Dovecot ACLs and XOAUTH2
Felix Auringer
felix.auringer at giz.berlin
Mon Aug 22 11:32:45 UTC 2022
On 8/22/22 10:14, Aki Tuomi wrote:
> Hi!
>
> You need to export them in passdb. You can do `userdb_some_field=%{oauth2:some_field}`.
That is exactly what I have been looking for, thank you! Is it also
possible to extract arrays and objects from the token with this syntax?
For example, I tried to save `allowed-origins` which is a list of
strings but the field in the userdb was empty (but present). However,
the field was processed according to the logs.
Furthermore, it seems that only keys that have a string or an array
value are processed, so it may not even be possible to extract a parent
object. For a structure like this:
```
{
"azp": "roundcube-test",
"realm_access": {
"roles": [...]
},
"resource_access": {
"realm-management": {
"roles": [...]
},
"account": {
"roles": [...]
}
}
}
```
the log only shows:
auth: Debug: oauth2(...): Processing field azp
auth: Debug: oauth2(...): Processing field roles
auth: Debug: oauth2(...): Processing field roles
auth: Debug: oauth2(...): Processing field roles
It also doesn't work to extract the whole token with
`userdb_token=%{oauth2:access_token}` (this syntax however works for
proxy authentication). Otherwise, I could just save the whole token in
the user database.
Is there some syntax I did not find in the documentation that would
enable me to extract either the whole token or a whole JSON object / array?
Best regards,
Felix
---
Gesellschaft für interkulturelles
Zusammenleben gGmbH (GIZ)
Felix Auringer
IT
Reformationsplatz 2
13597 Berlin
Tel: 030/513 0100 00; Fax: 030/513 0100 09
www.giz.berlin; felix.auringer at giz.berlin
Amtsgericht Charlottenburg HRB 200872 B
Geschäftsführerin: Dr. Britta Marschke
More information about the dovecot
mailing list