https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38338
--- Comment #89 from David Cook <[email protected]> --- So one of the problems with this work has been an inability for people to test it... But I've come up with a solution for that. The "dovecot/dovecot" Docker image provides a SMTP submission service which can be protected with XOAUTH2 authentication. Using https://github.com/minusdavid/simple-sasl-xoauth2 with Authen::SASL::XS, I have a little Perl script using Net::SMTP to send an SMTP auth request to that Dovecot submission service. I use Keycloak to generate the access token and Dovecot verifies the token against Keycloak. Net::SMTP>>> Net::SMTP(3.15) Net::SMTP>>> Net::Cmd(3.15) Net::SMTP>>> Exporter(5.77) Net::SMTP>>> IO::Socket::IP(0.4101) Net::SMTP>>> IO::Socket(1.52) Net::SMTP>>> IO::Handle(1.52) Net::SMTP=GLOB(0x55d97900e218)<<< 220 9e027f6ee005 Dovecot ready. Net::SMTP=GLOB(0x55d97900e218)>>> EHLO localhost.localdomain Net::SMTP=GLOB(0x55d97900e218)<<< 250-9e027f6ee005 Net::SMTP=GLOB(0x55d97900e218)<<< 250-8BITMIME Net::SMTP=GLOB(0x55d97900e218)<<< 250-AUTH OAUTHBEARER XOAUTH2 Net::SMTP=GLOB(0x55d97900e218)<<< 250-SMTPUTF8 Net::SMTP=GLOB(0x55d97900e218)<<< 250-BURL imap Net::SMTP=GLOB(0x55d97900e218)<<< 250-CHUNKING Net::SMTP=GLOB(0x55d97900e218)<<< 250-ENHANCEDSTATUSCODES Net::SMTP=GLOB(0x55d97900e218)<<< 250-SIZE Net::SMTP=GLOB(0x55d97900e218)<<< 250 PIPELINING Net::SMTP=GLOB(0x55d97900e218)>>> AUTH XOAUTH2 dXNlcj10ZXN0AWF1dGg9QmVhcmVyIGV5SmhiR2NpT2lKRlV6STFOaUlzSW5SNWNDSWdPaUFpU2xkVUlpd2lhMmxrSWlBNklDSXRZMHc1WWxGcllUWmxNWHB6VkRobWNERkRkblZ3WDJ4WVRuRk5kekpoTlhWcE5XNVdabXRUVjBjMEluMC5leUpsZUhBaU9qRTNPREUwTXpVek16Z3NJbWxoZENJNk1UYzRNVFF6TlRBek9Dd2lhblJwSWpvaWIyNXlkR0ZqT2prek5ETTVPVFkyTFRkaU1XSXRNREl5TlMxak1XRTJMVEV6TXpVME56RTROR0kyTkNJc0ltbHpjeUk2SW1oMGRIQTZMeTlyWlhsamJHOWhhem80TURnd0wzSmxZV3h0Y3k5MFpYTjBJaXdpZEhsd0lqb2lRbVZoY21WeUlpd2lZWHB3SWpvaVpHOTJaV052ZENJc0luTnBaQ0k2SWtSVk1Hc3plbTVXYkhCWFJHMTBUakZHZG5oRVVUQkhMU0lzSW1Gc2JHOTNaV1F0YjNKcFoybHVjeUk2V3lJaVhTd2ljMk52Y0dVaU9pSnZjR1Z1YVdRZ2NISnZabWxzWlNCbGJXRnBiQ0lzSW1WdFlXbHNYM1psY21sbWFXVmtJanAwY25WbExDSnVZVzFsSWpvaVJtbHljM1FnVEdGemRDSXNJbkJ5WldabGNuSmxaRjkxYzJWeWJtRnRaU0k2SW5SbGMzUWlMQ0puYVhabGJsOXVZVzFsSWpvaVJtbHljM1FpTENKbVlXMXBiSGxmYm1GdFpTSTZJa3hoYzNRaUxDSmxiV0ZwYkNJNkluUmxjM1JBZEdWemRDNTBaWE4wSW4wLnRSSDkxeXF0YnZvdU1RVlpNbzI0QXBrWFdJdjhpTFJOX25wNEV3YXBQRlRNNlJTT2RiYi1UVkFPNWFwRkhyR1VjbDFkMU40Qzd5OGdYUWRTd25aUk1BAQE= Net::SMTP=GLOB(0x55d97900e218)<<< 235 2.7.0 Logged in. Net::SMTP=GLOB(0x55d97900e218)>>> QUIT Net::SMTP=GLOB(0x55d97900e218)<<< 221 2.0.0 Bye Technically, we don't actually have to send the email. We can just send the AUTH header and then quit, but we can prove that the authentication was successful. -- I'll look at streamlining and polishing things up further, but I think this is a good way of testing XOAUTH2 work without requiring a Google or Microsoft account. -- One word of warning. Net::SMTP doesn't seem to handle sending long SMTP AUTH messages, and Dovecot will refuse AUTH lines longer than 1000 characters. I had to remove some claims from the JWT and use a shorter signing algorithm to get Dovecot and NET::SMTP to play nice. But that's a Net::SMTP issue I reckon. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
