2/token",
|
|
|
++ clientId: OAUTH_CLIENT_ID,
|
|
|
++ clientSecret: OAUTH_HASH,
|
|
|
++ });
|
|
|
+
|
|
|
+ this.oauth.requestWindowTitle = authTitle;
|
|
|
+ this.oauth.requestWindowFeatures = "chrome,private,centerscreen,width=430,height=750";
|
|
|
+
|
|
|
+ Object.defineProperty(this.oauth, "refreshToken", {
|
|
|
+ get: function() {
|
|
|
+ if (!this.mRefreshToken) {
|
|
|
+ let pass = { value: null };
|
|
|
+diff --git a/calendar/providers/caldav/modules/CalDavSession.jsm.1685414.later b/calendar/providers/caldav/modules/CalDavSession.jsm.1685414.later
|
|
|
+new file mode 100644
|
|
|
+--- /dev/null
|
|
|
++++ b/calendar/providers/caldav/modules/CalDavSession.jsm.1685414.later
|
|
|
+@@ -0,0 +1,76 @@
|
|
|
++--- CalDavSession.jsm
|
|
|
+++++ CalDavSession.jsm
|
|
|
++@@ -25,23 +25,22 @@ class CalDavGoogleOAuth extends OAuth2 {
|
|
|
++ /**
|
|
|
++ * Constructs a new Google OAuth authentication provider
|
|
|
++ *
|
|
|
++ * @param {String} sessionId The session id, used in the password manager
|
|
|
++ * @param {String} name The user-readable description of this session
|
|
|
++ */
|
|
|
++ constructor(sessionId, name) {
|
|
|
++ /* eslint-disable no-undef */
|
|
|
++- super(
|
|
|
++- "https://accounts.google.com/o/oauth2/auth",
|
|
|
++- "https://www.googleapis.com/oauth2/v3/token",
|
|
|
++- "https://www.googleapis.com/auth/calendar",
|
|
|
++- OAUTH_CLIENT_ID,
|
|
|
++- OAUTH_HASH
|
|
|
++- );
|
|
|
+++ super("https://www.googleapis.com/auth/calendar", {
|
|
|
+++ authorizationEndpoint: "https://accounts.google.com/o/oauth2/auth",
|
|
|
+++ tokenEndpoint: "https://www.googleapis.com/oauth2/v3/token",
|
|
|
+++ clientId: OAUTH_CLIENT_ID,
|
|
|
+++ clientSecret: OAUTH_HASH,
|
|
|
+++ });
|
|
|
++ /* eslint-enable no-undef */
|
|
|
++
|
|
|
++ this.id = sessionId;
|
|
|
++ this.origin = "oauth:" + sessionId;
|
|
|
++ this.pwMgrId = "Google CalDAV v2";
|
|
|
++
|
|
|
++ this._maybeUpgrade(name);
|
|
|
++
|
|
|
++@@ -56,19 +55,19 @@ class CalDavGoogleOAuth extends OAuth2 {
|
|
|
++
|
|
|
++ /**
|
|
|
++ * If no token is found for "Google CalDAV v2", this is either a new session (in which case
|
|
|
++ * it should use Thunderbird's credentials) or it's already using Thunderbird's credentials.
|
|
|
++ * Detect those situations and switch credentials if necessary.
|
|
|
++ */
|
|
|
++ _maybeUpgrade() {
|
|
|
++ if (!this.refreshToken) {
|
|
|
++- [this.clientId, this.consumerSecret] = OAuth2Providers.getIssuerDetails(
|
|
|
++- "accounts.google.com"
|
|
|
++- );
|
|
|
+++ const issuerDetails = OAuth2Providers.getIssuerDetails("accounts.google.com");
|
|
|
+++ this.clientId = issuerDetails.clientId;
|
|
|
+++ this.consumerSecret = issuerDetails.clientSecret;
|
|
|
++ this.origin = "oauth://accounts.google.com";
|
|
|
++ this.pwMgrId = "https://www.googleapis.com/auth/calendar";
|
|
|
++ }
|
|
|
++ }
|
|
|
++
|
|
|
++ /**
|
|
|
++ * Returns true if the token has expired, or will expire within the grace time.
|
|
|
++ */
|
|
|
++@@ -262,17 +261,19 @@ class CalDavTestOAuth extends CalDavGoog
|
|
|
++ // I don't know why, but tests refuse to work with a plain HTTP endpoint
|
|
|
++ // (the request is redirected to HTTPS, which we're not listening to).
|
|
|
++ // Just use an HTTPS endpoint.
|
|
|
++ this.redirectionEndpoint = "https://localhost";
|
|
|
++ }
|
|
|
++
|
|
|
++ _maybeUpgrade() {
|
|
|
++ if (!this.refreshToken) {
|
|
|
++- [this.clientId, this.consumerSecret] = OAuth2Providers.getIssuerDetails("mochi.test");
|
|
|
+++ const issuerDetails = OAuth2Providers.getIssuerDetails("mochi.test");
|
|
|
+++ this.clientId = issuerDetails.clientId;
|
|
|
+++ this.consumerSecret = issuerDetails.clientSecret;
|
|
|
++ this.origin = "oauth://mochi.test";
|
|
|
++ this.pwMgrId = "test_scope";
|
|
|
++ }
|
|
|
++ }
|
|
|
++ }
|
|
|
++
|
|
|
++ /**
|
|
|
++ * A session for the caldav provider. Two or more calendars can share a session if they have the
|
|
|
+diff --git a/calendar/test/unit/test_caldav_requests.js.1685414.later b/calendar/test/unit/test_caldav_requests.js.1685414.later
|
|
|
+new file mode 100644
|
|
|
+--- /dev/null
|
|
|
++++ b/calendar/test/unit/test_caldav_requests.js.1685414.later
|
|
|
+@@ -0,0 +1,23 @@
|
|
|
++--- test_caldav_requests.js
|
|
|
+++++ test_caldav_requests.js
|
|
|
++@@ -949,8 +949,20 @@ add_task(async function test_caldav_clie
|
|
|
++ add_task(async function test_caldav_sync() {
|
|
|
++ gServer.reset();
|
|
|
++ let uri = gServer.uri("/calendars/xpcshell/events/");
|
|
|
++ gMockCalendar.session = gServer.session;
|
|
|
++ let webDavSync = new CalDavWebDavSyncHandler(gMockCalendar, uri);
|
|
|
++ await webDavSync.doWebDAVSync();
|
|
|
++ ok(webDavSync.logXML.includes("イベント"), "Non-ASCII text should be parsed correctly");
|
|
|
++ });
|
|
|
+++
|
|
|
+++add_task(function test_can_get_google_adapter() {
|
|
|
+++ // Initialize a session with bogus values
|
|
|
+++ const session = new CalDavSession("xpcshell@example.com", "xpcshell");
|
|
|
+++
|
|
|
+++ // We don't have a facility for actually testing our Google CalDAV requests,
|
|
|
+++ // but we can at least verify that the adapter looks okay at a glance
|
|
|
+++ equal(
|
|
|
+++ session.authAdapters["apidata.googleusercontent.com"].authorizationEndpoint,
|
|
|
+++ "https://accounts.google.com/o/oauth2/auth"
|
|
|
+++ );
|
|
|
+++});
|
|
|
+diff --git a/mailnews/addrbook/modules/CardDAVUtils.jsm.1685414.later b/mailnews/addrbook/modules/CardDAVUtils.jsm.1685414.later
|
|
|
+new file mode 100644
|
|
|
+--- /dev/null
|
|
|
++++ b/mailnews/addrbook/modules/CardDAVUtils.jsm.1685414.later
|
|
|
+@@ -0,0 +1,35 @@
|
|
|
++--- CardDAVUtils.jsm
|
|
|
+++++ CardDAVUtils.jsm
|
|
|
++@@ -326,30 +326,19 @@ var CardDAVUtils = {
|
|
|
++ <current-user-privilege-set/>
|
|
|
++ </prop>
|
|
|
++ </propfind>`,
|
|
|
++ };
|
|
|
++
|
|
|
++ let details = OAuth2Providers.getHostnameDetails(url.host);
|
|
|
++ if (details) {
|
|
|
++ let [issuer, scope] = details;
|
|
|
++- let [
|
|
|
++- clientId,
|
|
|
++- clientSecret,
|
|
|
++- authorizationEndpoint,
|
|
|
++- tokenEndpoint,
|
|
|
++- ] = OAuth2Providers.getIssuerDetails(issuer);
|
|
|
+++ let issuerDetails = OAuth2Providers.getIssuerDetails(issuer);
|
|
|
++
|
|
|
++- oAuth = new OAuth2(
|
|
|
++- authorizationEndpoint,
|
|
|
++- tokenEndpoint,
|
|
|
++- scope,
|
|
|
++- clientId,
|
|
|
++- clientSecret
|
|
|
++- );
|
|
|
+++ oAuth = new OAuth2(scope, issuerDetails);
|
|
|
++ oAuth._isNew = true;
|
|
|
++ oAuth._loginOrigin = `oauth://${issuer}`;
|
|
|
++ oAuth._scope = scope;
|
|
|
++ for (let login of Services.logins.findLogins(
|
|
|
++ oAuth._loginOrigin,
|
|
|
++ null,
|
|
|
++ ""
|
|
|
++ )) {
|
|
|
+diff --git a/mailnews/base/src/msgOAuth2Module.js b/mailnews/base/src/msgOAuth2Module.js
|
|
|
+--- a/mailnews/base/src/msgOAuth2Module.js
|
|
|
++++ b/mailnews/base/src/msgOAuth2Module.js
|
|
|
+@@ -49,41 +49,30 @@ OAuth2Module.prototype = {
|
|
|
+ }
|
|
|
+ else
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+
|
|
|
+ // Find the app key we need for the OAuth2 string. Eventually, this should
|
|
|
+ // be using dynamic client registration, but there are no current
|
|
|
+ // implementations that we can test this with.
|
|
|
+- let [
|
|
|
+- clientId,
|
|
|
+- clientSecret,
|
|
|
+- authorizationEndpoint,
|
|
|
+- tokenEndpoint,
|
|
|
+- ] = OAuth2Providers.getIssuerDetails(issuer);
|
|
|
+- if (!clientId) {
|
|
|
++ const issuerDetails = OAuth2Providers.getIssuerDetails(issuer);
|
|
|
++ if (!issuerDetails.clientId) {
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+
|
|
|
+ // Username is needed to generate the XOAUTH2 string.
|
|
|
+ this._username = aUsername;
|
|
|
+ // loginOrigin is needed to save the refresh token in the password manager.
|
|
|
+ this._loginOrigin = "oauth://" + issuer;
|
|
|
+ // We use the scope to indicate realm when storing in the password manager.
|
|
|
+ this._scope = scope;
|
|
|
+
|
|
|
+ // Define the OAuth property and store it.
|
|
|
+- this._oauth = new OAuth2(
|
|
|
+- authorizationEndpoint,
|
|
|
+- tokenEndpoint,
|
|
|
+- scope,
|
|
|
+- clientId,
|
|
|
+- clientSecret
|
|
|
+- );
|
|
|
++ this._oauth = new OAuth2(scope, issuerDetails);
|
|
|
+
|
|
|
+ // Try hinting the username...
|
|
|
+ this._oauth.extraAuthParams = [
|
|
|
+ ["login_hint", aUsername]
|
|
|
+ ];
|
|
|
+
|
|
|
+ // Set the window title to something more useful than "Unnamed"
|
|
|
+ this._oauth.requestWindowTitle =
|
|
|
+diff --git a/mailnews/base/util/OAuth2.jsm b/mailnews/base/util/OAuth2.jsm
|
|
|
+--- a/mailnews/base/util/OAuth2.jsm
|
|
|
++++ b/mailnews/base/util/OAuth2.jsm
|
|
|
+@@ -16,49 +16,46 @@ Cu.importGlobalProperties(["fetch"]);
|
|
|
+
|
|
|
+ // Only allow one connecting window per endpoint.
|
|
|
+ var gConnecting = {};
|
|
|
+
|
|
|
+ /**
|
|
|
+ * Constructor for the OAuth2 object.
|
|
|
+ *
|
|
|
+ * @constructor
|
|
|
+- * @param {string} authorizationEndpoint - The authorization endpoint as
|
|
|
+- * defined by RFC 6749 Section 3.1.
|
|
|
+- * @param {string} tokenEndpoint - The token endpoint as defined by
|
|
|
+- * RFC 6749 Section 3.2.
|
|
|
+ * @param {?string} scope - The scope as specified by RFC 6749 Section 3.3.
|
|
|
+ * Will not be included in the requests if falsy.
|
|
|
+- * @param {string} clientId - The client_id as specified by RFC 6749 Section
|
|
|
+- * 2.3.1.
|
|
|
+- * @param {string} [clientSecret=null] - The client_secret as specified in
|
|
|
+- * RFC 6749 section 2.3.1. Will not be included in the requests if null.
|
|
|
++ * @param {string} issuerDetails.authorizationEndpoint - The authorization
|
|
|
++ * endpoint as defined by RFC 6749 Section 3.1.
|
|
|
++ * @param {string} issuerDetails.clientId - The client_id as specified by RFC
|
|
|
++ * 6749 Section 2.3.1.
|
|
|
++ * @param {string} issuerDetails.clientSecret - The client_secret as specified
|
|
|
++ * in RFC 6749 section 2.3.1. Will not be included in the requests if null.
|
|
|
++ * @param {string} issuerDetails.redirectionEndpoint - The redirect_uri as
|
|
|
++ * specified by RFC 6749 section 3.1.2.
|
|
|
++ * @param {string} issuerDetails.tokenEndpoint - The token endpoint as defined
|
|
|
++ * by RFC 6749 Section 3.2.
|
|
|
+ */
|
|
|
+-function OAuth2(
|
|
|
+- authorizationEndpoint,
|
|
|
+- tokenEndpoint,
|
|
|
+- scope,
|
|
|
+- clientId,
|
|
|
+- clientSecret = null
|
|
|
+-) {
|
|
|
+- this.authorizationEndpoint = authorizationEndpoint;
|
|
|
+- this.tokenEndpoint = tokenEndpoint;
|
|
|
++function OAuth2(scope, issuerDetails) {
|
|
|
+ this.scope = scope;
|
|
|
+- this.clientId = clientId;
|
|
|
+- this.consumerSecret = clientSecret;
|
|
|
++ this.authorizationEndpoint = issuerDetails.authorizationEndpoint;
|
|
|
++ this.clientId = issuerDetails.clientId;
|
|
|
++ this.consumerSecret = issuerDetails.clientSecret || null;
|
|
|
++ this.redirectionEndpoint =
|
|
|
++ issuerDetails.redirectionEndpoint || "http://localhost";
|
|
|
++ this.tokenEndpoint = issuerDetails.tokenEndpoint;
|
|
|
+
|
|
|
+ this.extraAuthParams = [];
|
|
|
+
|
|
|
+ this.log = Log4Moz.getConfiguredLogger("TBOAuth");
|
|
|
+ }
|
|
|
+
|
|
|
+ OAuth2.prototype = {
|
|
|
+ clientId: null,
|
|
|
+ consumerSecret: null,
|
|
|
+- redirectionEndpoint: "http://localhost",
|
|
|
+ requestWindowURI: "chrome://messenger/content/browserRequest.xul",
|
|
|
+ requestWindowFeatures: "chrome,private,centerscreen,width=980,height=750",
|
|
|
+ requestWindowTitle: "",
|
|
|
+ scope: null,
|
|
|
+
|
|
|
+ accessToken: null,
|
|
|
+ refreshToken: null,
|
|
|
+ tokenExpires: 0,
|
|
|
+@@ -184,19 +181,19 @@ OAuth2.prototype = {
|
|
|
+ this._browserRequest._listener._cleanUp();
|
|
|
+ }
|
|
|
+ delete this._browserRequest;
|
|
|
+ },
|
|
|
+
|
|
|
+ // @see RFC 6749 section 4.1.2: Authorization Response
|
|
|
+ onAuthorizationReceived(aURL) {
|
|
|
+ this.log.info("OAuth2 authorization received: url=" + aURL);
|
|
|
+- let params = new URLSearchParams(aURL.split("?", 2)[1]);
|
|
|
+- if (params.has("code")) {
|
|
|
+- this.requestAccessToken(params.get("code"), false);
|
|
|
++ const url = new URL(aURL);
|
|
|
++ if (url.searchParams.has("code")) {
|
|
|
++ this.requestAccessToken(url.searchParams.get("code"), false);
|
|
|
+ } else {
|
|
|
+ this.onAuthorizationFailed(null, aURL);
|
|
|
+ }
|
|
|
+ },
|
|
|
+
|
|
|
+ onAuthorizationFailed(aError, aData) {
|
|
|
+ this.connectFailureCallback(aData);
|
|
|
+ },
|
|
|
+diff --git a/mailnews/base/util/OAuth2Providers.jsm b/mailnews/base/util/OAuth2Providers.jsm
|
|
|
+--- a/mailnews/base/util/OAuth2Providers.jsm
|
|
|
++++ b/mailnews/base/util/OAuth2Providers.jsm
|
|
|
+@@ -31,80 +31,96 @@ var kHostnames = new Map([
|
|
|
+ ["imap.aol.com", ["login.aol.com", "mail-w"]],
|
|
|
+ ["pop.aol.com", ["login.aol.com", "mail-w"]],
|
|
|
+ ["smtp.aol.com", ["login.aol.com", "mail-w"]],
|
|
|
+
|
|
|
+ [
|
|
|
+ "outlook.office365.com",
|
|
|
+ [
|
|
|
+ "login.microsoftonline.com",
|
|
|
+- "https://outlook.office365.com/IMAP.AccessAsUser.All https://outlook.office365.com/POP.AccessAsUser.All https://outlook.office365.com/SMTP.Send offline_access",
|
|
|
++ "https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send offline_access",
|
|
|
+ ],
|
|
|
+ ],
|
|
|
+ [
|
|
|
+ "smtp.office365.com",
|
|
|
+ [
|
|
|
+ "login.microsoftonline.com",
|
|
|
+- "https://outlook.office365.com/IMAP.AccessAsUser.All https://outlook.office365.com/POP.AccessAsUser.All https://outlook.office365.com/SMTP.Send offline_access",
|
|
|
++ "https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send offline_access",
|
|
|
+ ],
|
|
|
+ ],
|
|
|
+ ]);
|
|
|
+
|
|
|
+ /**
|
|
|
+ * Map of issuers to clientId, clientSecret, authorizationEndpoint, tokenEndpoint.
|
|
|
+ * Issuer is a unique string for the organization that a Thunderbird account
|
|
|
+ * was registered at.
|
|
|
+ *
|
|
|
+ * For the moment these details are hard-coded, since dynamic client
|
|
|
+ * registration is not yet supported. Don't copy these values for your
|
|
|
+ * own application - register one for yourself! This code (and possibly even the
|
|
|
+ * registration itself) will disappear when this is switched to dynamic
|
|
|
+ * client registration.
|
|
|
+ */
|
|
|
+ var kIssuers = new Map ([
|
|
|
+- ["accounts.google.com", [
|
|
|
+- '406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com',
|
|
|
+- 'kSmqreRr0qwBWJgbf5Y-PjSU',
|
|
|
+- 'https://accounts.google.com/o/oauth2/auth',
|
|
|
+- 'https://www.googleapis.com/oauth2/v3/token'
|
|
|
+- ]],
|
|
|
+- ["o2.mail.ru", [
|
|
|
+- 'thunderbird',
|
|
|
+- 'I0dCAXrcaNFujaaY',
|
|
|
+- 'https://o2.mail.ru/login',
|
|
|
+- 'https://o2.mail.ru/token'
|
|
|
+- ]],
|
|
|
+- ["oauth.yandex.com", [
|
|
|
+- "2a00bba7374047a6ab79666485ffce31",
|
|
|
+- "3ded85b4ec574c2187a55dc49d361280",
|
|
|
+- "https://oauth.yandex.com/authorize",
|
|
|
+- "https://oauth.yandex.com/token",
|
|
|
+- ]],
|
|
|
+- ["login.yahoo.com", [
|
|
|
+- 'dj0yJmk9NUtCTWFMNVpTaVJmJmQ9WVdrOVJ6UjVTa2xJTXpRbWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD0yYw--',
|
|
|
+- 'f2de6a30ae123cdbc258c15e0812799010d589cc',
|
|
|
+- 'https://api.login.yahoo.com/oauth2/request_auth',
|
|
|
+- 'https://api.login.yahoo.com/oauth2/get_token'
|
|
|
+- ]],
|
|
|
+- ["login.aol.com", [
|
|
|
+- 'dj0yJmk9OXRHc1FqZHRQYzVvJmQ9WVdrOU1UQnJOR0pvTjJrbWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD02NQ--',
|
|
|
+- '79c1c11991d148ddd02a919000d69879942fc278',
|
|
|
+- 'https://api.login.aol.com/oauth2/request_auth',
|
|
|
+- 'https://api.login.aol.com/oauth2/get_token'
|
|
|
+- ]],
|
|
|
+-
|
|
|
++ [
|
|
|
++ "accounts.google.com",
|
|
|
++ {
|
|
|
++ clientId:
|
|
|
++ "406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com",
|
|
|
++ clientSecret: "kSmqreRr0qwBWJgbf5Y-PjSU",
|
|
|
++ authorizationEndpoint: "https://accounts.google.com/o/oauth2/auth",
|
|
|
++ tokenEndpoint: "https://www.googleapis.com/oauth2/v3/token",
|
|
|
++ },
|
|
|
++ ],
|
|
|
++ [
|
|
|
++ "o2.mail.ru",
|
|
|
++ {
|
|
|
++ clientId: "thunderbird",
|
|
|
++ clientSecret: "I0dCAXrcaNFujaaY",
|
|
|
++ authorizationEndpoint: "https://o2.mail.ru/login",
|
|
|
++ tokenEndpoint: "https://o2.mail.ru/token",
|
|
|
++ },
|
|
|
++ ],
|
|
|
++ [
|
|
|
++ "oauth.yandex.com",
|
|
|
++ {
|
|
|
++ clientId: "2a00bba7374047a6ab79666485ffce31",
|
|
|
++ clientSecret: "3ded85b4ec574c2187a55dc49d361280",
|
|
|
++ authorizationEndpoint: "https://oauth.yandex.com/authorize",
|
|
|
++ tokenEndpoint: "https://oauth.yandex.com/token",
|
|
|
++ },
|
|
|
++ ],
|
|
|
++ [
|
|
|
++ "login.yahoo.com",
|
|
|
++ {
|
|
|
++ clientId: "dj0yJmk9NUtCTWFMNVpTaVJmJmQ9WVdrOVJ6UjVTa2xJTXpRbWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD0yYw--",
|
|
|
++ clientSecret: "f2de6a30ae123cdbc258c15e0812799010d589cc",
|
|
|
++ authorizationEndpoint: "https://api.login.yahoo.com/oauth2/request_auth",
|
|
|
++ tokenEndpoint: "https://api.login.yahoo.com/oauth2/get_token",
|
|
|
++ },
|
|
|
++ ],
|
|
|
++ [
|
|
|
++ "login.aol.com",
|
|
|
++ {
|
|
|
++ clientId:
|
|
|
++ "dj0yJmk9OXRHc1FqZHRQYzVvJmQ9WVdrOU1UQnJOR0pvTjJrbWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD02NQ--",
|
|
|
++ clientSecret: "79c1c11991d148ddd02a919000d69879942fc278",
|
|
|
++ authorizationEndpoint: "https://api.login.aol.com/oauth2/request_auth",
|
|
|
++ tokenEndpoint: "https://api.login.aol.com/oauth2/get_token",
|
|
|
++ },
|
|
|
++ ],
|
|
|
+ [
|
|
|
+ "login.microsoftonline.com",
|
|
|
+- [
|
|
|
+- "08162f7c-0fd2-4200-a84a-f25a4db0b584", // Application (client) ID
|
|
|
+- "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82", // @see App registrations | Certificates & secrets
|
|
|
++ {
|
|
|
++ clientId: "9e5f94bc-e8a4-4e73-b8be-63364c29d753", // Application (client) ID
|
|
|
+ // https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols#endpoints
|
|
|
+- "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
|
|
|
+- "https://login.microsoftonline.com/common/oauth2/v2.0/token",
|
|
|
+- ],
|
|
|
++ authorizationEndpoint: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
|
|
|
++ tokenEndpoint: "https://login.microsoftonline.com/common/oauth2/v2.0/token",
|
|
|
++ redirectionEndpoint: "https://localhost",
|
|
|
++ },
|
|
|
+ ],
|
|
|
+ ]);
|
|
|
+
|
|
|
+ /**
|
|
|
+ * OAuth2Providers: Methods to lookup OAuth2 parameters for supported OAuth2
|
|
|
+ * providers.
|
|
|
+ */
|
|
|
+ var OAuth2Providers = {
|
|
|
+diff --git a/mailnews/base/util/OAuth2Providers.jsm.1685414.later b/mailnews/base/util/OAuth2Providers.jsm.1685414.later
|
|
|
+new file mode 100644
|
|
|
+--- /dev/null
|
|
|
++++ b/mailnews/base/util/OAuth2Providers.jsm.1685414.later
|
|
|
+@@ -0,0 +1,32 @@
|
|
|
++--- OAuth2Providers.jsm
|
|
|
+++++ OAuth2Providers.jsm
|
|
|
++@@ -74,80 +74,91 @@ var kHostnames = new Map([
|
|
|
++ // For testing purposes.
|
|
|
++ [
|
|
|
++ "mochi.test",
|
|
|
++- [
|
|
|
++- "test_client_id",
|
|
|
++- "test_secret",
|
|
|
++- "http://mochi.test:8888/browser/comm/mail/components/addrbook/test/browser/data/redirect_auto.sjs",
|
|
|
++- "http://mochi.test:8888/browser/comm/mail/components/addrbook/test/browser/data/token.sjs",
|
|
|
++- ],
|
|
|
+++ {
|
|
|
+++ clientId: "test_client_id",
|
|
|
+++ clientSecret: "test_secret",
|
|
|
+++ authorizationEndpoint:
|
|
|
+++ "http://mochi.test:8888/browser/comm/mail/components/addrbook/test/browser/data/redirect_auto.sjs",
|
|
|
+++ tokenEndpoint:
|
|
|
+++ "http://mochi.test:8888/browser/comm/mail/components/addrbook/test/browser/data/token.sjs",
|
|
|
+++ // I don't know why, but tests refuse to work with a plain HTTP endpoint
|
|
|
+++ // (the request is redirected to HTTPS, which we're not listening to).
|
|
|
+++ // Just use an HTTPS endpoint.
|
|
|
+++ redirectionEndpoint: "https://localhost",
|
|
|
+++ },
|
|
|
++ ],
|
|
|
++ ]);
|
|
|
++
|
|
|
++ /**
|
|
|
++ * OAuth2Providers: Methods to lookup OAuth2 parameters for supported OAuth2
|
|
|
++ * providers.
|
|
|
++ */
|
|
|
++ var OAuth2Providers = {
|