My question wasn't geared in that direction. It's up to each provider to create their own custom interfaces for integrating all that. It's not rocket science.
My question was geared towards the clients used to access mail. Outlook uses hardcoded integration with Gmail, Yahoo too I think from the strings I saw in a dll. But that integration doesn't have anything special, it's basically Outlook making a post like this: 'client_id': 445112211283-61c9mrk8i55mfr882g61p37m8j2nga3q.apps.googleusercontent.com 'login_hint': u...@gmail.com 'redirect_uri': http://localhost:8011 'response_type': code 'scope': profile email https://mail.google.com 'rs': en-US 'build': 16.0.17726 'platform': Win32 'app': Outlook That looks like a custom implicit flow where Outlook has that client_id and it goes to URL : https://accounts.google.com/o/oauth2/v2/auth Mind you, that URL can be derived from https://accounts.google.com/.well-known/openid-configuration since it's nothing more than the authorization endpoint. Taking another example, eM Client. They seem to use Authorization Flow with Yahoo. Pretty straightforward. User adds a Yahoo account, eM Client opens the Yahoo oauth login page, if login is successful Yahoo posts the token to eM Client's oauth server which in turn passes it over to the eM Client app. Again, I'm not oauth expert but I can't figure out why this can't be done with all providers. 1. Look-up domain.com/.well-known/openid-configuration and get the authorization endpoint 2. Let each provider register the mail clients they want to support It's not trivial for the providers but let them figure it out. The most important part is client support for oauth. If the client doesn't detect the proper oauth endpoints it can simply abort with an error. Cheers, Scott On Sunday, 14/07/2024 at 11:21 A. Schulze via mailop wrote: Am 10.07.24 um 04:07 schrieb Scott Q. via mailop: > What exactly is missing for broad acceptance ? > > https://openid.net/specs/openid-connect-discovery-1_0.html defines some pretty clear ways to autodiscover the endpoints. > > MS & Google and Keycloak both offer this URL: > > https://login.microsoftonline.com/domain.com/.well-known/openid-configuration > https://accounts.google.com/.well-known/openid-configuration All, maybe off topic, but as Scott asked "What exactly is missing for broad acceptance": here are my thoughts: I'm aware of many operators of smaller email systems for less then 1k users. There the preferred software is mostly postfix, dovecot and keycloak. dovecot and keycloak offer oauth2. What's missing is how to glue them together to play with oauth. There were question on dovecot- and keycloak-mailing lists [1], [2] and [3] but they are still unanswered. I would collect and combine that for a howto but I also lack some oauth2 skills... Andreas [1] https://dovecot.org/mailman3/hyperkitty/list/dove...@dovecot.org/thread/JJEEJG3JR5GT3H2MQEUDRLNEAA4US4KP/ [2] https://dovecot.org/mailman3/hyperkitty/list/dove...@dovecot.org/thread/3NM5CX4BFPBFLMG7QLFK7JV6I4OCUVM3/ [3] https://groups.google.com/g/keycloak-user/c/IKfCm4UuOVg/m/iouuRv8HAQAJ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop