Page MenuHomePhorge
Differential D4899

Single-Sign-On for Webmail
ClosedPublic
Actions

Authored by machniak on Wed, Aug 28, 2:35 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Sep 13, 1:14 AM
Unknown Object (File)
Sun, Sep 8, 3:47 PM
Unknown Object (File)
Sun, Sep 8, 6:25 AM
Unknown Object (File)
Sun, Sep 8, 4:16 AM
Unknown Object (File)
Sun, Sep 8, 3:09 AM
Unknown Object (File)
Sat, Sep 7, 7:14 AM
Unknown Object (File)
Thu, Sep 5, 6:29 AM
Unknown Object (File)
Wed, Sep 4, 1:40 AM
View All 28 Files
Subscribers
mollekopf
Restricted Project

Details

Reviewers
mollekopf
Group Reviewers
Restricted Project
Commits
rK03fc36160e31: Single-Sign-On for Webmail
Summary

Return short living password as OIDC claim. Then Roundcube will use it as user password.

Note: This requires some upstream patches, so right now you can't test this with webmail.

Test Plan

./phpunit

Diff Detail

Repository
rK kolab
Branch
dev/oauth-otp-claim
Lint
Lint Skipped
Unit
No Test Coverage
Build Status
Buildable 48861
Build 18345: arc lint + arc unit

Event Timeline

machniak requested review of this revision.Wed, Aug 28, 2:35 PM
machniak created this revision.
Harbormaster completed remote builds in B48822: Diff 14037.Wed, Aug 28, 2:35 PM
mollekopf subscribed.Thu, Aug 29, 12:18 PM

Looks nice and concise. It seems the alternative would be to request the access token via a protected api route, which I suppose would require more manual handling to make the token then available to the server and refresh it when necessary, so this seems like a good option.

src/config/openid.php
18

It's something custom so maybe it's just a "Kolab Access Token"?

mollekopf accepted this revision.Thu, Aug 29, 12:18 PM
This revision is now accepted and ready to land.Thu, Aug 29, 12:18 PM
machniak updated this revision to Diff 14073.Thu, Aug 29, 2:19 PM
  • Show "Redirecting..." message before redirect
  • otp -> auth.token
Harbormaster completed remote builds in B48861: Diff 14073.Thu, Aug 29, 2:19 PM
Closed by commit rK03fc36160e31: Single-Sign-On for Webmail (authored by machniak). · Explain WhyThu, Aug 29, 2:21 PM
This revision was automatically updated to reflect the committed changes.
machniak added a commit: rK03fc36160e31: Single-Sign-On for Webmail.

Revision Contents
Changeset List

PathSize
config.demo/
src/
database/
seeds/
15 lines
src/
app/
Auth/
10 lines
5 lines
Http/
Controllers/
API/
5 lines
config/
5 lines
4 lines
resources/
js/
6 lines
lang/
en/
2 lines
1 line
themes/
8 lines
vue/
6 lines
tests/
Feature/
Controller/
8 lines
2 lines

Diff 14073

View Options

config.demo/src/database/seeds/PassportSeeder.php

Loading...
View Options

src/app/Auth/IdentityEntity.php

Loading...
View Options

src/app/Auth/Utils.php

Loading...
View Options

src/app/Http/Controllers/API/AuthController.php

Loading...
View Options

src/config/auth.php

Loading...
View Options

src/config/openid.php

Loading...
View Options

src/resources/js/utils.js

Loading...
View Options

src/resources/lang/en/auth.php

Loading...
View Options

src/resources/lang/en/ui.php

Loading...
View Options

src/resources/themes/app.scss

Loading...
View Options

src/resources/vue/Authorize.vue

Loading...
View Options

src/tests/Feature/Controller/AuthTest.php

Loading...
View Options

src/tests/Feature/Controller/WellKnownTest.php

Loading...