dovecot oauth
la.jolie@paquerette
la.jolie at paquerette.org
Wed Oct 27 16:16:50 EEST 2021
On 26/10/21 17:48, Aki Tuomi wrote:
>> On 26/10/2021 16:04 la.jolie at paquerette <la.jolie at paquerette.org> wrote:
>>
>>
>> Hello,
>>
>> I upgraded my servers from Debian Buster (v10) to Bullseye (v11).
>> Before the upgrade, I had Roundcube / Dovecot working with LemonLdap
>> (via OAuth).
>>
>> After the upgrade, i can't connect to Roundcube anymore.
>>
>> - roundcube (v1.5-rc) stayed the same
>> - Dovecot upgraded from v1:2.3.4.1-5+deb10u6 to v1:2.3.13+dfsg1-2
>>
>> I already discussed on the LemonLdap mailing list and the analysis was:
>> "Seems like your app is not sending client_id and client_secret
>> correctly then
>> It can do that either as POST parameters or in the Authorization header"
>>
>> I downgraded Dovecot to Buster version (v1:2.3.4.1-5+deb10u6) and
>> Roundcube / Dovecot are working again.
>>
>> What could have change between these 2 versions to have that error?
>>
>> My dovecot Oauth config:
>> ----
>> debug = yes
>>
>> ## url for verifying token validity. Token is appended to the URL
>> tokeninfo_url = https://auth.mydomain.name/oauth2/userinfo?access_token=
>>
>> ## introspection endpoint, used to gather extra fields and other
>> information.
>> introspection_url = https://auth.mydomain.name/oauth2/introspect
>>
>> ## How introspection is made, valid values are
>> ## auth = GET request with Bearer authentication
>> ## get = GET request with token appended to URL
>> ## post = POST request with token=bearer_token as content
>> introspection_mode = post
>>
>> ## TLS settings
>> tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
>>
>> ## username attribute in response (default: email)
>> username_attribute = email
> I cannot see client_id or client_secret here. They are added automatically as POST fields when present in the config file.
>
> Aki
Hello Aki,
Indeed, it seems to be compulsory to have client_id & client_secret in
the dovecot-oauth file with bullseye version of dovecot.
NB: For those who were in the same situation, don't forget to protect
your dovecot-oauth file as it has now a secret.
-rw-r----- 1 dovecot dovecot 1152 oct 27 14:09
/etc/dovecot/dovecot-oauth2.conf.ext
Big thanks for your help.
Best,
Kenny
More information about the dovecot
mailing list