Dovecot xoauth2 login

Dockerfile

@@ -107,6 +107,13 @@ EOF
 
 COPY target/rspamd/local.d/ /etc/rspamd/local.d/
 
+# -----------------------------------------------
+# --- OAUTH2 ------------------------------------
+# -----------------------------------------------
+
+COPY target/dovecot/auth-oauth2.conf.ext /etc/dovecot/conf.d
+COPY target/dovecot/dovecot-oauth2.conf.ext /etc/dovecot
+
 # -----------------------------------------------
 # --- LDAP & SpamAssassin's Cron ----------------
 # -----------------------------------------------

mailserver.env

@@ -41,8 +41,8 @@ DMS_VMAIL_UID=
 DMS_VMAIL_GID=
 
 # **empty** => use FILE
+# OAUTH2 => use OAUTH2 authentication (unstable and unfinished)
 # LDAP => use LDAP authentication
-# OIDC => use OIDC authentication (not yet implemented)
 # FILE => use local files (this is used as the default)
 ACCOUNT_PROVISIONER=
 
@@ -419,6 +419,22 @@ ENABLE_GETMAIL=0
 # The number of minutes for the interval. Min: 1; Max: 30.
 GETMAIL_POLL=5
 
+# -----------------------------------------------
+# --- OAUTH2 Section ----------------------------
+# -----------------------------------------------
+
+# empty => verySecretId
+# Specify the OAuth2 client ID
+OAUTH2_CLIENT_ID=
+
+# empty => verySecretSecret
+# Specify the OAuth2 client secret
+OAUTH2_CLIENT_SECRET=
+
+# empty => https://oauth2.domain.com/user_info?token=
+# Specify the user info endpoint URL of the oauth2 provider
+OAUTH2_TOKENINFO_URL=
+
 # -----------------------------------------------
 # --- LDAP Section ------------------------------
 # -----------------------------------------------

target/dovecot/10-auth.conf

@@ -121,6 +121,7 @@ auth_mechanisms = plain login
 
 #!include auth-system.conf.ext
 #!include auth-sql.conf.ext
+#!include auth-oauth2.conf.ext
 #!include auth-ldap.conf.ext
 !include auth-passwdfile.inc
 #!include auth-checkpassword.conf.ext

target/dovecot/auth-oauth2.conf.ext

@@ -0,0 +1,12 @@
+auth_mechanisms = $auth_mechanisms oauthbearer xoauth2
+
+passdb {
+    driver = oauth2
+    mechanisms = xoauth2 oauthbearer
+    args = /etc/dovecot/dovecot-oauth2.conf.ext
+}
+
+userdb {
+  driver = static
+  args = uid=docker gid=docker home=/var/mail/%d/%u/home/
+}

target/dovecot/dovecot-oauth2.conf.ext

@@ -0,0 +1,3 @@
+client_id = verySecretId
+client_secret = verySecretSecret
+tokeninfo_url = https://oauth2.domain.com/user_info?token=

target/scripts/start-mailserver.sh

@@ -62,8 +62,9 @@ function _register_functions() {
       _register_setup_function '_setup_ldap'
       ;;
 
-    ( 'OIDC' )
+    ( 'OAUTH2' )
-      _dms_panic__fail_init 'OIDC user account provisioning - it is not yet implemented'
+      _environment_variables_oauth2
+      _register_setup_function '_setup_oauth2'
       ;;
 
     ( * )

target/scripts/startup/setup.d/oauth2.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+function _setup_oauth2() {
+  _log 'debug' 'Setting up OAUTH2'
+
+  sed -i -e '/\!include auth-oauth2\.conf\.ext/s/^#//' /etc/dovecot/conf.d/10-auth.conf
+  sed -i -e '/\!include auth-passwdfile\.inc/s/^/#/' /etc/dovecot/conf.d/10-auth.conf
+
+  _log 'trace' "Configuring Dovecot OAUTH2"
+
+  _replace_by_env_in_file 'OAUTH2_' '/etc/dovecot/dovecot-oauth2.conf.ext'
+
+  return 0
+}

target/scripts/startup/variables-stack.sh

@@ -151,6 +151,14 @@ function __environment_variables_general_setup() {
   VARS[UPDATE_CHECK_INTERVAL]="${UPDATE_CHECK_INTERVAL:=1d}"
 }
 
+function _environment_variables_oauth2() {
+  _log 'debug' 'Setting OAUTH2-related environment variables now'
+
+  VARS[OAUTH2_CLIENT_ID]="${OAUTH2_CLIENT_ID:=}"
+  VARS[OAUTH2_CLIENT_SECRET]="${OAUTH2_CLIENT_SECRET:=}"
+  VARS[OAUTH2_TOKENINFO_URL]="${OAUTH2_TOKENINFO_URL:=}"
+}
+
 # This function handles environment variables related to LDAP.
 # NOTE: SASLAuthd and Dovecot LDAP support inherit these common ENV.
 function _environment_variables_ldap() {