Replies: 2 comments 1 reply
-
Behind the scenes, it's all about how the client validates the tokens. Nevertheless, each app should have its own OAuth 2.0 client. Based your example, the Thunderbird app must check that the audience claim is |
Beta Was this translation helpful? Give feedback.
-
Thanks a lot @embesozzi . When you say " it's all about how the client validates the tokens", could you elaborate a bit on that? |
Beta Was this translation helpful? Give feedback.
-
Hi,
I always thought that when I authenticate with a client, the token obtained couldn't be used with another client. Hence things like token exchange were implemented.
But something is weird: My mail server is now configured to use oauth. it is connected to its client - let's call it dovecot.
I compiled Thunderbird to use oauth2 against my Keycloak instance. I got it configured to use a client called thunderbird. And it just works! Should it work? Shouldn't I configure Thunderbird to use the same client?
Best,
Francis
Beta Was this translation helpful? Give feedback.
All reactions