similar to: OAuth Passdb Grant

On 06/12/2019 20:54, Aki Tuomi via dovecot wrote: > Hi! > > It seems there is a bug in the oauth2 driver, it loads the cert files wrong way. I'll make an internal bug report of this. Tracking as DOP-1590. Regards, Stephan. >> On 06/12/2019 16:42 mizuki <mizuki0621 at gmail.com> wrote: >> >> >> Hi, >> >> For troubleshooting purposes, I

I changed some of the tls options following the document, now config is following: tokeninfo_url = https://keycloak.com/auth/realms/mail/protocol/openid-connect/token introspection_url = https://dovecot:7598e21b-ec34-481f-80d0-059bddae0923 at keycloak.com/auth/realms/demo/protocol/openid-connect/token/introspect introspection_mode = post debug = yes rawlog_dir = /tmp/oauth2 #force_introspection

Hi all, We'd like to enable OAuth with Keycloak in Dovecot, after enabling 'OAUTHBEARER XOAUTH2' in Dovecot based on online document, I can confirm Dovecot is ready for OAuth using openssl command, however when the auth request comes in, it failed in establishing a SSL connection with Keycloak server on port 443, shown as following in debug logs. I can confirming using commands

Hi all, I am considering expanding a mail server to support Oauth with Google. I have read through the following: https://wiki.dovecot.org/PasswordDatabase/oauth2 however, it doesn't work and appears to me to be missing important information, the least of which is API authorisation. Searching with Google, I can't find any more information beyond what amounts to C&P'ing of the

On 2/14/23 08:49, Orion Poplawski wrote: > On 1/29/23 11:24, Orion Poplawski wrote: >> It seems that thunderbird-102.7.1-1.el8 (at least on CentOS Stream) broke >> OAuth authentication with outlook.office365.com.? Downgrading to >> 102.4.0-1.el8 resolved the issue. >> >> Error console reports: >> >> XHR POST

It seems that thunderbird-102.7.1-1.el8 (at least on CentOS Stream) broke OAuth authentication with outlook.office365.com. Downgrading to 102.4.0-1.el8 resolved the issue. Error console reports: XHR POST https://login.microsoftonline.com/common/oauth2/v2.0/token [HTTP/1.1 400 Bad Request 293ms] Is anyone else seeing this? -- Orion Poplawski he/him/his - surely the least important thing

On 29/01/2023 18:24, Orion Poplawski wrote: > It seems that thunderbird-102.7.1-1.el8 (at least on CentOS Stream) > broke OAuth authentication with outlook.office365.com.? Downgrading to > 102.4.0-1.el8 resolved the issue. > > Error console reports: > > XHR POST https://login.microsoftonline.com/common/oauth2/v2.0/token > [HTTP/1.1 400 Bad Request 293ms] > > Is

Hi, I have a problem with configuring dovecot passdb for Oauth2 with keyclock. A user can access more mailbox, mailboxes are associated with the user. When a user login with this method: OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] Dovecot ready. a login mailbox*user password Dovecot when requiring the grant_url send to Keyclock, for example, this post

Hi! It seems there is a bug in the oauth2 driver, it loads the cert files wrong way. I'll make an internal bug report of this. Aki > On 06/12/2019 16:42 mizuki <mizuki0621 at gmail.com> wrote: > > > Hi, > > For troubleshooting purposes, I change the read/write permissions on the certs and confirmed 'dovecot' can read them w/o problem, but still seeing the

Thank you Stephan, I'm wondering if I can read the track of the status of bug reports? Could you please advice? Thanks. Mizuki On Sun, Dec 8, 2019 at 6:40 AM Stephan Bosch <stephan at rename-it.nl> wrote: > > > On 06/12/2019 20:54, Aki Tuomi via dovecot wrote: > > Hi! > > > > It seems there is a bug in the oauth2 driver, it loads the cert files > wrong

Before declaring it not ready for prime time, did you try setting tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt In the oauth2 configuration file as documented in https://doc.dovecot.org/configuration_manual/authentication/oauth2 ? Aki > On 05/12/2019 21:58 mizuki via dovecot <dovecot at dovecot.org> wrote: > > > Hi all, > > We'd like to enable OAuth with

Hello, I'm trying to configure roundcube / dovecot to work with keycloak. I activated xoauth2 oauthbearer in dovecot. But a problem occurs when dovecot tries to contact the keycloak server (logs are below). My problem looks like this one: https://dovecot.org/pipermail/dovecot/2019-December/117768.html The response to this problem was about a bug in oauth driver

All, We currently use a proxy configuration with an sql query to authenticate and discover which backend server an address belongs to and proxy the connection to that host to authenticate and retrieve mail. We are looking to move to OAUTH2 for authentication and am just trying to figure how how to get that extra host information as part of the passdb query when using this mechanism. Looking at

Hello, I am currently trying to connect my Dovecot mail server to Microsoft's Azure-AD and use it as password and user database. I am using version 2.3.7.1. Using the Azure-AD as passdb already works. In this context I noticed that the scope implementation is not yet merged. Since I haven't found any hints for an OAuth2 userdb implementation yet, I wanted to ask if there are any plans

Has anyone gotten started with getting the OAuth2 replacement for Facebook Connect working with auth_logic? I know there is an OAuth2 gem (http://intridea.com/2010/4/22/oauth2- gem-just-in-time-for-facebook-graph?blog=company), and I''m thinking of using that to integrate. Anyone know when the Fb Connect API will be shut down? -- You received this message because you are subscribed to

my app seems to be running fine in dev mode ( Rails4, Devise, OAuth2 , Doorkeeper ) but looking at the console , I can see all log lines duplicated .... where should I look for any tricky bug or missing param ?anyway to get more info on what''s happening ? thanks a lot for feedback (ruby-2.0.0@rails40)$ rails server -p 4000 => Booting WEBrick => Rails 4.0.0 application starting

Hi, One interesting thing in this release is the support for configuring OAUTH2 openid-configuration element. It would be nice if IMAP clients started supporting this feature to enable OAUTH2 for all IMAP servers, not just Gmail and a few others. This would allow all kinds of new authentication methods for IMAP and improve the authentication security in general.

Practically speaking, most popular IAM and SSO solutions offer OIDC SAML tokens but do not offer Kerberos tickets.? OpenID Connect is a standard which itself is based on RFC6749 (OAuth2). This provides a compelling reason to support it in addition to Kerberos.? I'll also note that OIDC tokens are easy to validate without a bidirectional trust relationship between the IdP and RP. SSH

Hi, One interesting thing in this release is the support for configuring OAUTH2 openid-configuration element. It would be nice if IMAP clients started supporting this feature to enable OAUTH2 for all IMAP servers, not just Gmail and a few others. This would allow all kinds of new authentication methods for IMAP and improve the authentication security in general.

Hi, i started using oauth2 gem by intridea (http://github.com/intridea/oauth2) and don''t know how to fix this problem. I have developed both client and server and on request for access_token i see no grant_type parameter. My code from client callback controller class CallbackController < Devise::OauthCallbacksController def accounts access_token =