e199ad57b7
* re-implement the auth-api service to authenticate Reva tokens following the OIDC Userinfo endpoint specification * pass the context where necessary and add an authenticator interface to the JMAP HTTP driver, in order to select between master authentication (which is used when GROUPWARE_JMAP_MASTER_USERNAME and GROUPWARE_JMAP_MASTER_PASSWORD are both set) and OIDC token forwarding through bearer auth * add Stalwart directory configuration "idmoidc" which uses the OpenCloud auth-api service API (/auth/) to validate the token it received as bearer auth from the Groupware backend's JMAP client, using it as an OIDC Userinfo endpoint * implement optional additional shared secret to secure the Userinfo service, as an additional path parameter
Server Backend
Tip
For general information about OpenCloud and how to install please visit OpenCloud on Github and OpenCloud GmbH.
This is the main repository of the OpenCloud server. It contains the golang codebase for the backend services.
Getting Involved
The OpenCloud server is released under Apache 2.0. The project is thrilled to receive contributions in all forms. Start hacking now, there are many ways to get involved such as:
- Reporting issues or bugs
- Requesting features
- Writing documentation
- Writing code or extend our tests
- Reviewing code
- Helping others in the community
Every contribution is meaningful and appreciated! Please refer to our Contribution Guidelines if you want to get started.
Build OpenCloud
To build the backend, follow these instructions:
Generate the assets needed by e.g., the web UI and the builtin IDP
make generate
Then compile the opencloud binary
make -C opencloud build
That will produce the binary opencloud/bin/opencloud. It can be started as a local test instance right away with a two step command:
opencloud/bin/opencloud init && opencloud/bin/opencloud server
This creates a server configuration (by default in $HOME/.opencloud) and starts the server.
For more setup- and installation options consult the Development Documentation.
Technology
Important information for contributors about the technology in use.
Authentication
The OpenCloud backend authenticates users via OpenID Connect using either an external IdP like Keycloak or the embedded LibreGraph Connect identity provider.
Database
The OpenCloud backend does not use a database. It stores all data in the filesystem. By default, the root directory of the backend is $HOME/.opencloud/.
Security
If you find a security-related issue, please contact security@opencloud.eu immediately.