Keep in mind that OAuth is an authorization protocol and not an authentication protocol. As such, I’d never consider it for and LDAP containing any sort of sensitive information.
// John Pfeifer Division of Information Technology University of Maryland, College Park
On Jun 30, 2023, at 5:30 AM, Pascal Jakobi pascal.jakobi@gmail.com wrote:
Hi there
I am reading at the moment RFC 7628 (SASL for OAuth). The idea is to extend usage of OAuth outside of the HTTP world. It has obviously been written with SMTP & IAMP in mind. It seems that it could be a very nice solution for authenticating web frontends accessing dir. servers (typically web based directory browsers). Correct if I am missing a point here, pls.
As far as I understand, OL does not support it (again, feel free to correct). Are there any plans to look into it ?
Best,
P