OAuth+SASL needs a username

If you’re going to provide OAuth access to your non-web protocols (eg XOAUTH, OAUTHBEARER, etc to IMAP, SMTP, whatever) then you need to give me a way to convert an access token into a username.

By design, the standard OAuth handshake yields a token at the end. Nothing more. You do not get any identity information, and you can’t assume anything because in a multi-user system (eg Google), you have no idea which account has been used.

That’s fine for most web apps, where the token you get back is all that you need. For the SASL mechanisms, you need to send the username and access token, so I need to have the username.

Google provide the userinfo.email API endpoint to get this information, so no problem there. Yahoo don’t provide anything. The only option I have is to ask the user for account name and then do a test login with returned token. If it fails, then I have to ask the user. Of course, it might have failed for some other reason, so its not foolproof.