class Net::IMAP::SASL::OAuthBearerAuthenticator

Authenticator for the “OAUTHBEARERSASL mechanism, specified in RFC7628. Authenticates using OAuth 2.0 bearer tokens, as described in RFC6750. Use via Net::IMAP#authenticate.

RFC6750 requires Transport Layer Security (TLS) to secure the protocol interaction between the client and the resource server. TLS MUST be used for OAUTHBEARER to protect the bearer token.



An OAuth 2.0 bearer token. See RFC-6750


An OAuth 2.0 bearer token. See RFC-6750

Public Class Methods

new(oauth2_token, **options) → authenticator click to toggle source
new(authzid, oauth2_token, **options) → authenticator
new(oauth2_token:, **options) → authenticator

Creates an Authenticator for the “OAUTHBEARERSASL mechanism.

Called by Net::IMAP#authenticate and similar methods on other clients.


All other keyword parameters are passed to super (see OAuthAuthenticator). The most common ones are:

  • optional authzid ― Authorization identity to act as or on behalf of.

    optional username — An alias for authzid.

    Note that, unlike some other authenticators, username sets the authorization identity and not the authentication identity. The authentication identity is established for the client by oauth2_token.

  • optional host — Hostname to which the client connected.

  • optional port — Service port to which the client connected.

Although only oauth2_token is required by this mechanism, it is worth noting that application protocols are allowed to require authzid (or other parameters, such as host or port) as are specific server implementations.

# File net-imap-, line 177
def initialize(arg1 = nil, arg2 = nil,
               oauth2_token: nil, secret: nil,
               **args, &blk)
  username, oauth2_token_arg = arg2.nil? ? [nil, arg1] : [arg1, arg2]
  super(username: username, **args, &blk)
  @oauth2_token = oauth2_token || secret || oauth2_token_arg or
    raise ArgumentError, "missing oauth2_token"

Public Instance Methods

authorization() click to toggle source

Value of the HTTP Authorization header

# File net-imap-, line 193
def authorization; "Bearer #{oauth2_token}" end
initial_response? → true click to toggle source

OAUTHBEARER sends an initial client response.

# File net-imap-, line 190
def initial_response?; true end