Page MenuHomePhorge

Single-Sign-On for Webmail
ClosedPublic

Authored by machniak on Aug 28 2024, 2:35 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Oct 28, 3:56 PM
Unknown Object (File)
Sun, Oct 27, 2:44 PM
Unknown Object (File)
Tue, Oct 22, 9:05 PM
Unknown Object (File)
Fri, Oct 11, 9:00 AM
Unknown Object (File)
Thu, Oct 10, 12:29 AM
Unknown Object (File)
Oct 2 2024, 11:56 AM
Unknown Object (File)
Sep 29 2024, 3:30 PM
Unknown Object (File)
Sep 24 2024, 5:41 PM
Subscribers
Restricted Project

Details

Reviewers
mollekopf
Group Reviewers
Restricted Project
Commits
rK03fc36160e31: Single-Sign-On for Webmail
Summary

Return short living password as OIDC claim. Then Roundcube will use it as user password.

Note: This requires some upstream patches, so right now you can't test this with webmail.

Test Plan

./phpunit

Diff Detail

Repository
rK kolab
Branch
dev/oauth-otp-claim
Lint
Lint Skipped
Unit
No Test Coverage
Build Status
Buildable 48861
Build 18345: arc lint + arc unit

Event Timeline

machniak created this revision.

Looks nice and concise. It seems the alternative would be to request the access token via a protected api route, which I suppose would require more manual handling to make the token then available to the server and refresh it when necessary, so this seems like a good option.

src/config/openid.php
18

It's something custom so maybe it's just a "Kolab Access Token"?

This revision is now accepted and ready to land.Aug 29 2024, 12:18 PM
  • Show "Redirecting..." message before redirect
  • otp -> auth.token
This revision was automatically updated to reflect the committed changes.