PIZAUTH.CONF(5) File Formats Manual PIZAUTH.CONF(5)

pizauth.confpizauth configuration file

pizauth.conf is the configuration file for pizauth(1).

The top-level options are:

"shell-cmd";
specifies a shell command to be run via ‘$SHELL -c’ when an error has occurred when authenticating an account. Two special environment variables are set: $PIZAUTH_ACCOUNT is set to the account name; is set to the error message. Defaults to logging via syslog(3) if not specified.
"shell-cmd";
specifies a shell command to be run via ‘$SHELL -c’ when an account needs to be authenticated. Two special environment variables are set: $PIZAUTH_ACCOUNT is set to the account name; is set to the URL required to authorise the account. Optional.
time;
specifies the gap between reminders to the user of authentication requests. Defaults to 15 minutes if not specified.
"";
specifies the address for the pizauth(1) HTTP server to listen on. Defaults to "127.0.0.1:0".
time;
specifies the gap before an incomplete (e.g. due to network errors) refresh request will be retried. Note that setting does not apply to refresh requests which return an error: such requests are complete. Defaults to 40 seconds if not specified.
"ID" {
specifies an OAuth account named ID.

An ‘account’ block supports the following options:

"URI";
where URI is a URI specifying the OAuth2 server's authentication URI. Mandatory.
"ID";
specifies the OAuth2 client ID (i.e. the identifier of the client software). Mandatory.
"";
specifies the OAuth2 client secret (similar to the client_id). Optional.
"";
is used by the authentication server to help the user understand which account they are authenticating. Typically a username or email address. Optional.
"URI";
where URI is a URI specifying the OAuth2 server's redirection URI. Defaults to "http://localhost/" if not specified.
time;
specifies how far in advance an access token should be refreshed before it expires. Defaults to 90 seconds if not specified.
time;
specifies the maximum period of time before an access token will be forcibly refreshed. Defaults to 90 minutes if not specified.
["Scope 1", ..., "Scope n"];
specifies one or more OAuth2 scopes (i.e. "permissions") that access tokens will give you permission to utilise. Mandatory.
"URI";
is a URI specifying the OAuth2 server's token URI. Mandatory.

Times can be specified as where the suffixes mean (in order): seconds, minutes, hours, days. For example, means 90 seconds and means 5 minutes.

An example pizauth.conf file for accessing IMAP and SMTP services in Office365, notifying the user of authorisation requests via pizauth(1) (and escaping '&' characters which XFCE's notification daemon fails to parse) is as follows:

account "officesmtp" {
    auth_uri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
    token_uri = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
    client_id = "..."; // Fill in with your Client ID
    client_secret = "..."; // Fill in with your Client secret
    scopes = [
      "https://outlook.office365.com/IMAP.AccessAsUser.All",
      "https://outlook.office365.com/SMTP.Send",
      "offline_access"
    ];
    // You don't have to specify login_hint, but it does make
    // authentication a little easier.
    login_hint = "email@example.com";
}

pizauth(1)

https://tratt.net/laurie/src/pizauth/

pizauth(1) was written by Laurence Tratt https://tratt.net/laurie/

September 13, 2022 OpenBSD 7.2