Page MenuHomePhorge
Differential D4899

Single-Sign-On for Webmail
ClosedPublic
Actions

Authored by machniak on Aug 28 2024, 2:35 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Oct 28, 3:56 PM
Unknown Object (File)
Sun, Oct 27, 2:44 PM
Unknown Object (File)
Tue, Oct 22, 9:05 PM
Unknown Object (File)
Fri, Oct 11, 9:00 AM
Unknown Object (File)
Thu, Oct 10, 12:29 AM
Unknown Object (File)
Oct 2 2024, 11:56 AM
Unknown Object (File)
Sep 29 2024, 3:30 PM
Unknown Object (File)
Sep 24 2024, 5:41 PM
View All 39 Files
Subscribers
mollekopf
Restricted Project

Details

Reviewers
mollekopf
Group Reviewers
Restricted Project
Commits
rK03fc36160e31: Single-Sign-On for Webmail
Summary

Return short living password as OIDC claim. Then Roundcube will use it as user password.

Note: This requires some upstream patches, so right now you can't test this with webmail.

Test Plan

./phpunit

Diff Detail

Repository
rK kolab
Branch
dev/oauth-otp-claim
Lint
Lint Skipped
Unit
No Test Coverage
Build Status
Buildable 48822
Build 18330: arc lint + arc unit

Event Timeline

machniak requested review of this revision.Aug 28 2024, 2:35 PM
machniak created this revision.
Harbormaster completed remote builds in B48822: Diff 14037.Aug 28 2024, 2:35 PM
mollekopf subscribed.Aug 29 2024, 12:18 PM

Looks nice and concise. It seems the alternative would be to request the access token via a protected api route, which I suppose would require more manual handling to make the token then available to the server and refresh it when necessary, so this seems like a good option.

src/config/openid.php
18

It's something custom so maybe it's just a "Kolab Access Token"?

mollekopf accepted this revision.Aug 29 2024, 12:18 PM
This revision is now accepted and ready to land.Aug 29 2024, 12:18 PM
machniak updated this revision to Diff 14073.Aug 29 2024, 2:19 PM
  • Show "Redirecting..." message before redirect
  • otp -> auth.token
Harbormaster completed remote builds in B48861: Diff 14073.Aug 29 2024, 2:19 PM
Closed by commit rK03fc36160e31: Single-Sign-On for Webmail (authored by machniak). · Explain WhyAug 29 2024, 2:21 PM
This revision was automatically updated to reflect the committed changes.
machniak added a commit: rK03fc36160e31: Single-Sign-On for Webmail.

Revision Contents
Changeset List

PathSize
config.demo/
src/
database/
seeds/
15 lines
src/
app/
Auth/
10 lines
5 lines
Http/
Controllers/
API/
5 lines
config/
5 lines
5 lines
resources/
lang/
en/
2 lines
tests/
Feature/
Controller/
8 lines
2 lines

Diff 14037

View Options

config.demo/src/database/seeds/PassportSeeder.php

Loading...
View Options

src/app/Auth/IdentityEntity.php

Loading...
View Options

src/app/Auth/Utils.php

Loading...
View Options

src/app/Http/Controllers/API/AuthController.php

Loading...
View Options

src/config/auth.php

Loading...
View Options

src/config/openid.php

Loading...
View Options

src/resources/lang/en/auth.php

Loading...
View Options

src/tests/Feature/Controller/AuthTest.php

Loading...
View Options

src/tests/Feature/Controller/WellKnownTest.php

Loading...