Pardon this very uninformed question.
We have an email system set up with postfix/dovecot and I’d like to add more security to the simple passwords in place now. We also have a campus wide subscription to Duo which allows us to easily add a second factor to ssh logins. Simplistically just pointing the dovecot to this service requires the user to acknowledge a new login at frequent and poorly defined intervals. Can I use oauth2 to set up predefined known devices to handle this? And set up a web interface to allow the user to make such devices known?
I have looked at the documentation and found a hook from dovecot to an oauth2 provider. As a complete newbie, I have found the docker setup of hydra to work but the docs suggest that for a production system I need to work outside of docker. Is this true? I am finding these so-called restful APIs far from restful.