Hello,
Firstly, thanks for maintaining identity_switch. I’m trying to use it in my RoundCube setup and ran into an authentication issue when switching identities that use different IMAP auth mechanisms.
My RoundCube is configured to authenticate to the primary IMAP server with OAuth2 per the [RoundCube OAuth2 configuration](RoundCube OAuth2 configuration: https://github.com/roundcube/roundcubemail/wiki/Configuration:-OAuth2). When I add a second identity in identity_switch and configure it to use a different mail server (which does not support XOAUTH2), switching to that identity produces this error from the IMAP server:
AUTHENTICATE XOAUTH2: A0001 NO [ALERT] Unsupported authentication mechanism.
From my debugging it appears RoundCube is trying to authenticate to the second server using XOAUTH2 (the global auth_type is still set to OAUTH), while the identity’s username/password are applied.
In short: the plugin replaces the login but does not change the IMAP authentication mechanism used for the connection.
Expected behavior
It should be possible to authenticate to different IMAP servers with different mechanisms while in the same RoundCube session. For example:
Primary/global account authenticates with auth_type = OAUTH (XOAUTH2).
Secondary identity authenticates with auth_type = CHECK (or PLAIN/AUTHENTICATE LOGIN) using its stored username/password.
Switching identities should cause RoundCube to use the appropriate auth_type for the target server/identity.
Proposed solution
Add a per-identity authentication type option. Implementation details could be:
- Add an optional setting on each identity (e.g., auth_type) which, if set, overrides RoundCube’s global config for the connection created when switching.
- Valid values should match RoundCube’s supported auth types (e.g., OAUTH, CHECK, PLAIN, LOGIN, etc.). You can reference RoundCube’s list in rcube_imap_generic.php#L969.
- Expose the field in the plugin settings UI when creating/editing an identity, with a dropdown of allowed auth types.
- Default to “inherit global” so existing users are unaffected.
- If OAUTH is selected for an identity, ensure any additional options required to authenticate (token storage, client_id/secret selection, redirect info) are available.
This change would also likely addresses issue #59
In that issue, there's a question of an IMAP server which supports OAuth.
One such server is Stalwart.
It's open-source, fairly easy to setup and the OAuth setup seems straightforward.
Environment
- RoundCube: 1.7-rc4
- identity_switch: 2.0.21
If there's anything not clear with this issue, or if there's some additional debugging or setup required to address this, I would be glad to help.
Thanks again for maintaining this plugin.
Best regards,
Miłosz Żegota
Hello,
Firstly, thanks for maintaining identity_switch. I’m trying to use it in my RoundCube setup and ran into an authentication issue when switching identities that use different IMAP auth mechanisms.
My RoundCube is configured to authenticate to the primary IMAP server with OAuth2 per the [RoundCube OAuth2 configuration](RoundCube OAuth2 configuration: https://github.com/roundcube/roundcubemail/wiki/Configuration:-OAuth2). When I add a second identity in identity_switch and configure it to use a different mail server (which does not support XOAUTH2), switching to that identity produces this error from the IMAP server:
From my debugging it appears RoundCube is trying to authenticate to the second server using XOAUTH2 (the global auth_type is still set to OAUTH), while the identity’s username/password are applied.
In short: the plugin replaces the login but does not change the IMAP authentication mechanism used for the connection.
Expected behavior
It should be possible to authenticate to different IMAP servers with different mechanisms while in the same RoundCube session. For example:
Switching identities should cause RoundCube to use the appropriate auth_type for the target server/identity.
Proposed solution
Add a per-identity authentication type option. Implementation details could be:
This change would also likely addresses issue #59
In that issue, there's a question of an IMAP server which supports OAuth.
One such server is Stalwart.
It's open-source, fairly easy to setup and the OAuth setup seems straightforward.
Environment
If there's anything not clear with this issue, or if there's some additional debugging or setup required to address this, I would be glad to help.
Thanks again for maintaining this plugin.
Best regards,
Miłosz Żegota