From b001d53bc267d4b7feac823388fcba95df233955 Mon Sep 17 00:00:00 2001
From: M66B <M66B@users.noreply.github.com>
Date: Thu, 24 Mar 2022 08:49:33 +0100
Subject: [PATCH] Switch to OAuth parameters

---
 .../java/eu/faircode/email/EmailProvider.java |  2 +
 .../java/eu/faircode/email/FragmentOAuth.java | 27 +------------
 app/src/main/res/xml/providers.xml            | 40 +++++++++++++++++--
 3 files changed, 40 insertions(+), 29 deletions(-)

diff --git a/app/src/main/java/eu/faircode/email/EmailProvider.java b/app/src/main/java/eu/faircode/email/EmailProvider.java
index 82a2d289b7..f054e4527b 100644
--- a/app/src/main/java/eu/faircode/email/EmailProvider.java
+++ b/app/src/main/java/eu/faircode/email/EmailProvider.java
@@ -277,6 +277,7 @@ public class EmailProvider implements Parcelable {
                         provider.oauth.scopes = xml.getAttributeValue(null, "scopes").split(",");
                         provider.oauth.authorizationEndpoint = xml.getAttributeValue(null, "authorizationEndpoint");
                         provider.oauth.tokenEndpoint = xml.getAttributeValue(null, "tokenEndpoint");
+                        provider.oauth.tokenScopes = getAttributeBooleanValue(xml, "tokenScopes", false);
                         provider.oauth.redirectUri = xml.getAttributeValue(null, "redirectUri");
                         provider.oauth.privacy = xml.getAttributeValue(null, "privacy");
                         provider.oauth.prompt = xml.getAttributeValue(null, "prompt");
@@ -1287,6 +1288,7 @@ public class EmailProvider implements Parcelable {
         String[] scopes;
         String authorizationEndpoint;
         String tokenEndpoint;
+        boolean tokenScopes;
         String redirectUri;
         String privacy;
         String prompt;
diff --git a/app/src/main/java/eu/faircode/email/FragmentOAuth.java b/app/src/main/java/eu/faircode/email/FragmentOAuth.java
index 96278b35a8..830ccb9546 100644
--- a/app/src/main/java/eu/faircode/email/FragmentOAuth.java
+++ b/app/src/main/java/eu/faircode/email/FragmentOAuth.java
@@ -372,17 +372,6 @@ public class FragmentOAuth extends FragmentBase {
                 for (String key : provider.oauth.parameters.keySet())
                     params.put(key, provider.oauth.parameters.get(key));
 
-            if ("gmail".equals(provider.id))
-                params.put("access_type", "offline");
-
-            if ("yandex".equals(provider.id)) {
-                params.put("device_name", "Android/FairEmail");
-                params.put("force_confirm", "true");
-            }
-
-            if ("mailru".equals(provider.id))
-                params.put("prompt_force", "1");
-
             AuthorizationRequest.Builder authRequestBuilder =
                     new AuthorizationRequest.Builder(
                             serviceConfig,
@@ -408,14 +397,6 @@ public class FragmentOAuth extends FragmentBase {
             if (!TextUtils.isEmpty(provider.oauth.prompt))
                 authRequestBuilder.setPrompt(provider.oauth.prompt);
 
-            // For offline access
-            if ("gmail".equals(provider.id))
-                authRequestBuilder.setPrompt("consent");
-
-            // https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
-            if (isOutlook(provider.id))
-                authRequestBuilder.setPrompt("select_account");
-
             AuthorizationRequest authRequest = authRequestBuilder.build();
 
             EntityLog.log(context, "OAuth request provider=" + provider.id + " uri=" + authRequest.toUri());
@@ -478,7 +459,7 @@ public class FragmentOAuth extends FragmentBase {
                     .setAdditionalParameters(Collections.<String, String>emptyMap())
                     .setNonce(auth.request.nonce);
 
-            if (isOutlook(provider.id))
+            if (provider.oauth.tokenScopes)
                 builder.setScope(TextUtils.join(" ", provider.oauth.scopes));
 
             TokenRequest request = builder.build();
@@ -971,7 +952,7 @@ public class FragmentOAuth extends FragmentBase {
         if ("gmail".equals(id))
             tvGmailDraftsHint.setVisibility(View.VISIBLE);
 
-        if (isOutlook(id)) {
+        if ("office365".equals(id) || "outlook".equals(id)) {
             if (ex instanceof AuthenticationFailedException)
                 tvOfficeAuthHint.setVisibility(View.VISIBLE);
         }
@@ -1009,8 +990,4 @@ public class FragmentOAuth extends FragmentBase {
         tvGmailDraftsHint.setVisibility(View.GONE);
         tvOfficeAuthHint.setVisibility(View.GONE);
     }
-
-    private static boolean isOutlook(String id) {
-        return ("office365".equals(id) || "outlook".equals(id));
-    }
 }
diff --git a/app/src/main/res/xml/providers.xml b/app/src/main/res/xml/providers.xml
index da0f7a638b..768a642dbb 100644
--- a/app/src/main/res/xml/providers.xml
+++ b/app/src/main/res/xml/providers.xml
@@ -15,6 +15,22 @@
             host="smtp.gmail.com"
             port="465"
             starttls="false" />
+        <oauth
+            askAccount="true"
+            authorizationEndpoint="https://accounts.google.com/o/oauth2/auth"
+            clientId=""
+            clientSecret=""
+            enabled="false"
+            privacy="https://policies.google.com/privacy"
+            prompt="consent"
+            redirectUri="https://oauth.faircode.eu/"
+            scopes="https://mail.google.com/"
+            tokenEndpoint="https://oauth2.googleapis.com/token">
+            <!-- promp=consent offline access -->
+            <parameter
+                key="access_type"
+                value="offline" />
+        </oauth>
         <!-- https://email.faircode.eu/.well-known/assetlinks.json -->
         <!-- /opt/android-studio/jre/bin/keytool -keystore ~/.android/debug.keystore -list -v -->
     </provider>
@@ -102,9 +118,12 @@
             clientSecret="r=o4@SlzU:MA6MlXM6mPG[44i4gYPq[@"
             enabled="true"
             privacy="https://privacy.microsoft.com/privacystatement"
+            prompt="select_account"
             redirectUri="https://oauth.faircode.eu/"
             scopes="profile,openid,email,offline_access,https://outlook.office.com/IMAP.AccessAsUser.All,https://outlook.office.com/SMTP.Send"
-            tokenEndpoint="https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token" />
+            tokenEndpoint="https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token"
+            tokenScopes="true" />
+        <!-- https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow -->
         <!-- https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth -->
     </provider>
     <provider
@@ -130,9 +149,11 @@
             clientSecret="k847Q~ZKtIBNp~ls_riKEbFDsvOQEdUA.YDNt"
             enabled="false"
             privacy="https://privacy.microsoft.com/privacystatement"
+            prompt="select_account"
             redirectUri="https://oauth.faircode.eu/"
             scopes="openid,email,offline_access,https://outlook.office.com/IMAP.AccessAsUser.All,https://outlook.office.com/SMTP.Send"
-            tokenEndpoint="https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token" />
+            tokenEndpoint="https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token"
+            tokenScopes="true" />
         <!-- https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth -->
     </provider>
     <!-- needs subscription -->
@@ -387,7 +408,14 @@
             privacy="https://yandex.com/legal/confidential/"
             redirectUri="https://oauth.faircode.eu/"
             scopes="mail:imap_full,mail:smtp"
-            tokenEndpoint="https://oauth.yandex.com/token" />
+            tokenEndpoint="https://oauth.yandex.com/token">
+            <parameter
+                key="device_name"
+                value="Android/FairEmail" />
+            <parameter
+                key="force_confirm"
+                value="true" />
+        </oauth>
     </provider>
     <provider
         name="web.de"
@@ -579,7 +607,11 @@
             privacy="https://help.mail.ru/legal/terms/common/privacy"
             redirectUri="https://oauth.faircode.eu/"
             scopes="userinfo mail.imap"
-            tokenEndpoint="https://oauth.mail.ru/token" />
+            tokenEndpoint="https://oauth.mail.ru/token">
+            <parameter
+                key="prompt_force"
+                value="1" />
+        </oauth>
         <!-- https://oauth.mail.ru/docs -->
     </provider>
     <provider