Hello,
my IdP is kind of progressive and implemented RFC9068, where all access tokens
now come with typ "at+JWT".
Since the setup has used local validation, I had to switch and currently use
introspection endpoint. Looked around at the src and there seems to be
relatively simple check of the to
On 16/11/2022 17:31 EET Felix Auringer <felix.auringer@giz.berlin> wrote:
Hello,
<https://doc.dovecot.org/configuration_manual/authentication/oauth2/#local-validation>
desc
Hello,
<https://doc.dovecot.org/configuration_manual/authentication/oauth2/#local-validation>
describes how to set up local validation for OAUTH2 with dovecot. This
works fine as long as the keys are not rotated. In my experience, it is
common for a client to try to validate a token wi