> On 24/06/2021 09:19 Tomas Habarta <[email protected]> wrote: > > > Hello, > > I have a working setup with Roundcube using OAuth2 -- introspection works > without any problem, unfortunately local validation does not as tokens are > missing "typ" header (seems that one is indeed optional per RFC7519 and > therefore not present in the implementation in place). > Is there any parameter to assert the token type or any other workaround to > make local validation work as it currently fails with: oauth2 failed: Local > validation failed: Cannot find 'typ' field. > > dovecot v2.3.15 > Roundcube 1.5beta > CentOS 8 > > > Thanks, regards > Tomas
Hi! The current dovecot oauth2 code requires that your tokens come with typ:jwt header. See https://datatracker.ietf.org/doc/html/rfc7519#section-5.1 Aki
