Archive-Team
/
docker-mailserver
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs: OAuth2 revision 

Minor update to this page:
- Links extracted to bottom of page as per convention.
- ENV file example converted to preferred `compose.yaml` ENV settings.
This commit is contained in:
polarathene 2024-07-15 15:16:50 +12:00
parent 2d86c3d9a1
commit 652c7967d0
1 changed files with 21 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
docs/content/config/account-management/supplementary/oauth2.md
View File

@ -20,34 +20,34 @@ The present OAuth2 support provides the capability for 3rd-party applications su
This example assumes you have already set up: This example assumes you have already set up:
- A working DMS server - A working DMS server
- An Authentik server ([documentation](https://goauthentik.io/docs/installation/)) - An Authentik server ([documentation][authentik::docs::install])
- A Roundcube server (either [docker](https://hub.docker.com/r/roundcube/roundcubemail/) or [bare metal](https://github.com/roundcube/roundcubemail/wiki/Installation)) - A Roundcube server ([docker image][roundcube::dockerhub-image] or [bare metal install][roundcube::docs::install])
!!! example "Setup Instructions" !!! example "Setup Instructions"
=== "1. Docker Mailserver" === "1. Docker Mailserver"
Edit the following values in `mailserver.env`:
```env Update your Docker Compose ENV config to include:
# -----------------------------------------------
# --- OAUTH2 Section ----------------------------
# -----------------------------------------------
# empty => OAUTH2 authentication is disabled ```env title="compose.yaml"
# 1 => OAUTH2 authentication is enabled services:
ENABLE_OAUTH2=1 mailserver:
env:
# Specify the user info endpoint URL of the oauth2 provider # Enable the feature:
OAUTH2_INTROSPECTION_URL=https://authentik.example.com/application/o/userinfo/ - ENABLE_OAUTH2=1
# Specify the user info endpoint URL of the oauth2 server for token inspection:
- OAUTH2_INTROSPECTION_URL=https://authentik.example.com/application/o/userinfo/
``` ```
=== "2. Authentik" === "2. Authentik"
1. Create a new OAuth2 provider
2. Note the client id and client secret 1. Create a new OAuth2 provider.
2. Note the client id and client secret. Roundcube will need this.
3. Set the allowed redirect url to the equivalent of `https://roundcube.example.com/index.php/login/oauth` for your RoundCube instance. 3. Set the allowed redirect url to the equivalent of `https://roundcube.example.com/index.php/login/oauth` for your RoundCube instance.
=== "3. Roundcube" === "3. Roundcube"
Add the following to `oauth2.inc.php` ([documentation](https://github.com/roundcube/roundcubemail/wiki/Configuration)):
Add the following to `oauth2.inc.php` ([documentation][roundcube::docs::config]):
```php ```php
$config['oauth_provider'] = 'generic'; $config['oauth_provider'] = 'generic';
@ -68,3 +68,8 @@ This example assumes you have already set up:
// Boolean: automatically redirect to OAuth login when opening Roundcube without a valid session // Boolean: automatically redirect to OAuth login when opening Roundcube without a valid session
$config['oauth_login_redirect'] = false; $config['oauth_login_redirect'] = false;
``` ```
[authentik::docs::install]: https://goauthentik.io/docs/installation/
[roundcube::dockerhub-image]: https://hub.docker.com/r/roundcube/roundcubemail
[roundcube::docs::install]: https://github.com/roundcube/roundcubemail/wiki/Installation
[roundcube::docs::config]: https://github.com/roundcube/roundcubemail/wiki/Configuration