From ce9d1b6883278eb2f78197036b3ed6191a26b0a4 Mon Sep 17 00:00:00 2001
From: Marcus Bointon <marcus@synchromedia.co.uk>
Date: Wed, 18 Jun 2025 19:37:59 +0200
Subject: [PATCH] Add support for empty tokens

---
 src/SMTP.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/SMTP.php b/src/SMTP.php
index 5646a42d..68b26f38 100644
--- a/src/SMTP.php
+++ b/src/SMTP.php
@@ -639,7 +639,13 @@ class SMTP
                  * If the token is longer than that, the command and the token must be sent separately as described in
                  * https://www.rfc-editor.org/rfc/rfc4954#section-4
                  */
-                if (strlen($oauth) <= 497) {
+                if ($oauth === '') {
+                    //Sending an empty auth token is legitimate, but it must be encoded as '='
+                    //to indicate it's not a 2-part command
+                    if (!$this->sendCommand('AUTH', 'AUTH XOAUTH2 =', 235)) {
+                        return false;
+                    }
+                } elseif (strlen($oauth) <= 497) {
                     //Authenticate using a token in the initial-response part
                     if (!$this->sendCommand('AUTH', 'AUTH XOAUTH2 ' . $oauth, 235)) {
                         return false;