On 24/06/2021 09:19 Tomas Habarta lists+dovecot@tocc.cz wrote:
Hello,
I have a working setup with Roundcube using OAuth2 -- introspection works without any problem, unfortunately local validation does not as tokens are missing "typ" header (seems that one is indeed optional per RFC7519 and therefore not present in the implementation in place). Is there any parameter to assert the token type or any other workaround to make local validation work as it currently fails with: oauth2 failed: Local validation failed: Cannot find 'typ' field.
dovecot v2.3.15 Roundcube 1.5beta CentOS 8
Thanks, regards Tomas
Hi!
The current dovecot oauth2 code requires that your tokens come with typ:jwt header. See https://datatracker.ietf.org/doc/html/rfc7519#section-5.1
Aki