====== OAuth 2.0 SSO ======

Current considered solution is [[https://github.com/authelia/authelia|Authelia]]. Alternatively, Nextcloud seems to embed an identity provider starting from NC 14.

TODO: check whether the Nextcloud IDP exists and its capabilities

According to the documentation, it can be deployed either over bare metal (good, since we use LXCs), or over K8s.

The documentation references multiple deployment scenarios:
  * [[https://www.authelia.com/docs/getting-started|Local]]
  * [[https://www.authelia.com/docs/deployment/deployment-lite|Lite]]
  * [[https://www.authelia.com/docs/deployment/deployment-ha|Full (with HA)]]

===== Using Oauth2 for MX authentication =====


[[https://doc.dovecot.org/configuration_manual/authentication/oauth2/|Open Authentication v2.0 database - Dovecot]]

[[https://documentation.open-xchange.com/7.10.2/middleware/mail/dovecot/oauth_2.0_with_postfix_and_dovecot.html]]

Roundcube supports the XOAUTH2 mechanism starting from version 1.5

[[https://github.com/roundcube/roundcubemail/wiki/Configuration:-OAuth2|Configuring Roundcube to use Oauth2]]

===== Other applications =====
==== Dokuwiki ====

A maintained plugin exists ([[https://www.dokuwiki.org/plugin:oauth]]).

TODO: test the configuration and paste a sample here

==== Apache2 ====

An Apache module is available in the Debian repositories, starting from Debian Jessie.

[[https://packages.debian.org/sid/libapache2-mod-auth-openidc]]

[[https://github.com/zmartzone/mod_auth_openidc]]

TODO: test the configuration and paste a sample here