OAUTH2 problem when migrating to Ubuntu 24.04

Francis Augusto Medeiros-Logeay

9 May 2024 9 May '24

10:46 a.m.

Hi,

I have a Dovecot server on Ubuntu 22.04, which works fine with Oauth2. I am building a new container based on Ubuntu 24.04. IMAP seems to work fine with plain authentication, but oauth2 fails (Dovecot v2.3.21). Same configuration as before.

However, I got this message:

May 09 09:41:57 auth: Error: oauth2(fran@mydomain.eu,10.110.41.32,): oauth2 failed: Introspection failed: No username returned

Weird, as it does indeed seems to get the username (as seen on the log).

Any clue on why this fails?

Best,

Francis

Show replies by date

Aki Tuomi

9 May 9 May

11:11 a.m.

...

On 09/05/2024 10:46 EEST Francis Augusto Medeiros-Logeay via dovecot dovecot@dovecot.org wrote:

Hi,

I have a Dovecot server on Ubuntu 22.04, which works fine with Oauth2. I am building a new container based on Ubuntu 24.04. IMAP seems to work fine with plain authentication, but oauth2 fails (Dovecot v2.3.21). Same configuration as before.

However, I got this message:

May 09 09:41:57 auth: Error: oauth2(fran@mydomain.eu,10.110.41.32,): oauth2 failed: Introspection failed: No username returned

Weird, as it does indeed seems to get the username (as seen on the log).

Any clue on why this fails?

Best,

Francis

It means that introspection did not return username for the token. This is important, because if the token is not validated to belong to the user attempting to log in, anyone could login as anyone with any token.

Aki

Francis Augusto Medeiros-Logeay

11:30 a.m.

Francis Augusto Medeiros-Logeay Oslo, Norway

On 2024-05-09 10:11, Aki Tuomi wrote:

...

...
On 09/05/2024 10:46 EEST Francis Augusto Medeiros-Logeay via dovecot dovecot@dovecot.org wrote:

Hi,

I have a Dovecot server on Ubuntu 22.04, which works fine with Oauth2. I am building a new container based on Ubuntu 24.04. IMAP seems to work fine with plain authentication, but oauth2 fails (Dovecot v2.3.21). Same configuration as before.

However, I got this message:

May 09 09:41:57 auth: Error: oauth2(fran@mydomain.eu,10.110.41.32,): oauth2 failed: Introspection failed: No username returned

Weird, as it does indeed seems to get the username (as seen on the log).

Any clue on why this fails?

Best,

Francis

It means that introspection did not return username for the token. This is important, because if the token is not validated to belong to the user attempting to log in, anyone could login as anyone with any token.

Aki

Actually, the problem was not that. It was some change on Dovecot where suddenly I need to add "clientid:client_secret@" on the url (googled it, and saw that you advised that before). Now it works.

Best, Francis

130

Age (days ago)

130

Last active (days ago)

List overview

2 comments

2 participants

participants (2)

Aki Tuomi
Francis Augusto Medeiros-Logeay