diff --git a/docs/content/config/advanced/auth-oauth2.md b/docs/content/config/advanced/auth-oauth2.md index d2d0dd6d..963a6c2c 100644 --- a/docs/content/config/advanced/auth-oauth2.md +++ b/docs/content/config/advanced/auth-oauth2.md @@ -25,12 +25,7 @@ This example assumes you have: !!! example "Setup Instructions" - === "1. Authentik" - 1. Create a new OAuth2 provider - 2. Note the client id and client secret - 3. Set the allowed redirect url to the equivalent of `https://roundcube.example.com/index.php/login/oauth` for your RoundCube instance. - - === "2. Docker Mailserver" + === "1. Docker Mailserver" Edit the following values in `mailserver.env`: ```env # ----------------------------------------------- @@ -41,19 +36,15 @@ This example assumes you have: # 1 => OAUTH2 authentication is enabled ENABLE_OAUTH2=1 - # empty => verySecretId - # Specify the OAuth2 client ID - OAUTH2_CLIENT_ID= - - # empty => verySecretSecret - # Specify the OAuth2 client secret - OAUTH2_CLIENT_SECRET= - - # empty => https://oauth2.example.com/userinfo/ # Specify the user info endpoint URL of the oauth2 provider OAUTH2_INTROSPECTION_URL=https://authentik.example.com/application/o/userinfo/ ``` + === "2. Authentik" + 1. Create a new OAuth2 provider + 2. Note the client id and client secret + 3. Set the allowed redirect url to the equivalent of `https://roundcube.example.com/index.php/login/oauth` for your RoundCube instance. + === "3. Roundcube" Add the following to `oauth2.inc.php` ([documentation](https://github.com/roundcube/roundcubemail/wiki/Configuration)): diff --git a/docs/content/config/environment.md b/docs/content/config/environment.md index 08fd8d40..93ec559a 100644 --- a/docs/content/config/environment.md +++ b/docs/content/config/environment.md @@ -613,14 +613,6 @@ Enable or disable `getmail`. - **empty** => OAUTH2 authentication is disabled - 1 => OAUTH2 authentication is enabled -##### OAUTH2_CLIENT_ID - -- => Specify the OAuth2 client ID - -##### OAUTH2_CLIENT_SECRET - -- => Specify the OAuth2 client secret - ##### OAUTH2_INTROSPECTION_URL - => Specify the user info endpoint URL of the oauth2 provider. E.g. `https://oauth2.example.com/userinfo/`, where the trailing slash is MANDATORY (at least for Authentik) diff --git a/mailserver.env b/mailserver.env index 80b568f1..c9b3ddd3 100644 --- a/mailserver.env +++ b/mailserver.env @@ -426,15 +426,6 @@ GETMAIL_POLL=5 # 1 => OAUTH2 authentication is enabled ENABLE_OAUTH2= -# empty => verySecretId -# Specify the OAuth2 client ID -OAUTH2_CLIENT_ID= - -# empty => verySecretSecret -# Specify the OAuth2 client secret -OAUTH2_CLIENT_SECRET= - -# empty => https://oauth2.example.com/userinfo/ # Specify the user info endpoint URL of the oauth2 provider. The trailing slash is MANDATORY (at least for Authentik) OAUTH2_INTROSPECTION_URL= diff --git a/target/dovecot/dovecot-oauth2.conf.ext b/target/dovecot/dovecot-oauth2.conf.ext index 6b25c49e..b93f5208 100644 --- a/target/dovecot/dovecot-oauth2.conf.ext +++ b/target/dovecot/dovecot-oauth2.conf.ext @@ -1,3 +1 @@ -client_id = -client_secret = introspection_url = diff --git a/target/scripts/startup/variables-stack.sh b/target/scripts/startup/variables-stack.sh index 812db7e5..fc38a39d 100644 --- a/target/scripts/startup/variables-stack.sh +++ b/target/scripts/startup/variables-stack.sh @@ -154,8 +154,6 @@ function __environment_variables_general_setup() { function _environment_variables_oauth2() { _log 'debug' 'Setting OAUTH2-related environment variables now' - VARS[OAUTH2_CLIENT_ID]="${OAUTH2_CLIENT_ID:=}" - VARS[OAUTH2_CLIENT_SECRET]="${OAUTH2_CLIENT_SECRET:=}" VARS[OAUTH2_INTROSPECTION_URL]="${OAUTH2_INTROSPECTION_URL:=}" } diff --git a/test/tests/serial/mail_with_oauth2.bats b/test/tests/serial/mail_with_oauth2.bats index 2769aed5..d9f6310e 100644 --- a/test/tests/serial/mail_with_oauth2.bats +++ b/test/tests/serial/mail_with_oauth2.bats @@ -32,8 +32,6 @@ function setup_file() { # Add OAUTH2 configuration so that Dovecot can reach out to our mock provider (CONTAINER2) local ENV_OAUTH2_CONFIG=( --env ENABLE_OAUTH2=1 - --env OAUTH2_CLIENT_ID=mailserver - --env OAUTH2_CLIENT_SECRET=ah_yes___secret --env OAUTH2_INTROSPECTION_URL=http://oauth2.example.test/ )