Integrations

Although Userli is primarily meant to be used as a backend and user self-service for a Mail service such as Dovecot, it provices a few optional APIs for integration with other services:

Keycloak

Userli provides an API at /api/keycloak/ for user lookup and verification by a custom Keycloak Provider. See the KeyCloak User Provider for Userli for reference.

Following env vars need to be set:

KEYCLOAK_API_ENABLED=true
# Access is restricted to these IPs (supports subnets like `10.0.0.1/24`)
KEYCLOAK_API_IP_ALLOWLIST="127.0.0.1, ::1"
KEYCLOAK_API_ACCESS_TOKEN="replace-me-with-a-secure-token"

Retention

Each time a user is authenticated - regardless if via classic login or via the Keycloak or Dovecot APIs - the last login time of the user is updated.

Some services do not re-authenticate clients on every use, but rather generate long-lived token once, which can cause problems: If one wants to delete users after a certain limit, the timestamp of the last login might not reflect the actual last usage. A service also might be unable to tell if a user actually still exists and thus not know when to invalidate its client tokens.

Userli provides some generic API methods at /api/retention/ to update the last login time of a user independent of the authentication process and to get a list of deleted users for a domain.

See this project for an example implementation.

Following env vars need to be set to enable the API:

RETENTION_API_ENABLED=true
# Access is restricted to these IPs (supports subnets like `10.0.0.1/24`)
RETENTION_API_IP_ALLOWLIST="127.0.0.1, ::1"
RETENTION_API_ACCESS_TOKEN="replace-me-with-a-secure-token"