Skip to content

Commit

Permalink
Merge branch 'device-authorisation-grant'
Browse files Browse the repository at this point in the history
Adds support for OAuth 2.0 device authorisation grant flow (RFC 8628)
Co-authored by Aleksei Ilin  (@a-ilin)
  • Loading branch information
simonrob committed Nov 11, 2024
2 parents 2eb92d0 + ab0fbd3 commit b62dd58
Show file tree
Hide file tree
Showing 2 changed files with 151 additions and 49 deletions.
13 changes: 12 additions & 1 deletion emailproxy.config
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,10 @@ documentation = Accounts are specified using your email address as the section h
attempts before the first valid login, pre-encrypting account entries is highly recommended. See the example
script at https://github.com/simonrob/email-oauth2-proxy/issues/61#issuecomment-1259110336.

- The proxy supports the device authorisation grant (DAG) OAuth 2.0 flow (RFC 8628), which may better suit headless
systems. To use this flow, set `oauth2_flow = device`. With this flow, the proxy receives authorisation responses
directly from the service provider, so no `redirect_uri` is needed. An example account configuration is given below.

Gmail customisation:
- The proxy supports the use of service accounts with Gmail for Google Workspace (note: normal Gmail accounts do not
support this method). To use this option, add an account entry as normal, but do not add a `permission_url` value
Expand Down Expand Up @@ -203,7 +207,7 @@ client_secret = *** your client secret here ***
permission_url = https://login.microsoftonline.com/common/oauth2/v2.0/authorize
token_url = https://login.microsoftonline.com/common/oauth2/v2.0/token
oauth2_scope = https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send offline_access
client_id = *** your client id here - note that as you are not the administrator of Hotmail.com / Outlook.com, you will need to reuse an existing client ID (see the proxy's readme) ***
client_id = *** your client id here - note that as you are not the administrator of Hotmail.com / Outlook.com, you will likely need to reuse an existing client ID (see the proxy's readme) ***
redirect_uri = https://localhost

[your.email@gmail.com]
Expand All @@ -230,6 +234,13 @@ redirect_uri = http://localhost
client_id = *** your client id here - note that as new client registrations are not permitted for AOL, you will need to reuse an existing client ID (see the proxy's readme) ***
client_secret = *** your client secret here ***

[dag.flow.configured.address@outlook.com]
permission_url = https://login.microsoftonline.com/common/oauth2/v2.0/devicecode
token_url = https://login.microsoftonline.com/common/oauth2/v2.0/token
oauth2_scope = https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send offline_access
oauth2_flow = device
client_id = *** your client id here ***

[ccg.flow.configured.address@your-tenant.com]
documentation = *** note: this is an advanced O365 account example; in most cases you want the version above instead ***
token_url = https://login.microsoftonline.com/*** your tenant id here ***/oauth2/v2.0/token
Expand Down
Loading

0 comments on commit b62dd58

Please sign in to comment.