## oama version 0.22.0 - 2025-08-29 0290.e419ef10
## This is a YAML configuration file, indentation matters.
## Double ## indicates comments while single # default values.
## Not all defaults are shown, for full list run `oama printenv`
## and look at the `services:` section.

## Possible options for keeping refresh and access tokens:
## GPG - in a gpg encrypted file $XDG_STATE_HOME/oama/<email-address>.oauth
##       (XDG_STATE_HOME defaults to ~/.local/state)
## GPG - in a gpg encrypted file ~/.local/state/oama/<email-address>.oauth
## KEYRING - in the keyring of a password manager with Secret Service API
##
## Choose exactly one.

encryption:
    tag: KEYRING

# encryption:
#   tag: GPG
#   contents: your-KEY-ID

## Builtin service providers
## - google
## - microsoft
## Required fields: client_id, client_secret
##
services:
  google:
    client_id: application-CLIENT-ID
    client_secret: application-CLIENT-SECRET
  ## Alternatively get them from a password manager using a shell command.
  ## If both variants are present then the _cmd versions get the priority.
  ## For example:
  # client_id_cmd: |
  #   pass email/my-app | head -1
  # client_secret_cmd: |
  #   pass email/my-app | head -2 | tail -1
  #  auth_scope: https://mail.google.com/
  # microsoft:
  #   client_id: 08162f7c-0fd2-4200-a84a-f25a4db0b584 # notsecret
  #   client_secret: 'TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82' # notsecret
  #   auth_scope: https://outlook.365office.com/IMAP.AccessAsUser.All
  #     https://outlook.365office.com/SMTP.Send
  #     offline_access
  #   tenant: common
  #   prompt: select_account
  #
  microsoft:
    # client_id: 08162f7c-0fd2-4200-a84a-f25a4db0b584 # notsecret
    # client_secret: 'TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82' # notsecret
    client_id: '9e5f94bc-e8a4-4e73-b8be-63364c29d753'
    auth_scope: https://outlook.office.com/IMAP.AccessAsUser.All
      https://outlook.office.com/POP.AccessAsUser.All
      https://outlook.office.com/SMTP.Send
      offline_access
    tenant: common
    prompt: select_account
  ## client_secret is not needed for device code flow
  #  auth_endpoint: https://login.microsoftonline.com/common/oauth2/v2.0/devicecode
  ##
  ## client_secret might be needed for other authorization flows
  #  client_secret: application-CLIENT_SECRET
  ## auth_endpoint: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
  #
  #  auth_scope: https://outlook.office.com/IMAP.AccessAsUser.All
  #     https://outlook.office.com/SMTP.Send
  #     offline_access
  #  tenant: common

  ## User configured providers
  ## Required fields: client_id, client_secret, auth_endpoint, auth_scope, token_endpoint
  ##
  ## For example:
  # yahoo:
  #   client_id: application-CLIENT-ID
  #   client_id_cmd: |
  #     password manager command ...
  #   client_secret: application-CLIENT_SECRET
  #   client_secret_cmd: |
  #     password manager command ...
  #   auth_endpoint: EDIT-ME!
  #   auth_scope: EDIT-ME!
  #   token_endpoint: EDIT-ME!