Feature request: Single Sign On (SSO) support

[ghost]

Use case

When selfhosting a number of services, having many different credentials does not make much sense and becomes cumbersome, so I use an SSO provider to login instead.

Your idea for a solution

Support SSO providers via Open ID Connect to login (and maybe signup?) to maddy.

• I'm willing to help with the implementation

[foxcpp]

Probably related: #169

[artooro]

I've been thinking of getting into self-hosting email again, and the main drawback is the lack of modern authentication with support for security keys and other 2nd factors.
OAuth2 would fix this, except that the ecosystem doesn't appear ready for it yet. Looking at https://wiki.mozilla.org/Thunderbird:Autoconfiguration:ConfigFileFormat they cite a lack of an open protocol to discover and establish a trust relationship with the OAuth2 server, as generally each client needs a key generated by the OAuth2 server.
OpenID does have the well-known protocol https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest but it does not seem to be supported by email clients currently.

Fastmail for an example supports OAuth2 on their servers, but requires each email client to specifically register with them.
https://www.fastmail.com/for-developers/oauth/

So as of today I don't see much of a path forward in regard to doing proper OIDC with third-party email clients.

If we were talking about a webmail client it would be a different story of course. And if I'm wrong that would be awesome 😄