* When a server expires a refresh token, Alpine needs to cancel it

    internally.

  * Fixes to some prototyping for code related to authentication.

  * Fixes to documentation contributed by Dennis Davis.

4 files changed, 17 insertions, 7 deletions

diff --git a/imap/src/c-client/auth_bea.c b/imap/src/c-client/auth_bea.c
index e580042..64c3aa6 100644
--- a/imap/src/c-client/auth_bea.c
+++ b/imap/src/c-client/auth_bea.c
@@ -99,7 +99,8 @@ long auth_oauthbearer_client (authchallenge_t challenger,authrespond_t responder
 	  && (oauth2.access_token 
 	  || (!RefreshToken && oauth2.param[OA2_RefreshToken].value)
 	  || (RefreshToken && oauth2.param[OA2_RefreshToken].value
-	      && strcmp(RefreshToken, oauth2.param[OA2_RefreshToken].value))))
+	      && strcmp(RefreshToken, oauth2.param[OA2_RefreshToken].value)
+	  || oauth2.cancel_refresh_token)))
          mm_login_method (mb, user, (void *) &oauth2, *trial, BEARERNAME);
     }
 
diff --git a/imap/src/c-client/auth_oa2.c b/imap/src/c-client/auth_oa2.c
index f5345bf..dac8796 100644
--- a/imap/src/c-client/auth_oa2.c
+++ b/imap/src/c-client/auth_oa2.c
@@ -124,10 +124,11 @@ long auth_oauth2_client (authchallenge_t challenger,authrespond_t responder, cha
         */
 
        if(!tryanother
-	  && (oauth2.access_token 
+	  && (oauth2.access_token
 	  || (!RefreshToken && oauth2.param[OA2_RefreshToken].value)
 	  || (RefreshToken && oauth2.param[OA2_RefreshToken].value
-	      && strcmp(RefreshToken, oauth2.param[OA2_RefreshToken].value))))
+	      && strcmp(RefreshToken, oauth2.param[OA2_RefreshToken].value)
+	  || oauth2.cancel_refresh_token)))
          mm_login_method (mb, user, (void *) &oauth2, *trial, OA2NAME);
     }
 
diff --git a/imap/src/c-client/mail.h b/imap/src/c-client/mail.h
index 9a02c5f..13bbc84 100644
--- a/imap/src/c-client/mail.h
+++ b/imap/src/c-client/mail.h
@@ -1989,6 +1989,7 @@ typedef struct oauth2_s {
    unsigned long expiration;
    unsigned int first_time:1;	/* this is the first time we get credentials for this account */
    unsigned int require_secret:1;	/* this server requires a client-secret */
+   int cancel_refresh_token;	/* ask client to cancel refresh token */
 } OAUTH2_S;
 
 typedef struct deviceproc_s {
diff --git a/imap/src/c-client/oauth2_aux.c b/imap/src/c-client/oauth2_aux.c
index 6fab291..6b7c401 100644
--- a/imap/src/c-client/oauth2_aux.c
+++ b/imap/src/c-client/oauth2_aux.c
@@ -223,11 +223,13 @@ mm_login_oauth2_c_client_method (NETMBX *mb, char *user, char *method,
 			      case JLong  : oauth2->expiration = time(0) + *(long *) jx->value;
 				    break;
 			 }
+			 oauth2->cancel_refresh_token = 0;	/* do not cancel this token. It is good */
 			 break;
 
 	     default :  { char tmp[100];
-			    sprintf(tmp, "Oauth2 client Received Code %d", status);
-			    mm_log (tmp, ERROR);
+			  sprintf(tmp, "Oauth2 client Received Code %d", status);
+			  mm_log (tmp, ERROR);
+			  oauth2->cancel_refresh_token++;
 			}
 			break;
 	}
@@ -284,13 +286,16 @@ mm_login_oauth2_c_client_method (NETMBX *mb, char *user, char *method,
 			     if(jx && jx->jtype == JString)
 			       oauth2->expiration = time(0) + atol((char *) jx->value);
 
+			     oauth2->cancel_refresh_token = 0;	/* do not cancel this token. It is good */
+
 			     break;
 
 	     case HTTP_BAD :  break;
 
 		default   :  { char tmp[100];
 			       sprintf(tmp, "Oauth2 Client Received Code %d", status);
-			       fatal (tmp);
+			       mm_log (tmp, ERROR);
+			       oauth2->cancel_refresh_token++;
 			     }
 	  }
 
@@ -356,13 +361,15 @@ void oauth2deviceinfo_get_accesscode(void *inp, void *outp)
 			  }
 
 			rv = OA2_CODE_SUCCESS;
+			oauth2->cancel_refresh_token = 0;	/* do not cancel this token. It is good */
 
 			break;
 
 	     default :  { char tmp[100];
 			  sprintf(tmp, "Oauth device Received Code %d", status);
 			  mm_log (tmp, ERROR);
-			 }
+			  oauth2->cancel_refresh_token++;
+			}
      }
 
      json_free(&json);