@upyo/smtp 0.5.0-dev.120 → 0.5.0-dev.136

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -22,6 +22,7 @@ Features
22
22
  - TLS/SSL support
23
23
  - Connection pooling
24
24
  - Multiple authentication methods
25
+ - OAuth 2.0 authentication (SASL XOAUTH2 and OAUTHBEARER)
25
26
  - HTML and plain text email support
26
27
  - File attachments (regular and inline)
27
28
  - Multiple recipients (To, CC, BCC)
@@ -116,12 +117,46 @@ Configuration options
116
117
 
117
118
  ### `SmtpAuth`
118
119
 
120
+ `SmtpAuth` is a discriminated union of three strategies.
121
+
122
+ Username/password (`SmtpUserPassAuth`), discriminated by `pass`:
123
+
119
124
  | Option | Type | Default | Description |
120
125
  | -------- | ---------------------------------- | --------- | ----------- |
121
126
  | `user` | `string` | | Username |
122
127
  | `pass` | `string` | | Password |
123
128
  | `method` | `"plain" \| "login" \| "cram-md5"` | `"plain"` | Auth method |
124
129
 
130
+ OAuth 2.0 access token (`SmtpOAuth2TokenAuth`), discriminated by `accessToken`:
131
+
132
+ | Option | Type | Default | Description |
133
+ | ------------- | ------------------------------- | ----------- | ------------------------------------------- |
134
+ | `user` | `string` | | User (email address) |
135
+ | `accessToken` | `string \| OAuth2TokenProvider` | | Access token, or a callback returning one |
136
+ | `method` | `"xoauth2" \| "oauthbearer"` | `"xoauth2"` | SASL mechanism (auto-detected when omitted) |
137
+
138
+ OAuth 2.0 refresh-token flow (`SmtpOAuth2RefreshAuth`), discriminated by
139
+ `refreshToken`:
140
+
141
+ | Option | Type | Default | Description |
142
+ | --------------- | ---------------------------- | ----------- | ------------------------------------------- |
143
+ | `user` | `string` | | User (email address) |
144
+ | `clientId` | `string` | | OAuth 2.0 client identifier |
145
+ | `clientSecret` | `string` | | OAuth 2.0 client secret (optional) |
146
+ | `refreshToken` | `string` | | OAuth 2.0 refresh token |
147
+ | `tokenEndpoint` | `string` | | Token endpoint URL |
148
+ | `scope` | `string` | | Space-delimited scopes (optional) |
149
+ | `method` | `"xoauth2" \| "oauthbearer"` | `"xoauth2"` | SASL mechanism (auto-detected when omitted) |
150
+
151
+ The access token may be a static string or a callback (`OAuth2TokenProvider`)
152
+ that returns a fresh token on demand—use the callback to integrate an OAuth
153
+ client such as `google-auth-library` or `msal-node`. With the refresh-token
154
+ flow the transport runs the `refresh_token` grant itself, caching the access
155
+ token across pooled connections. See the
156
+ [OAuth 2.0 authentication guide][oauth-guide] for details.
157
+
158
+ [oauth-guide]: https://upyo.org/transports/smtp#oauth-2-0-authentication
159
+
125
160
 
126
161
  DKIM signing
127
162
  ------------
@@ -197,3 +232,40 @@ console.log(received[0].data); // Raw email content
197
232
 
198
233
  await server.stop();
199
234
  ~~~~
235
+
236
+ ### OAuth 2.0 end-to-end tests
237
+
238
+ The OAuth 2.0 end-to-end tests run against a real provider (e.g. Gmail or
239
+ Outlook) and are skipped unless the following environment variables are set:
240
+
241
+ | Variable | Description |
242
+ | ----------------------- | -------------------------------------- |
243
+ | `SMTP_OAUTH2_HOST` | SMTP host (e.g. `smtp.gmail.com`) |
244
+ | `SMTP_OAUTH2_PORT` | SMTP port (default `587`) |
245
+ | `SMTP_OAUTH2_SECURE` | `true` for implicit TLS |
246
+ | `SMTP_OAUTH2_USER` | User (email address) |
247
+ | `SMTP_OAUTH2_MECHANISM` | `xoauth2` or `oauthbearer` (optional) |
248
+ | `SMTP_OAUTH2_FROM` | Envelope sender (defaults to the user) |
249
+ | `SMTP_OAUTH2_TO` | Recipient (defaults to the user) |
250
+
251
+ Provide a token source as either a static access token:
252
+
253
+ | Variable | Description |
254
+ | -------------------------- | ------------------ |
255
+ | `SMTP_OAUTH2_ACCESS_TOKEN` | OAuth access token |
256
+
257
+ or the refresh-token flow:
258
+
259
+ | Variable | Description |
260
+ | ---------------------------- | --------------------------------- |
261
+ | `SMTP_OAUTH2_CLIENT_ID` | OAuth client identifier |
262
+ | `SMTP_OAUTH2_CLIENT_SECRET` | OAuth client secret (optional) |
263
+ | `SMTP_OAUTH2_REFRESH_TOKEN` | OAuth refresh token |
264
+ | `SMTP_OAUTH2_TOKEN_ENDPOINT` | Token endpoint URL |
265
+ | `SMTP_OAUTH2_SCOPE` | Space-delimited scopes (optional) |
266
+
267
+ A Gmail access token can be minted with [google-auth-library], and an Outlook
268
+ one with [msal-node].
269
+
270
+ [google-auth-library]: https://github.com/googleapis/google-auth-library-nodejs
271
+ [msal-node]: https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-node