foxcpp
commented
1 year ago Probably related: #169
Open ghost opened 1 year ago
foxcpp
commented
1 year ago Probably related: #169
artooro
commented
6 months ago I've been thinking of getting into self-hosting email again, and the main drawback is the lack of modern authentication with support for security keys and other 2nd factors. OAuth2 would fix this, except that the ecosystem doesn't appear ready for it yet. Looking at https://wiki.mozilla.org/Thunderbird:Autoconfiguration:ConfigFileFormat they cite a lack of an open protocol to discover and establish a trust relationship with the OAuth2 server, as generally each client needs a key generated by the OAuth2 server. OpenID does have the well-known protocol https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest but it does not seem to be supported by email clients currently.
Fastmail for an example supports OAuth2 on their servers, but requires each email client to specifically register with them. https://www.fastmail.com/for-developers/oauth/
So as of today I don't see much of a path forward in regard to doing proper OIDC with third-party email clients.
If we were talking about a webmail client it would be a different story of course. And if I'm wrong that would be awesome 😄
Use case
When selfhosting a number of services, having many different credentials does not make much sense and becomes cumbersome, so I use an SSO provider to login instead.
Your idea for a solution
Support SSO providers via Open ID Connect to login (and maybe signup?) to maddy.