Hi!
I would like to try the oauth2 mechanism to autenticate my users.
[...]
My Thunderbird client [...]
Not a Thunderbird/Dovecot expert here, so only talking about my experience. We have a setup here with Dovecot supporting OAUTHBEARER & XOAUTH2 to allow our web-based interface (Open-Xchange) to use our SSO (also provided by Keycloak) and that works fine. However, we also got questions from users about Thunderbird so I had a quick look into it.
From what I understand, from digging into https://bugzilla.mozilla.org/ and Thunderbird source code, Thunderbird is using a static list of Oauth2 providers, for which it stores the clientId/clientSecret/authorizationEndpoint/tokenEndpoint statically in its source code.
As a result, I think Thunderbird can't support Oauth2 for a standard Dovecot installation without patches... (But I would love to be proven wrong and be able to provide Oauth support to our users!)
Cheers, Vincent
PS: Thunderbird hardcoded list: https://github.com/mozilla/releases-comm-central/blob/master/mailnews/base/s...