Hi Andreas We have some documentation here: https://documentation.open-xchange.com/8/middleware/mail/dovecot/oauth_2.0_with_postfix_and_dovecot.html
but a good HowTo sounds like a really good idea, to further the adoption. If you need help let me know :) To answer Scott in terms of the wider discussion, there are some things in motion currently. I know that https://datatracker.ietf.org/doc/draft-jenkins-oauth-public/ is to be discussed at the next IETF meeting in Canada. There is also work ongoing regarding https://datatracker.ietf.org/doc/draft-bucksch-autoconfig/ What could be nice is contact points to some of the bigger mail clients for them to support it. There are people that are trying to work on this topic in M3AAWG and have been for some time. If you can - please create feature requests for those clients - that could be a good starting point to let the companies know that there is in fact customer demand for this. Kind Regards, Sidsel Jensen > On 07/14/2024 5:21 PM CEST A. Schulze via mailop <mailop@mailop.org> wrote: > > > Am 10.07.24 um 04:07 schrieb Scott Q. via mailop: > > What exactly is missing for broad acceptance ? > > > > https://openid.net/specs/openid-connect-discovery-1_0.html > > <https://openid.net/specs/openid-connect-discovery-1_0.html> defines some > > pretty clear ways to autodiscover the endpoints. > > > > MS & Google and Keycloak both offer this URL: > > > > https://login.microsoftonline.com/domain.com/.well-known/openid-configuration > > > > <https://login.microsoftonline.com/domain.com/.well-known/openid-configuration> > > https://accounts.google.com/.well-known/openid-configuration > > <https://accounts.google.com/.well-known/openid-configuration> > > All, > > maybe off topic, but as Scott asked "What exactly is missing for broad > acceptance": here are my thoughts: > > I'm aware of many operators of smaller email systems for less then 1k users. > There the preferred software is mostly postfix, dovecot and keycloak. > > dovecot and keycloak offer oauth2. What's missing is how to glue them > together to play with oauth. > There were question on dovecot- and keycloak-mailing lists [1], [2] and [3] > but they are still unanswered. > > I would collect and combine that for a howto but I also lack some oauth2 > skills... > > Andreas > > [1] > https://dovecot.org/mailman3/hyperkitty/list/dove...@dovecot.org/thread/JJEEJG3JR5GT3H2MQEUDRLNEAA4US4KP/ > [2] > https://dovecot.org/mailman3/hyperkitty/list/dove...@dovecot.org/thread/3NM5CX4BFPBFLMG7QLFK7JV6I4OCUVM3/ > [3] https://groups.google.com/g/keycloak-user/c/IKfCm4UuOVg/m/iouuRv8HAQAJ > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
