Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[enhancement]: OAuth client authentication #1043

Open
1 task done
jip149 opened this issue Jan 2, 2025 · 8 comments
Open
1 task done

[enhancement]: OAuth client authentication #1043

jip149 opened this issue Jan 2, 2025 · 8 comments
Labels
enhancement New feature or request

Comments

@jip149
Copy link

jip149 commented Jan 2, 2025

Which feature or improvement would you like to request?

I'm trying to connect an oidc client using stalwart as oidc provider.

The client does not implement dynamic client registration, so I need to manually register an oauth client and get a client id and secret.

I tried adding an oauth client through the webui but I cannot get a secret for the oauth client. I also could not find a way to link an oauth client to an api key.

Is your feature request related to a problem?

I'm having a problem with...

Code of Conduct

  • I agree to follow this project's Code of Conduct
@jip149 jip149 added the enhancement New feature or request label Jan 2, 2025
@TheLonelinessOfHS
Copy link

Same question here!

@mdecimus
Copy link
Member

mdecimus commented Jan 6, 2025

I tried adding an oauth client through the webui but I cannot get a secret for the oauth client. I also could not find a way to link an oauth client to an api key.

You can create an API key that has permissions to register new OAuth Clients. But if you mean setting a client secret to authenticate users, this is not yet supported.

@TheLonelinessOfHS
Copy link

TheLonelinessOfHS commented Jan 6, 2025

I tried adding an oauth client through the webui but I cannot get a secret for the oauth client. I also could not find a way to link an oauth client to an api key.

You can create an API key that has permissions to register new OAuth Clients. But if you mean setting a client secret to authenticate users, this is not yet supported.

Thanks. Could you please support full oidc clients that comes with app id and secret if possible? This is an important feature that I believe many others also desperately want. In this way, self hosters can have identity management & Auth systems that use stalwart as oidc provider, such that the users of many other APPs (e.g. Nextcloud) can share a same set of credentials with the mail server (stalwart).

@mdecimus mdecimus changed the title [enhancement]: Manual registering of oauth clients [enhancement]: OAuth client authentication Jan 6, 2025
@mdecimus
Copy link
Member

mdecimus commented Jan 6, 2025

Could you please support full oidc clients that comes with app id and secret if possible?

Sure, just renamed the issue.

@TheLonelinessOfHS
Copy link

Could you please support full oidc clients that comes with app id and secret if possible?

Sure, just renamed the issue.

Awesome! Thanks so much!

@jip149
Copy link
Author

jip149 commented Jan 7, 2025

Not sure if these should be separate issues, but ideally for a perfect setup with stalwart-mail as oidc provider, it would be very useful to have:

  • documentation of available scopes and fields
  • groups and roles information
  • custom fields for accounts, groups, roles

@TheLonelinessOfHS
Copy link

Not sure if these should be separate issues, but ideally for a perfect setup with stalwart-mail as oidc provider, it would be very useful to have:

  • documentation of available scopes and fields
  • groups and roles information
  • custom fields for accounts, groups, roles

From my point of view, some of them are good. The others, like custom fields, should not be handled by stalwart which is a mail platform. Ideally, the user can use a dedicated identity provider like KeyCloak to handle this and use stalwart as a backend.

@jip149
Copy link
Author

jip149 commented Jan 12, 2025

From my point of view, some of them are good. The others, like custom fields, should not be handled by stalwart which is a mail platform. Ideally, the user can use a dedicated identity provider like KeyCloak to handle this and use stalwart as a backend.

Yes, you are most certainly right. The community edition doesn't allow to use a dedicated identity provider, hence my point. But that may not justify making stalwart a full-fledged identity provider.

The first two points would already be awesome for the community edition.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants