oauth2
Vincent Brillault
vincent.brillault at cern.ch
Wed Jun 30 11:29:33 EEST 2021
Hi Andrea, all
> I simply put in a file /etc/dovecot/keys/webmail/RS256/<key id> the
> value of the public key found on the keycloak console.
>
> Which is the correct format of that file?
It's json. I had the same question initially, had to check the code.
I obtain that file from
https://${keycloak}/auth/realms/${realm}/protocol/openid-connect/certs
(jwks_uri link in
https://${keycloak}/auth/realms/${realm}/.well-known/openid-configuration)
It looks something like: `{"kid": "...", "kty": "RSA", "alg": "RS256",
"use": "sig", "n": ... "e": "AQAB", "x5c": ["....."], "x5t": "...",
"x5t#S256": "..."}`
I see from the documentation that 2.3.16 will support auto discovery:
https://doc.dovecot.org/configuration_manual/authentication/oauth2/#openid-discovery
Cheers,
Vincent
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://dovecot.org/pipermail/dovecot/attachments/20210630/4500358e/attachment.sig>
More information about the dovecot
mailing list