Results 1 to 1 of 1

Thread: OAuthIMAP

  1. #1
    Join Date
    Oct 2009
    Location
    Tokyo
    Posts
    113
    Rep Power
    6

    Default OAuthIMAP

    Hi guys,

    I have been thinking a lot lately about how to implement OAuthIMAP(OAuthIMAP (Google OAuth & Federated Login Research)) in Zimbra with OAuth Provider Extension I post here(http://www.zimbra.com/forums/develop...-zcs6-0-a.html).

    And I think it could be implemented like the following:

    1. When IMAP AUTHENTICATE command with the mechanism parameter of "OAUTH" is received by Nginx(ZimbraProxy), the payload of that is decoded by base64 in Nginx like other SASL mechanism. And the decoded payload is sent to NginxLookupExtension.
    2. From the payload, the NginxLookupExtension identifies one ZimbraStore server on which the authenticated user has own mailbox and sends back the ZimbraStore server info to Nginx.
    3. Nginx does proxy the IMAP AUTHENTICATE command with the mechanism parameter of "OAUTH" to the ZimbraStore server.
    4. The ZimbraStore server receives the payload of the IMAP AUTHENTICATE command with the mechanism parameter of "OAUTH" and send http get request to OAuth Provider Extension for validation check of the OAuth Token included in the payload.


    (*)One obvious concern here is performance, because Nginx cannot use memcached to cache routing info for all OAuthIMAP sessions like SASL GSSAPI.

    How do you think about it?
    Let me know your concern about it or your ideas.

    Happy Hacking!!

    Yutaka Obuchi
    Last edited by yutaka; 05-07-2010 at 02:17 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •