specify user for a given token

kpedro88 · kpedro88 · commit 739dbabce28e · 2023-07-18T14:47:39.000Z
diff --git a/README.md b/README.md
@@ -559,11 +559,14 @@ Token refresh succeeded.
 $ service postfix restart
 ```
 
-## Using Multiple Mail Providers Simultaneously
-
-One instance of sasl-xoauth2 may provide tokens for different mail providers,
-but each provider will require its own client ID, client secret, and token
-endpoint. In this case, each of these may be set in the token file rather than
+## Using Multiple Mail Providers or Users Simultaneously
+
+One instance of sasl-xoauth2 may provide tokens for different mail providers
+and/or users.
+Each provider will require its own client ID, client secret, and token
+endpoint. Each user may require a username to be specified, if the username
+automatically obtained from postfix is not correct.
+In this case, each of these may be set in the token file rather than
 in `/etc/sasl-xoauth2.conf`. Set them when setting the initial access token:
 
 ```json
@@ -573,7 +576,8 @@ in `/etc/sasl-xoauth2.conf`. Set them when setting the initial access token:
   "client_secret": "client secret goes here, if required",
   "token_endpoint": "token endpoint goes here, for non-Gmail",
   "expiry" : "0",
-  "refresh_token" : "refresh token goes here"
+  "refresh_token" : "refresh token goes here",
+  "user" : "username goes here"
 }
 ```
 
diff --git a/src/client.cc b/src/client.cc
@@ -225,6 +225,7 @@ int Client::InitialStep(sasl_client_params_t *params,
   user_ = auth_name;
   token_ = TokenStore::Create(log_.get(), password);
   if (!token_) return SASL_FAIL;
+  if (token_->HasUser()) user_ = token_->User();
 
   err = SendToken(to_server, to_server_len);
   if (err != SASL_OK) return err;
diff --git a/src/token_store.cc b/src/token_store.cc
@@ -182,6 +182,7 @@ int TokenStore::Read() {
   refresh_.clear();
   access_.clear();
   expiry_ = 0;
+  user_.clear();
 
   try {
     log_->Write("TokenStore::Read: file=%s", path_.c_str());
@@ -211,9 +212,11 @@ int TokenStore::Read() {
     if (root.isMember("access_token"))
       access_ = root["access_token"].asString();
     if (root.isMember("expiry")) expiry_ = stoi(root["expiry"].asString());
+    if (root.isMember("user"))
+      user_ = root["user"].asString();
 
-    log_->Write("TokenStore::Read: refresh=%s, access=%s", refresh_.c_str(),
-                access_.c_str());
+    log_->Write("TokenStore::Read: refresh=%s, access=%s, user=%s", refresh_.c_str(),
+                access_.c_str(), user_.c_str());
     return SASL_OK;
 
   } catch (const std::exception &e) {
@@ -235,6 +238,7 @@ int TokenStore::Write() {
     root["refresh_token"] = refresh_;
     root["access_token"] = access_;
     root["expiry"] = std::to_string(expiry_);
+    if (HasUser()) root["user"] = user_;
 
     WriteOverride("client_id", override_client_id_, &root);
     WriteOverride("client_secret", override_client_secret_, &root);
diff --git a/src/token_store.h b/src/token_store.h
@@ -33,6 +33,8 @@ class TokenStore {
 
   int GetAccessToken(std::string *token);
   int Refresh();
+  std::string User() const { return user_; }
+  bool HasUser() const { return !user_.empty(); }
 
  private:
   TokenStore(Log *log, const std::string &path, bool enable_updates);
@@ -55,6 +57,8 @@ class TokenStore {
   std::string access_;
   std::string refresh_;
   time_t expiry_ = 0;
+  std::string user_;
+
 
   int refresh_attempts_ = 0;
 };
