Help needed for OAuth and WSO2 Identity Server
Tyler Montney
montneytyler at gmail.com
Tue Nov 16 21:48:57 UTC 2021
As outlined here:
https://doc.dovecot.org/configuration_manual/authentication/oauth2/
Can Postman https://identity.foo.mylocal:9443/oauth2/token OK.
Using this command to generate the base64 token: echo -en
'n,a=test at foo.com,\001host=localhost\001port=143\001auth=Bearer
S3cure!Password\001\001' | base64 -w0; echo
I telnet to localhost 143, and run 01 AUTHENTICATE OAUTHBEARER {TOKEN}.
Get 'User id is not available for user: FOO.MYLOCAL/test at carbon.super'
(HTTP 500). It could be because Dovecot is just sending a username instead
of the full email address? I can generate the same 500 error by just
sending the username in Postman.
***dovecot-oauth.conf.ext***
introspection_mode = post
introspection_url = https://adminusername:adminpassword@identity.foo.mylocal
:9443/oauth2/introspect
username_attribute = username
tls_allow_invalid_cert = yes
active_attribute = active
active_value = true
use_grant_password = yes
# Have tried this, no change.
#username_format = %n
client_id = {CLIENTID}
client_secret = {CLIENTSECRET}
grant_url = https://identity.foo.mylocal:9443/oauth2/token
tokeninfo_url = https://identity.foo.mylocal:9443/oauth2/tokeninfo?oauth=
pass_attrs = pass=%{oauth2:access_token}
***dovecot.conf***
auth_mechanisms = $auth_mechanisms oauthbearer xoauth2
passdb {
driver = oauth2
mechanisms = xoauth2 oauthbearer
args = /etc/dovecot/dovecot-oauth2.conf.ext
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20211116/f6daa5be/attachment.htm>
More information about the dovecot
mailing list