Dovecot ACLs and XOAUTH2

Felix Auringer felix.auringer at
Tue Aug 23 09:27:30 UTC 2022


On 8/22/22 14:04, Aki Tuomi wrote:
> Currently the support is very limited. You can extract strings and numbers from a flat object. >
> You should be able to extract the whole access token like that, although I didn't say in my previous mail that the %{oauth2:} is valid only within the oauth2 passdb currently.

I am using the oauth2 passdb and can extract other fields, for example 
`userdb_email=%{oauth2:email}` successfully. However, 
`userdb_token=%{oauth2:access_token}` does not work.

> Additionally, the user's token is available as %w / %{password} on all passdbs. The best way I can think of right now is to use Lua passdb to complex token handling.

`%{password}` on the other hand works fine, so it's not a problem that 
`%{oauth2:access_token}` isn't working.

Thank you very much for your help, Aki!

Gesellschaft für interkulturelles
Zusammenleben gGmbH (GIZ)
Felix Auringer
Reformationsplatz 2
13597 Berlin

Tel: 030/513 0100 00; Fax: 030/513 0100 09; felix.auringer at

Amtsgericht Charlottenburg HRB 200872 B
Geschäftsführerin: Dr. Britta Marschke

More information about the dovecot mailing list