dovecot oauth
Aki Tuomi
aki.tuomi at open-xchange.com
Tue Oct 26 18:48:41 EEST 2021
> On 26/10/2021 16:04 la.jolie at paquerette <la.jolie at paquerette.org> wrote:
>
>
> Hello,
>
> I upgraded my servers from Debian Buster (v10) to Bullseye (v11).
> Before the upgrade, I had Roundcube / Dovecot working with LemonLdap
> (via OAuth).
>
> After the upgrade, i can't connect to Roundcube anymore.
>
> - roundcube (v1.5-rc) stayed the same
> - Dovecot upgraded from v1:2.3.4.1-5+deb10u6 to v1:2.3.13+dfsg1-2
>
> I already discussed on the LemonLdap mailing list and the analysis was:
> "Seems like your app is not sending client_id and client_secret
> correctly then
> It can do that either as POST parameters or in the Authorization header"
>
> I downgraded Dovecot to Buster version (v1:2.3.4.1-5+deb10u6) and
> Roundcube / Dovecot are working again.
>
> What could have change between these 2 versions to have that error?
>
> My dovecot Oauth config:
> ----
> debug = yes
>
> ## url for verifying token validity. Token is appended to the URL
> tokeninfo_url = https://auth.mydomain.name/oauth2/userinfo?access_token=
>
> ## introspection endpoint, used to gather extra fields and other
> information.
> introspection_url = https://auth.mydomain.name/oauth2/introspect
>
> ## How introspection is made, valid values are
> ## auth = GET request with Bearer authentication
> ## get = GET request with token appended to URL
> ## post = POST request with token=bearer_token as content
> introspection_mode = post
>
> ## TLS settings
> tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
>
> ## username attribute in response (default: email)
> username_attribute = email
I cannot see client_id or client_secret here. They are added automatically as POST fields when present in the config file.
Aki
More information about the dovecot
mailing list