natureshadow/user_identities_oidc

Populates a user's identities from their userinfo after OAuth/OIDC login

Maintainers

Details

codeberg.org/Natureshadow/roundcube-user_identities_oidc

Installs: 6

Dependents: 0

Suggesters: 0

Security: 0

Type:roundcube-plugin

1.0.2 2025-07-07 20:01 UTC

Requires

GPL-3.0-or-later 25bdf52626bc5095f00068f2ec51bee9718d2b8f

  • Tim Frost <git-public.woop@timfrost.de>
  • Dominik George <dominik.george.woop@teckids.org>

This package is not auto-updated.

Last update: 2025-07-08 15:35:12 UTC

README

This plugin synchronizes mail identities from information provided by the OpenID Connect / OAuth2 provider used for login.

Requirements

The OIDC provider must provide an array of user identity records under some claim, e.g.:

{
  "mail_identities": [
    {
      "name": "Kanga Roo",
      "email": "roo@kanga.example.com"
    }
  ]
}

Roundcube configuration

Roundcube must be configured for OAuth2 authentication with a known userinfo_endpoint (either explicitly, or from a discovery document). The OAuth scopes list must contain the scope allowing access to the mail identities claim, which also must be configured:

// Generic OAuth / OIDC configuration
$config['oauth_provider'] = 'generic';  
$config['oauth_provider_name'] = 'example';
$config['oauth_client_id'] = 'xxx';  
$config['oauth_client_secret'] = 'xxx';
$config['oauth_config_uri'] = 'https://example.com/.well-known/openid-configuration';

// Include the scope providing the mail_identities claim
$config['oauth_scope'] = 'openid mail_identities';

// Enable synchronization on login
$config['user_identities_oidc_onlogin'] = true;
$config['user_identities_oidc_claim'] = 'mail_identities';