Skip to content

Commit

Permalink
Merge branch 'main' into build
Browse files Browse the repository at this point in the history
  • Loading branch information
simonrob committed May 25, 2024
2 parents 30e80a2 + c96efdb commit 816f73c
Show file tree
Hide file tree
Showing 7 changed files with 121 additions and 41 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/pyinstaller.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ jobs:

steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
- uses: actions/setup-python@v5
with:
python-version: '3.x'

Expand Down Expand Up @@ -73,7 +73,7 @@ jobs:
filename: emailproxy-${{ needs.get_tag.outputs.output }}_pyinstaller-${{ runner.os }}.zip

# append the zip to the latest release
- uses: xresloader/upload-to-github-release@v1.3.12
- uses: xresloader/upload-to-github-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/pypi.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:

steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
- uses: actions/setup-python@v5
with:
python-version: '3.x'

Expand All @@ -24,7 +24,7 @@ jobs:
python -m pip install build
python -m build
- uses: actions/upload-artifact@v3
- uses: actions/upload-artifact@v4
with:
name: python-package-distributions
path: dist/
Expand All @@ -38,7 +38,7 @@ jobs:
url: https://pypi.org/p/emailproxy

steps:
- uses: actions/download-artifact@v3
- uses: actions/download-artifact@v4
with:
name: python-package-distributions
path: dist/
Expand All @@ -50,14 +50,14 @@ jobs:
skip-existing: true # avoid failing when repeating this action

# sign the built packages
- uses: sigstore/gh-action-sigstore-python@v1.2.3
- uses: sigstore/gh-action-sigstore-python@v2
with:
inputs: >-
./dist/*.tar.gz
./dist/*.whl
# append the built packages to the latest release
- uses: xresloader/upload-to-github-release@v1.3.12
- uses: xresloader/upload-to-github-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand Down
7 changes: 4 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -69,13 +69,13 @@ In all cases, when registering, make sure your client is set up to use an OAuth
It is also highly recommended to use a scope that will grant "offline" access (i.e., a way to [refresh the OAuth 2.0 authentication token](https://oauth.net/2/refresh-tokens/) without user intervention).
The [sample configuration file](https://github.com/simonrob/email-oauth2-proxy/blob/main/emailproxy.config) provides example scope values for several common providers.

- Office 365: register a new [Microsoft identity application](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app)
- Office 365: register a new [Microsoft identity application](https://learn.microsoft.com/entra/identity-platform/quickstart-register-app)
- Gmail / Google Workspace: register a [Google API desktop app client](https://developers.google.com/identity/protocols/oauth2/native-app)
- AOL and Yahoo Mail (and subproviders such as AT&T) are not currently allowing new client registrations with the OAuth email scope – the only option here is to reuse the credentials from an existing client that does have this permission.

The proxy supports [Google Cloud service accounts](https://cloud.google.com/iam/docs/service-account-overview) for access to Google Workspace Gmail.
It also supports the [client credentials grant (CCG)](https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-client-creds-grant-flow) and [resource owner password credentials grant (ROPCG)](https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth-ropc) OAuth 2.0 flows.
Please note that currently only Office 365 is known to support the CCG and ROPCG methods.
It also supports the [client credentials grant (CCG)](https://learn.microsoft.com/entra/identity-platform/v2-oauth2-client-creds-grant-flow) and [resource owner password credentials grant (ROPCG)](https://learn.microsoft.com/entra/identity-platform/v2-oauth-ropc) OAuth 2.0 flows, and [certificate credentials (JWT)](https://learn.microsoft.com/entra/identity-platform/certificate-credentials).
Please note that currently only Office 365 is known to support the CCG, ROPCG and certificate credentials methods.
See the [sample configuration file](https://github.com/simonrob/email-oauth2-proxy/blob/main/emailproxy.config) for further details.


Expand Down Expand Up @@ -115,6 +115,7 @@ This option overrides the proxy's default behaviour, which varies by platform (s

- `--debug` enables debug mode, printing more verbose output to the log as [discussed below](#troubleshooting).
This argument is identical to enabling debug mode from the proxy's menu bar icon.
If needed, debug mode can also be toggled at runtime by sending the signal `SIGUSR1` (e.g.: `pkill -SIGUSR1 -f emailproxy`).

### Advanced configuration<a id="advanced-configuration"></a>
The [example configuration file](https://github.com/simonrob/email-oauth2-proxy/blob/main/emailproxy.config) contains further documentation for various additional features of the proxy, including catch-all (wildcard) accounts, locally-encrypted connections and advanced Office 365 OAuth 2.0 flows.
Expand Down
4 changes: 4 additions & 0 deletions emailproxy.config
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,10 @@ documentation = Accounts are specified using your email address as the section h
- It is possible to create Office 365 clients that do not require a secret to be sent. If this is the case for your
setup, delete the `client_secret` line from your account's configuration entry (do not leave the default value).

- To use O365 certificate credentials instead of a client secret, delete the `client_secret` line and instead
provide a `jwt_certificate_path` (e.g., /path/to/certificate.pem) and `jwt_key_path` (e.g., /path/to/key.pem).
Further documentation and examples can be found at https://github.com/simonrob/email-oauth2-proxy/pull/247.

- The proxy supports the client credentials grant (CCG) and resource owner password credentials grant (ROPCG) OAuth
2.0 flows (both currently only known to be available for Office 365). To use either of these flows, add an account
entry as normal, but do not add a `permission_url` value (it does not apply, and its absence signals to the proxy to
Expand Down
Loading

0 comments on commit 816f73c

Please sign in to comment.