-
-
Notifications
You must be signed in to change notification settings - Fork 101
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'device-authorisation-grant'
Adds support for OAuth 2.0 device authorisation grant flow (RFC 8628) Co-authored by Aleksei Ilin (@a-ilin)
- Loading branch information
Showing
2 changed files
with
151 additions
and
49 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -155,6 +155,10 @@ documentation = Accounts are specified using your email address as the section h | |
attempts before the first valid login, pre-encrypting account entries is highly recommended. See the example | ||
script at https://github.com/simonrob/email-oauth2-proxy/issues/61#issuecomment-1259110336. | ||
|
||
- The proxy supports the device authorisation grant (DAG) OAuth 2.0 flow (RFC 8628), which may better suit headless | ||
systems. To use this flow, set `oauth2_flow = device`. With this flow, the proxy receives authorisation responses | ||
directly from the service provider, so no `redirect_uri` is needed. An example account configuration is given below. | ||
|
||
Gmail customisation: | ||
- The proxy supports the use of service accounts with Gmail for Google Workspace (note: normal Gmail accounts do not | ||
support this method). To use this option, add an account entry as normal, but do not add a `permission_url` value | ||
|
@@ -203,7 +207,7 @@ client_secret = *** your client secret here *** | |
permission_url = https://login.microsoftonline.com/common/oauth2/v2.0/authorize | ||
token_url = https://login.microsoftonline.com/common/oauth2/v2.0/token | ||
oauth2_scope = https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send offline_access | ||
client_id = *** your client id here - note that as you are not the administrator of Hotmail.com / Outlook.com, you will need to reuse an existing client ID (see the proxy's readme) *** | ||
client_id = *** your client id here - note that as you are not the administrator of Hotmail.com / Outlook.com, you will likely need to reuse an existing client ID (see the proxy's readme) *** | ||
redirect_uri = https://localhost | ||
|
||
[[email protected]] | ||
|
@@ -230,6 +234,13 @@ redirect_uri = http://localhost | |
client_id = *** your client id here - note that as new client registrations are not permitted for AOL, you will need to reuse an existing client ID (see the proxy's readme) *** | ||
client_secret = *** your client secret here *** | ||
|
||
[[email protected]] | ||
permission_url = https://login.microsoftonline.com/common/oauth2/v2.0/devicecode | ||
token_url = https://login.microsoftonline.com/common/oauth2/v2.0/token | ||
oauth2_scope = https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send offline_access | ||
oauth2_flow = device | ||
client_id = *** your client id here *** | ||
|
||
[[email protected]] | ||
documentation = *** note: this is an advanced O365 account example; in most cases you want the version above instead *** | ||
token_url = https://login.microsoftonline.com/*** your tenant id here ***/oauth2/v2.0/token | ||
|
Oops, something went wrong.