My question wasn't geared in that direction. It's up to each
provider to create their own custom interfaces for integrating all
that. It's not rocket science.
My question was geared towards the clients used to access mail.
Outlook uses hardcoded integration with Gmail, Yahoo too I think from
the strings I saw in a dll.
But that integration doesn't have anything special, it's basically
Outlook making a post like this:
'client_id':
445112211283-61c9mrk8i55mfr882g61p37m8j2nga3q.apps.googleusercontent.com
'login_hint':
u...@gmail.com
'redirect_uri':
http://localhost:8011
'response_type':
code
'scope':
profile email https://mail.google.com
'rs':
en-US
'build':
16.0.17726
'platform':
Win32
'app':
Outlook
That looks like a custom implicit flow where Outlook has that
client_id and it goes to URL
: https://accounts.google.com/o/oauth2/v2/auth
Mind you, that URL can be derived
from https://accounts.google.com/.well-known/openid-configuration since
it's nothing more than the authorization endpoint.
Taking another example, eM Client. They seem to use Authorization Flow
with Yahoo. Pretty straightforward.
User adds a Yahoo account, eM Client opens the Yahoo oauth login page,
if login is successful Yahoo posts the token to eM Client's oauth
server which in turn passes it over to the eM Client app.
Again, I'm not oauth expert but I can't figure out why this can't be
done with all providers.
1. Look-up domain.com/.well-known/openid-configuration and get the
authorization endpoint
2. Let each provider register the mail clients they want to support
It's not trivial for the providers but let them figure it out. The
most important part is client support for oauth. If the client doesn't
detect the proper oauth endpoints it can simply abort with an error.
Cheers,
Scott
On Sunday, 14/07/2024 at 11:21 A. Schulze via mailop wrote:
Am 10.07.24 um 04:07 schrieb Scott Q. via mailop:
> What exactly is missing for broad acceptance ?
>
> https://openid.net/specs/openid-connect-discovery-1_0.html
defines some pretty clear ways to autodiscover the endpoints.
>
> MS & Google and Keycloak both offer this URL:
>
>
https://login.microsoftonline.com/domain.com/.well-known/openid-configuration
> https://accounts.google.com/.well-known/openid-configuration
All,
maybe off topic, but as Scott asked "What exactly is missing for broad
acceptance": here are my thoughts:
I'm aware of many operators of smaller email systems for less then 1k
users.
There the preferred software is mostly postfix, dovecot and keycloak.
dovecot and keycloak offer oauth2. What's missing is how to glue them
together to play with oauth.
There were question on dovecot- and keycloak-mailing lists [1], [2]
and [3] but they are still unanswered.
I would collect and combine that for a howto but I also lack some
oauth2 skills...
Andreas
[1]
https://dovecot.org/mailman3/hyperkitty/list/dove...@dovecot.org/thread/JJEEJG3JR5GT3H2MQEUDRLNEAA4US4KP/
[2]
https://dovecot.org/mailman3/hyperkitty/list/dove...@dovecot.org/thread/3NM5CX4BFPBFLMG7QLFK7JV6I4OCUVM3/
[3]
https://groups.google.com/g/keycloak-user/c/IKfCm4UuOVg/m/iouuRv8HAQAJ
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
