Problem / Motivation
I use OIDC with the webmail version.
I would like to continue with mobile version.
So that, I could disable app passwords / basic authentication.
Proposed Solution
The solution can't be exactly the same than with the webmail version. There's no environment variables available.
I suggest to:
- check the well-known (.well-known/openid-configuration or .well-known/oauth-authorization-server), with jmap server url as base.
- enable the SSO button if the configuration is accessible
- use as client_id "bulwarkmail-android", no client_secret
- use as the scope: openid offlience_access
- use as recirect uri: bulwarkmobile://oauth-callback (to adapt)
- use PKCE
It implies that stalwart (or other IDP) pre-register a client with the right client_id and redirect_url.
Alternatives Considered
Another alternatives is to add the options in the login form, maybe in a collapse section:
- Issuer url
- client id
- client secret (optional)
Another alternative could be the dynamic client registration. But, it requires to activate anonymous resigstration or to provide authentitcaion way to authentication the client before its registration: no ideal.
Feature Area
Authentication / Security
Mockups / Examples
No response
Additional Context
No response
Problem / Motivation
I use OIDC with the webmail version.
I would like to continue with mobile version.
So that, I could disable app passwords / basic authentication.
Proposed Solution
The solution can't be exactly the same than with the webmail version. There's no environment variables available.
I suggest to:
It implies that stalwart (or other IDP) pre-register a client with the right client_id and redirect_url.
Alternatives Considered
Another alternatives is to add the options in the login form, maybe in a collapse section:
Another alternative could be the dynamic client registration. But, it requires to activate anonymous resigstration or to provide authentitcaion way to authentication the client before its registration: no ideal.
Feature Area
Authentication / Security
Mockups / Examples
No response
Additional Context
No response