Re: Is XOAUTH2 support broken in 2.3.21?

4 Oct 2023


      Hi again,
...
Am 04.10.2023 um 12:56 schrieb Arjen de Korte build+dovecot@de-korte.org:
Citeren Christian Rößner via dovecot dovecot@dovecot.org:
...
Hi,
I use Roundcube with OIDC. Everything works fine in Dovecot 2.3.20, but broke in 2.3.21. Downgrading to 2.3.20 makes it work again, so it is introduced in the newer release.
Error (2.3.21):
Oct  4 11:03:57 mx dovecot[558531]: imap-login: Disconnected: Connection closed (client didn't finish SASL auth, waited 1 secs): user=<christian@roessner.email>, orig_user=<christian@roessner.email>, method=XOAUTH2, rip=192.168.0.4, lip=192.168.0.2, TLS, TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)

Here is an example with 2.3.20:
Success (2.3.20):
Oct  4 11:17:21 mx dovecot[889914]: imap-login: Login: user=<christian@roessner.email>, orig_user=<christian@roessner.email>, method=XOAUTH2, rip=192.168.0.4, lip=192.168.0.2, mpid=891874, TLS, TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)

I thought it would be oviously what is going wrong, so I did not show any configuration stuff. Here are some more details from the dovecot configuration:
tokeninfo_url = https://oauth.authserv.me:4444/userinfo?access_token=
introspection_url = https://oauth.authserv.me:4445/admin/oauth2/introspect
introspection_mode = post
force_introspection = yes
scope = email
username_attribute = email
username_format = %Lu
active_attribute = active
active_value = true
openid_configuration_url = https://oauth.authserv.me:4444/.well-known/openid-configuration
pass_attrs = \
        dovecot_user=user \
        dovecot_mailbox_home=userdb_home \
        dovecot_mailbox_path=userdb_mail
max_parallel_connections = 10
tls_allow_invalid_cert = yes

The OAuth2/OIDC server is Ory-hydra. The authentication backend is https://authserv.io https://authserv.io/, my own OpenSource project.
Kind regards
Christian Rößner
Rößner-Network-Solutions
Zertifizierter ITSiBe / CISO
Karl-Bröger-Str. 10, 36304 Alsfeld
Fax: +49 6631 78823409, Mobil: +49 171 9905345
USt-IdNr.: DE225643613, https://roessner.website
PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5