This is an automated email from the ASF dual-hosted git repository. btellier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git
commit 0b16e9ecc5481149a90b2412502beb805d367435 Author: Benoit TELLIER <[email protected]> AuthorDate: Fri Jan 16 18:00:14 2026 +0100 [ENHANCEMENT] Improve SASL OpenId doc --- docs/modules/servers/partials/configure/imap.adoc | 19 +++++++++++++++++++ docs/modules/servers/partials/configure/smtp.adoc | 4 ++++ 2 files changed, 23 insertions(+) diff --git a/docs/modules/servers/partials/configure/imap.adoc b/docs/modules/servers/partials/configure/imap.adoc index 9110452826..caf1a8684e 100644 --- a/docs/modules/servers/partials/configure/imap.adoc +++ b/docs/modules/servers/partials/configure/imap.adoc @@ -62,6 +62,25 @@ Whether to enable Authentication PLAIN if the connection is not encrypted via SS | auth.oidc.scope | An OAuth scope that is valid to access the service (RF: RFC7628). Only configure this when you want to authenticate IMAP server using a OIDC provider. +| auth.oidc.aud +| An OAuth audience to access the service (RF: RFC7628). Only configure this when you want to authenticate IMAP server using a OIDC provider. + +| auth.oidc.introspection.url +| Optional. An OAuth introspection token URL will be called to validate the token (RF: RFC7662). +Only configure this when you want to validate the revocation token by the OIDC provider. +Note that James always verifies the signature of the token even whether this configuration is provided or not. +This endpoint is expected to return `aud`. + +| auth.oidc.introspection.auth +| Optional. Provide Authorization in header request when introspecting token. +Eg: `Basic xyz` + +| auth.oidc.userinfo.url +| Optional. An Userinfo URL will be called to validate the token (RF: OpenId.Core https://openid.net/specs/openid-connect-core-1_0.html). +Only configure this when you want to validate the revocation token by the OIDC provider. +Note that James always verifies the signature of the token even whether this configuration is provided or not. +James will ignore check token by userInfo if the `auth.oidc.introspection.url` is already configured + | auth.adminUsers.adminUser | XML list of administrators able to impersonate any IMAP users. This is typically enable on non publicly exposed IMAP servers eg port 994 for admin support or migration. diff --git a/docs/modules/servers/partials/configure/smtp.adoc b/docs/modules/servers/partials/configure/smtp.adoc index 1a68a0094f..d18b43634e 100644 --- a/docs/modules/servers/partials/configure/smtp.adoc +++ b/docs/modules/servers/partials/configure/smtp.adoc @@ -111,10 +111,14 @@ can be used to enforce strong authentication mechanisms. | auth.oidc.scope | An OAuth scope that is valid to access the service (RF: RFC7628). Only configure this when you want to authenticate SMTP server using a OIDC provider. +| auth.oidc.aud +| An OAuth audience to access the service (RF: RFC7628). Only configure this when you want to authenticate IMAP server using a OIDC provider. + | auth.oidc.introspection.url | Optional. An OAuth introspection token URL will be called to validate the token (RF: RFC7662). Only configure this when you want to validate the revocation token by the OIDC provider. Note that James always verifies the signature of the token even whether this configuration is provided or not. +This endpoint is expected to return `aud`. | auth.oidc.introspection.auth | Optional. Provide Authorization in header request when introspecting token. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
