Skip to content

Feature/support oauth2 secret in keyring#17

Open
notthatjesus wants to merge 7 commits into
ssp-data:mainfrom
notthatjesus:feature/support-oauth2-secret-in-keyring
Open

Feature/support oauth2 secret in keyring#17
notthatjesus wants to merge 7 commits into
ssp-data:mainfrom
notthatjesus:feature/support-oauth2-secret-in-keyring

Conversation

@notthatjesus
Copy link
Copy Markdown
Contributor

@notthatjesus notthatjesus commented May 14, 2026

What is it about

This PR implements the same feature to store the password in the OS keyring to support as well the oauth2_secret.

How does it work

It follows the same implementation as the password storage with the difference that it uses the key: account/account_name/oauth2_client_secret to store it.

Additional features

It reuses the code that was created for the set-password command and registers a set-oauth2-secret. While the set-password command is not wired to the keyring SetPassword() function, the new command calls SetClientSecret(). I will send an additional PR to do the same for SetPassword.

How to test

Store your oauth2_client_secret using secret-tool

secret-tool store --label "neomd Personal" service neomd username account/Personal/oauth2_client_secret

Replace the actual oauth2_client_secret field in config.toml to keyring

[[accounts]]
name = "NAME"
auth_type = "oauth2"
imap = "outlook.office365.com:993"
smtp = "smtp.office365.com:587"
user = "you@example.com"
from = "My Name"
oauth2_client_id = "xxxx-xxxxx-xxxxx"
oauth2_client_secret = "keyring"

Start neomd normally

@notthatjesus
keyring: add GetClientSecret/SetClientSecret/DeleteClientSecret helpers
79f463b 
Adds clientSecretKey(), GetClientSecret(), SetClientSecret(), and
DeleteClientSecret() for OAuth2 client secrets, stored under
account/<name>/oauth2_client_secret — separate from the password slot.
@notthatjesus
config: resolve oauth2_client_secret from OS keyring on load
cd30e0a 
Adds resolveKeyringClientSecret() mirroring resolveKeyringPassword().
Setting oauth2_client_secret = "keyring" in config.toml now causes
Load() to fetch the secret from the OS keyring instead of using the
sentinel as a literal value.
@notthatjesus
config: add tests for keyring resolution of oauth2_client_secret
8dccfc8 
Adds TestResolveKeyringClientSecret (four sub-tests: resolved, missing,
passthrough, empty account) and TestLoad_KeyringResolvesClientSecret
(end-to-end Load() coverage) mirroring the existing password tests.
@notthatjesus
ui: add promptOAuth2Secret type to password prompt
ab71a87 
Extends the promptType enum with promptOAuth2Secret and adds matching
title/hint text in View() so the same masked-input dialog can be used
for OAuth2 client secrets.
@notthatjesus
ui: wire passwordPromptModel into TUI state machine
3f264f0 
Adds statePasswordPrompt viewState, passwordPrompt field, and handlers
for passwordSubmittedMsg and passwordCancelledMsg. On submit, dispatches
to keyring.SetClientSecret or keyring.SetPassword depending on prompt type.
@notthatjesus
ui: register :set-oauth2-secret command (alias: sos)
66b7944 
Wires the new command to the password prompt in promptOAuth2Secret mode,
allowing users to store the OAuth2 client secret in the OS keyring from
within the TUI.
@notthatjesus
Updated documentation
726731a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@notthatjesus