From d0f2cfde31b655d3b577bb6c03c385e33188fac1 Mon Sep 17 00:00:00 2001
From: Sebastian Hugentobler <sebastian@vanwa.ch>
Date: Mon, 23 Aug 2021 00:05:44 +0200
Subject: [PATCH] oauth proxy auth

---
 rootfs/etc/confd/templates/auth-oauth2.conf.ext.tmpl    | 2 +-
 rootfs/etc/confd/templates/dovecot-oauth2.conf.ext.tmpl | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/rootfs/etc/confd/templates/auth-oauth2.conf.ext.tmpl b/rootfs/etc/confd/templates/auth-oauth2.conf.ext.tmpl
index 0e6f13e..d49a8fa 100644
--- a/rootfs/etc/confd/templates/auth-oauth2.conf.ext.tmpl
+++ b/rootfs/etc/confd/templates/auth-oauth2.conf.ext.tmpl
@@ -1,6 +1,6 @@
 passdb {
   driver = oauth2
-  mechanisms = xoauth2 oauthbearer
+  mechanisms = plain 
   args = /etc/dovecot/dovecot-oauth2.conf.ext
 }
 
diff --git a/rootfs/etc/confd/templates/dovecot-oauth2.conf.ext.tmpl b/rootfs/etc/confd/templates/dovecot-oauth2.conf.ext.tmpl
index ac41235..cc0a686 100644
--- a/rootfs/etc/confd/templates/dovecot-oauth2.conf.ext.tmpl
+++ b/rootfs/etc/confd/templates/dovecot-oauth2.conf.ext.tmpl
@@ -7,5 +7,5 @@ introspection_mode = {{ getenv "INTROSPECTION_MODE" "post" }}
 #force_introspection = yes
 username_attribute = email
 tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
-use_grant_password = no
-pass_attrs = pass=%{oauth2:access_token}
+use_grant_password = yes
+pass_attrs = host=127.0.0.1 proxy=y proxy_mech=xoauth2 pass=%{oauth2:access_token}