Thanks; I was eventually able to work through the myriad issues (this one was caused by not noticing that SOGo needs to be told to authenticate to Dovecot using XOAUTH2 using its `NGImap4AuthMechanism` setting, if anyone else should experience the same problem).
I wasn't able to get Dovecot XOAUTH2 to work with Authentik unless I dropped the `profile` scope from SOGo (even using the `dovecotprofile` scope recommended in the [Authentik RoundCube documentation](https://docs.goauthentik.io/integrations/services/roundcube/) didn't work). With either of those scopes in place Dovecot always got 401 errors from Authentik when invoking the `tokeninfo_url`. I was able to get it to work by having SOGo request tokens with `openid email` scopes. In any event, I was eventually able to get Authentik, Dovecot, and SOGo working together using OpenID/XOAUTH2 authentication. Thanks to everyone here for making a great mail server; it's served my family and I well for many years. _______________________________________________ dovecot mailing list -- [email protected] To unsubscribe send an email to [email protected]
