Inbound mail through IMAP
While CMS will not use IMAP directly, it can act as an OAUTH authentication broker for other mail clients. In this mode CMS would be configured to only do authentication and not handle mail.
Authenticate only CMS Configuration
In this mode no mailboxes are defined, just accounts and the CredentialServer
Python
account = Office365_Account(user="user@domain.com")
CredentialServer("/var/run/user/XXX/cms.sock",
accounts=[account],
protocols=["SMTP", "IMAP"])
CMS will still run as a daemon and it keeps track of the refresh token and periodically updates the access tokens.
Configuration Test
CMS provides the cms-auth tool to get tokens out of the daemon. It has a test mode which should be used to verify that the IMAP server is working correctly:
sh
$ cms-oauth --user=user@domain.com --cms_sock=/var/run/user/XXX/cms.sock --test-imap=outlook.office365.com
On success their should be a log something like:
40:51.37 < b'NDNI1 OK AUTHENTICATE completed.'
mutt
Since Mutt 1.11 it has support for OAUTHBEARER authentication. This can be used with GMail and CMS. The below fragment of the .mutt RC shows the configuration.
set imap_authenticators="oauthbearer"
set imap_oauth_refresh_command="cms-oauth --cms_sock=cms.sock --proto=IMAP --user user@domain --output=token"
set spoolfile="imaps://imap.gmail.com/INBOX"
As of mutt commit c7a872d1eeea ("Add basic XOAUTH2 support.") (possibly will be in version 1.15) mutt can also do XOAUTH2 for use with Office365:
set imap_authenticators="xoauth2"
set imap_oauth_refresh_command="cms-oauth --cms_sock=cms.sock --proto=IMAP --user user@domain --output=token"
set spoolfile="imaps://outlook.office365.com/INBOX"