Re: Is XOAUTH2 support broken in 2.3.21?

Wed, 04 Oct 2023 05:51:23 -0700 

Hi again,

> Am 04.10.2023 um 12:56 schrieb Arjen de Korte <build+dove...@de-korte.org>:
> 
> Citeren Christian Rößner via dovecot <dovecot@dovecot.org>:
> 
>> Hi,
>> 
>> I use Roundcube with OIDC. Everything works fine in Dovecot 2.3.20, but 
>> broke in 2.3.21. Downgrading to 2.3.20 makes it work again, so it is 
>> introduced in the newer release.
>> 
>> Error (2.3.21):
>> ```
>> Oct  4 11:03:57 mx dovecot[558531]: imap-login: Disconnected: Connection 
>> closed (client didn't finish SASL auth, waited 1 secs): 
>> user=<christian@roessner.email>, orig_user=<christian@roessner.email>, 
>> method=XOAUTH2, rip=192.168.0.4, lip=192.168.0.2, TLS, TLSv1.3 with cipher 
>> TLS_AES_256_GCM_SHA384 (256/256 bits)
>> ```
>> 
>> Here is an example with 2.3.20:
>> 
>> Success (2.3.20):
>> ```
>> Oct  4 11:17:21 mx dovecot[889914]: imap-login: Login: 
>> user=<christian@roessner.email>, orig_user=<christian@roessner.email>, 
>> method=XOAUTH2, rip=192.168.0.4, lip=192.168.0.2, mpid=891874, TLS, TLSv1.3 
>> with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
>> ```
> 

I thought it would be oviously what is going wrong, so I did not show any 
configuration stuff. Here are some more details from the dovecot configuration:

```
tokeninfo_url = https://oauth.authserv.me:4444/userinfo?access_token=
introspection_url = https://oauth.authserv.me:4445/admin/oauth2/introspect
introspection_mode = post
force_introspection = yes
scope = email
username_attribute = email
username_format = %Lu
active_attribute = active
active_value = true
openid_configuration_url = 
https://oauth.authserv.me:4444/.well-known/openid-configuration
pass_attrs = \
        dovecot_user=user \
        dovecot_mailbox_home=userdb_home \
        dovecot_mailbox_path=userdb_mail
max_parallel_connections = 10
tls_allow_invalid_cert = yes
```

The OAuth2/OIDC server is Ory-hydra. The authentication backend is 
https://authserv.io <https://authserv.io/>, my own OpenSource project.

Kind regards

Christian Rößner
-- 
Rößner-Network-Solutions
Zertifizierter ITSiBe / CISO
Karl-Bröger-Str. 10, 36304 Alsfeld
Fax: +49 6631 78823409, Mobil: +49 171 9905345
USt-IdNr.: DE225643613, https://roessner.website
PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5 

_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Reply via email to