I personally would rather drop poplib and imaplib if it’s auth approach is no longer good enough and instead encourage the community to provide projects that provide OAuth2 support. I wouldn’t want us to have to handle the CVEs that would come up because our OAuth2 implementation had a bug in it.
Microsoft already provides the MSAL library[2] that takes care of all OAuth2 stuff. Google also has google-auth-library-python-oauthlib[3] which presumably does the same. We just need a method to be able to provide the “final” token to poplib.
As I understand Geert’s suggestion, the two modules would simply receive
methods to allow for sending the OAuth tokens, not the OAuth
implementation itself – which is indeed better handled using the
already existing provide APIs.
It’s unfortunate, though, that MS and GMail are using different
variants of the extension of the protocols for this, so not sure
whether it’s worth adding to the stdlib.