Hello Team,
I am working on project where I need to test cyrus-imap mail server with oauth login. My cyrus-imap server is working fine with sasl username and password login. I have tested it with Thunderbird and Roundcube client.
Now I i need to test it with Google oauth.
Server Domain Name: abc.promobi.tech
User Mail ID Domain
[email protected] (Google Client ID and Secret ID created for this)
`imapd.conf`
root@cyrus-mail:/var/log/nginx# cat /etc/imapd.conf
# Cyrus IMAP Configuration for cyrus.promobi.tech
configdirectory: /var/lib/cyrus
partition-default: /var/spool/cyrus/mail
admins: cyrus@cyrus-mail [email protected]
sievedir: /var/spool/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
#allowplaintext: no
# SSL/TLS Configuration
# SSL/TLS Configuration (Updated paths)
tls_server_cert: /etc/cyrus/ssl/fullchain.pem
tls_server_key: /etc/cyrus/ssl/privkey.pem
tls_client_ca_file: /etc/cyrus/ssl/chain.pem
# SASL Configuration (Virtual Users with sasldb)
sasl_pwcheck_method: auxprop oauth2
sasl_auxprop_plugin: sasldb oauth2
#sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
#sasl_mech_list: oauthbearer xoauth2 plain login
sasl_auto_transition: no
virtdomains: on
sasl_default_realm: promobitech.com
servername: promobitech.com
sasl_realm: promobitech.com
# Allow cross-realm authentication for local server
sasl_minimum_layer: 0
allowplaintext: yes
# Only allow plain text from localhost
tcp_keepalive: 1
sasl_mech_list: XOAUTH2 PLAIN LOGIN
sasl_oauth2_discovery_url: https://accounts.google.com/.well-known/openid-configuration
sasl_oauth2_client_id: abc
sasl_oauth2_client_secret: abc
sasl_oauth2_redirect_uri: https://abc.promobi.tech/roundcube/?_task=login
sasl_oauth2_scope: openid profile email
sasl_oauth2_audience: 328667475191-g8hr7raiqh834ge6t15ongdcqiru62sq.apps.googleusercontent.com
sasl_oauth2_token_endpoint: https://oauth2.googleapis.com/token
sasl_oauth2_userinfo_endpoint: https://www.googleapis.com/oauth2/v2/userinfo
sasl_oauth2_introspection_endpoint: https://oauth2.googleapis.com/tokeninfo
sasl_oauth2_use_introspection: yes
sasl_oauth2_user_claim: email
sasl_oauth2_username_attribute: email
# Performance and Security
lmtp_over_quota_perm_failure: 1
duplicatesuppression: 1
autocreate_quota: 100000
reject8bit: no
munge8bit: no
defaultdomain: promobitech.com
sasl_log_level: 7
`Cyrus.conf`
root@cyrus-mail:/var/log/nginx# cat /etc/sasl2/Cyrus.conf
#pwcheck_method: auxprop
#auxprop_plugin: sasldb
#mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
#sasldb_path: /etc/sasldb2
#log_level: 3
#auto_transition: no
pwcheck_method: auxprop oauth2
auxprop_plugin: sasldb oauth2
mech_list: XOAUTH2 PLAIN LOGIN
oauth2_discovery_url: https://accounts.google.com/.well-known/openid-configuration
oauth2_client_id: abc
oauth2_client_secret: abc
oauth2_redirect_uri: https://abc.promobi.tech/roundcube/?_task=login
oauth2_scope: openid profile email
oauth2_audience: 328667475191-g8hr7raiqh834ge6t15ongdcqiru62sq.apps.googleusercontent.com
log_level: 7
oauth2_token_endpoint: https://oauth2.googleapis.com/token
oauth2_userinfo_endpoint: https://www.googleapis.com/oauth2/v2/userinfo
oauth2_introspection_endpoint: https://oauth2.googleapis.com/tokeninfo
oauth2_validate_endpoint: https://www.googleapis.com/oauth2/v1/tokeninfo
oauth2_use_introspection: yes
oauth2_user_claim: email
oauth2_username_attribute: email
Config fot oauth for roundcube `/var/www/html/roundcube/config/config.inc.php file`
// OAuth2 Configuration for Google
$config['oauth_provider'] = 'google';
$config['oauth_provider_name'] = 'Google';
$config['oauth_client_id'] = "abc";
$config['oauth_client_secret'] = "abc";
$config['oauth_auth_uri'] = "https://accounts.google.com/o/oauth2/auth";
$config['oauth_token_uri'] = "https://oauth2.googleapis.com/token";
$config['oauth_identity_uri'] = 'https://www.googleapis.com/oauth2/v1/userinfo';
$config['oauth_scope'] = "email profile openid";
$config['oauth_auth_parameters'] = ['access_type' => 'offline', 'prompt' => 'consent'];
$config['oauth_login_redirect'] = true;
Error during login: Please refer the attached screenshot.
Can you please point help me?