Skip to content

Commit b62dd58

Browse files
simonrobsimonrob
committed
Merge branch 'device-authorisation-grant'
Adds support for OAuth 2.0 device authorisation grant flow (RFC 8628) Co-authored by Aleksei Ilin (@a-ilin)
2 parents 2eb92d0 + ab0fbd3 commit b62dd58

File tree

2 files changed

+151
-49
lines changed

2 files changed

+151
-49
lines changed

emailproxy.config

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -155,6 +155,10 @@ documentation = Accounts are specified using your email address as the section h
155155
attempts before the first valid login, pre-encrypting account entries is highly recommended. See the example
156156
script at https://github.com/simonrob/email-oauth2-proxy/issues/61#issuecomment-1259110336.
157157

158+
- The proxy supports the device authorisation grant (DAG) OAuth 2.0 flow (RFC 8628), which may better suit headless
159+
systems. To use this flow, set `oauth2_flow = device`. With this flow, the proxy receives authorisation responses
160+
directly from the service provider, so no `redirect_uri` is needed. An example account configuration is given below.
161+
158162
Gmail customisation:
159163
- The proxy supports the use of service accounts with Gmail for Google Workspace (note: normal Gmail accounts do not
160164
support this method). To use this option, add an account entry as normal, but do not add a `permission_url` value
@@ -203,7 +207,7 @@ client_secret = *** your client secret here ***
203207
permission_url = https://login.microsoftonline.com/common/oauth2/v2.0/authorize
204208
token_url = https://login.microsoftonline.com/common/oauth2/v2.0/token
205209
oauth2_scope = https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send offline_access
206-
client_id = *** your client id here - note that as you are not the administrator of Hotmail.com / Outlook.com, you will need to reuse an existing client ID (see the proxy's readme) ***
210+
client_id = *** your client id here - note that as you are not the administrator of Hotmail.com / Outlook.com, you will likely need to reuse an existing client ID (see the proxy's readme) ***
207211
redirect_uri = https://localhost
208212

209213
[[email protected]]
@@ -230,6 +234,13 @@ redirect_uri = http://localhost
230234
client_id = *** your client id here - note that as new client registrations are not permitted for AOL, you will need to reuse an existing client ID (see the proxy's readme) ***
231235
client_secret = *** your client secret here ***
232236

237+
[[email protected]]
238+
permission_url = https://login.microsoftonline.com/common/oauth2/v2.0/devicecode
239+
token_url = https://login.microsoftonline.com/common/oauth2/v2.0/token
240+
oauth2_scope = https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send offline_access
241+
oauth2_flow = device
242+
client_id = *** your client id here ***
243+
233244
[[email protected]]
234245
documentation = *** note: this is an advanced O365 account example; in most cases you want the version above instead ***
235246
token_url = https://login.microsoftonline.com/*** your tenant id here ***/oauth2/v2.0/token

0 commit comments

Comments
 (0)