JWT local validation
Aki Tuomi
aki.tuomi at open-xchange.com
Mon Jun 28 08:43:09 EEST 2021
> On 24/06/2021 09:19 Tomas Habarta <lists+dovecot at tocc.cz> wrote:
>
>
> Hello,
>
> I have a working setup with Roundcube using OAuth2 -- introspection works without any problem, unfortunately local validation does not as tokens are missing "typ" header (seems that one is indeed optional per RFC7519 and therefore not present in the implementation in place).
> Is there any parameter to assert the token type or any other workaround to make local validation work as it currently fails with: oauth2 failed: Local validation failed: Cannot find 'typ' field.
>
> dovecot v2.3.15
> Roundcube 1.5beta
> CentOS 8
>
>
> Thanks, regards
> Tomas
Hi!
The current dovecot oauth2 code requires that your tokens come with typ:jwt header. See https://datatracker.ietf.org/doc/html/rfc7519#section-5.1
Aki
More information about the dovecot
mailing list