oauth2

Vincent Brillault vincent.brillault at cern.ch
Thu Jun 24 12:24:08 EEST 2021


Hi!

> I would like to try the oauth2 mechanism to autenticate my users.
>
> [...]
> 
> My Thunderbird client [...]

Not a Thunderbird/Dovecot expert here, so only talking about my
experience. We have a setup here with Dovecot supporting OAUTHBEARER &
XOAUTH2 to allow our web-based interface (Open-Xchange) to use our SSO
(also provided by Keycloak) and that works fine. However, we also got
questions from users about Thunderbird so I had a quick look into it.

From what I understand, from digging into https://bugzilla.mozilla.org/
and Thunderbird source code, Thunderbird is using a static list of
Oauth2 providers, for which it stores the
clientId/clientSecret/authorizationEndpoint/tokenEndpoint statically in
its source code.

As a result, I think Thunderbird can't support Oauth2 for a standard
Dovecot installation without patches... (But I would love to be proven
wrong and be able to provide Oauth support to our users!)

Cheers,
Vincent

PS: Thunderbird hardcoded list:
https://github.com/mozilla/releases-comm-central/blob/master/mailnews/base/src/OAuth2Providers.jsm

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://dovecot.org/pipermail/dovecot/attachments/20210624/6f801fda/attachment.sig>


More information about the dovecot mailing list