dovecot - Jan 2021 - [EXT] Re: Reminder Re: Dovecot Gmail OAuth2.0 Setting Question

No, the directory must exist. I'm sorry I wasn't clear enough when I
replied last time, but dovecot will not create the directory. You need to create
it and make it writable.

Aki
> On 26/01/2021 11:09 ???? <taiki.fukuda at justsystems.com> wrote:
> 
> 
> Dear Mr. Tuomi
> 
> Sorry, I have added the setting PrivateTmp=no to
/etc/systemd/system/dovecot.service.d/override.conf
> However, /tmp/oauth2 was not created.
> 
> Best regards,
> 
>
---------------------------------------------------------------------------------------------------------------------------------
> ?163-6017 ?????????6-8-1 ?????????????
> ???? ???????? ????? ?????????? ????
> e-mail: taiki.fukuda at justsystems.com
> ??: 5158
> TEL: 03-5324-7900
> mobile: 080-6198-7328
>
---------------------------------------------------------------------------------------------------------------------------------
> 
> 
> 
> 2021?1?26?(?) 18:01 Aki Tuomi <aki.tuomi at open-xchange.com>:
> > That is because you are using systemd, where the unit file, by
default, has PrivateTmp=yes.
> >  
> >  You can look under /tmp for dovecot private tmp directory and create
the directory there, or you can temporarily disable this security measure.
> >  
> >  systemctl edit dovecot
> >  
> >  [Service]
> >  PrivateTmp=no
> >  
> >  systemctl daemon-reload
> >  systemctl restart dovecot
> >  
> >  Aki
> >  
> >  > On 26/01/2021 10:57 ???? <taiki.fukuda at justsystems.com>
wrote:
> >  > 
> >  > 
> >  > Dear Mr. Tuomi
> >  > 
> >  > I have added the setting rawlog_dir = /tmp/oauth2 to
/etc/dovecot/dovecot-oauth2.conf.ext
> >  > However, /tmp/oauth2 was not created.
> >  > 
> >  > Best regards,
> >  > 
> >  > 
> >  >
---------------------------------------------------------------------------------------------------------------------------------
> >  > ?163-6017 ?????????6-8-1 ?????????????
> >  > ???? ???????? ????? ?????????? ????
> >  > e-mail: taiki.fukuda at justsystems.com
> >  > ??: 5158
> >  > TEL: 03-5324-7900
> >  > mobile: 080-6198-7328
> >  >
---------------------------------------------------------------------------------------------------------------------------------
> >  > 
> >  > 
> >  > 
> >  > 2021?1?26?(?) 15:45 Aki Tuomi <aki.tuomi at
open-xchange.com>:
> >  > > Yes, however I still cannot see rawlogs.
> >  > > 
> >  > > Aki
> >  > > 
> >  > > > On 25/01/2021 10:25 ???? <taiki.fukuda at
justsystems.com> wrote:
> >  > > > 
> >  > > > 
> >  > > > Yes. In my last email, I sent you the log of the
result of running with oauth debug logging enabled.
> >  > > > /etc/dovecot/conf.d/10-logging.conf?
> >  > > > ##
> >  > > > ## Logging verbosity and debugging.
> >  > > > ##
> >  > > > 
> >  > > > # Log filter is a space-separated list conditions. If
any of the conditions
> >  > > > # match, the log filter matches (i.e. they're ORed
together). Parenthesis
> >  > > > # are supported if multiple conditions need to be
matched together.
> >  > > > # Supported conditions are:
> >  > > > # event:<name wildcard> - Match event name.
'*' and '?' wildcards supported.
> >  > > > # source:<filename>[:<line number>] -
Match source code filename [and line]
> >  > > > # field:<key>=<value wildcard> - Match
field key to a value. Can be specified
> >  > > > # multiple times to match multiple keys.
> >  > > > # cat[egory]:<value> - Match a category. Can be
specified multiple times to
> >  > > > # match multiple categories.
> >  > > > # For example: event:http_request_* (cat:error
cat:storage)
> >  > > > 
> >  > > > # Filter to specify what debug logging to enable. This
will eventually replace
> >  > > > # mail_debug and auth_debug settings.
> >  > > > log_debug=category=oauth2
> >  > > > 
> >  > > > ------------------------------
> >  > > > ?163-6017 ?????????6-8-1 ?????????????
> >  > > > ???? ???????? ????? ?????????? ????
> >  > > > e-mail: taiki.fukuda at justsystems.com
> >  > > > ??: 5158
> >  > > > TEL: 03-5324-7900
> >  > > > mobile: 080-6198-7328
> >  > > > ------------------------------
> >  > > > 
> >  > > > 
> >  > > > 2021?1?25?(?) 17:24 ???? <taiki.fukuda at
justsystems.com>:
> >  > > > > Yes. In my last email, I sent you the log of the
result of running with oauth debug logging enabled.
> >  > > > > 
> >  > > > > /etc/dovecot/conf.d/10-logging.conf?
> >  > > > > 
> >  > > > > ```
> >  > > > > ```
> >  > > > > 
> >  > > > > 
> >  > > > > 
> >  > > > >
---------------------------------------------------------------------------------------------------------------------------------
> >  > > > > ?163-6017 ?????????6-8-1 ?????????????
> >  > > > > ???? ???????? ????? ?????????? ????
> >  > > > > e-mail: taiki.fukuda at justsystems.com
> >  > > > > ??: 5158
> >  > > > > TEL: 03-5324-7900
> >  > > > > mobile: 080-6198-7328
> >  > > > >
---------------------------------------------------------------------------------------------------------------------------------
> >  > > > > 
> >  > > > > 
> >  > > > > 
> >  > > > > 2021?1?25?(?) 17:16 Aki Tuomi <aki.tuomi at
open-xchange.com>:
> >  > > > > > 
> >  > > > > > > On 25/01/2021 10:12 ????
<taiki.fukuda at justsystems.com> wrote:
> >  > > > > > > 
> >  > > > > > > 
> >  > > > > > > Dear Mr. Tuomi
> >  > > > > > > Google is responding to me as
Unauthorized.
> >  > > > > > > So I need to send my credentials such
as access token in the request parameter for authentication in google?s Get User
API request.
> >  > > > > > > But I don?t know how to configure
dovecot to achieve that.
> >  > > > > > > Could you please help me with this?
> >  > > > > > > Best regards,
> >  > > > > > > 
> >  > > > > > > ------------------------------
> >  > > > > > > ?163-6017 ?????????6-8-1 ?????????????
> >  > > > > > > ???? ???????? ????? ?????????? ????
> >  > > > > > > e-mail: taiki.fukuda at justsystems.com
> >  > > > > > > ??: 5158
> >  > > > > > > TEL: 03-5324-7900
> >  > > > > > > 
> >  > > > > > > mobile: 080-6198-7328
> >  > > > > > 
> >  > > > > > 
> >  > > > > > Did you try the debugging things I
mentioned? Your logs do not indicate that you did.
> >  > > > > > 
> >  > > > > > So, 
> >  > > > > > 
> >  > > > > > - Try turning on rawlogs for the oauth2
requests and see what google is sending you?
> >  > > > > > - You can also try log_debug=category=oauth2
(2.3.13) to get more debug logs from oauth2.
> >  > > > > > 
> >  > > > > > Aki
> >  > > > > >
> >  > >
> >

Dear Mr. Tuomi

Thank you for the instruction.
I was able to output rawlogs.
The following is the result.

20210126-184744.22221.1.in?

1611654464.207331 HTTP/1.1 401 Unauthorized
1611654464.207331 Cache-Control: no-cache, no-store, max-age=0, must-revalidate
1611654464.207331 Pragma: no-cache
1611654464.207331 Expires: Mon, 01 Jan 1990 00:00:00 GMT
1611654464.207331 Date: Tue, 26 Jan 2021 09:47:44 GMT
1611654464.207331 Vary: X-Origin
1611654464.207331 Vary: Referer
1611654464.207331 Content-Type: application/json; charset=UTF-8
1611654464.207331 Server: ESF
1611654464.207331 X-XSS-Protection: 0
1611654464.207331 X-Frame-Options: SAMEORIGIN
1611654464.207331 X-Content-Type-Options: nosniff
1611654464.207331 Alt-Svc: h3-29=":443";
ma=2592000,h3-T051=":443";
ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443";
ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443";
ma=2592000;
v="46,43"
1611654464.207331 Accept-Ranges: none
1611654464.207331 Vary: Origin,Accept-Encoding
1611654464.207331 Transfer-Encoding: chunked
1611654464.207331
1611654464.207331 130
1611654464.207331 {
1611654464.207331   "error": {
1611654464.207331     "code": 401,
1611654464.207331     "message": "Request is missing required
authentication credential. Expected OAuth 2 access token, login cookie
or other valid authentication credential. See
https://developers.google.com/identity/sign-in/web/devconsole-project.",
1611654464.207331     "status": "UNAUTHENTICATED"
1611654464.207331   }
1611654464.207331 }
1611654464.207331
1611654464.207737 0
1611654464.207737

20210126-184744.22221.1.out?

1611654464.165704 GET /oauth2/v2/userinfo HTTP/1.1
1611654464.165704 Host: www.googleapis.com
1611654464.165704 Date: Tue, 26 Jan 2021 09:47:44 GMT
1611654464.165704 User-Agent: dovecot-oauth2-passdb/2.3.13
1611654464.165704 Connection: Keep-Alive
1611654464.165727 Authorization: Bearer ??????
1611654464.165730

Best regards,
------------------------------

?163-6017 ?????????6-8-1 ?????????????
???? ???????? ????? ?????????? ????
e-mail: taiki.fukuda at justsystems.com
??: 5158
TEL: 03-5324-7900
mobile: 080-6198-7328
------------------------------

2021?1?26?(?) 18:35 Aki Tuomi aki.tuomi at open-xchange.com
<http://mailto:aki.tuomi at open-xchange.com>:

No, the directory must exist. I'm sorry I wasn't clear enough when
I
> replied last time, but dovecot will not create the directory. You need to
> create it and make it writable.
>
> Aki
>
> > On 26/01/2021 11:09 ???? <taiki.fukuda at justsystems.com>
wrote:
> >
> >
> > Dear Mr. Tuomi
> >
> > Sorry, I have added the setting PrivateTmp=no to
> /etc/systemd/system/dovecot.service.d/override.conf
> > However, /tmp/oauth2 was not created.
> >
> > Best regards,
> >
> >
>
---------------------------------------------------------------------------------------------------------------------------------
> > ?163-6017 ?????????6-8-1 ?????????????
> > ???? ???????? ????? ?????????? ????
> > e-mail: taiki.fukuda at justsystems.com
> > ??: 5158
> > TEL: 03-5324-7900
> > mobile: 080-6198-7328
> >
>
---------------------------------------------------------------------------------------------------------------------------------
> >
> >
> >
> > 2021?1?26?(?) 18:01 Aki Tuomi <aki.tuomi at open-xchange.com>:
> > > That is because you are using systemd, where the unit file, by
> default, has PrivateTmp=yes.
> > >
> > >  You can look under /tmp for dovecot private tmp directory and
create
> the directory there, or you can temporarily disable this security measure.
> > >
> > >  systemctl edit dovecot
> > >
> > >  [Service]
> > >  PrivateTmp=no
> > >
> > >  systemctl daemon-reload
> > >  systemctl restart dovecot
> > >
> > >  Aki
> > >
> > >  > On 26/01/2021 10:57 ???? <taiki.fukuda at
justsystems.com> wrote:
> > >  >
> > >  >
> > >  > Dear Mr. Tuomi
> > >  >
> > >  > I have added the setting rawlog_dir = /tmp/oauth2 to
> /etc/dovecot/dovecot-oauth2.conf.ext
> > >  > However, /tmp/oauth2 was not created.
> > >  >
> > >  > Best regards,
> > >  >
> > >  >
> > >  >
>
---------------------------------------------------------------------------------------------------------------------------------
> > >  > ?163-6017 ?????????6-8-1 ?????????????
> > >  > ???? ???????? ????? ?????????? ????
> > >  > e-mail: taiki.fukuda at justsystems.com
> > >  > ??: 5158
> > >  > TEL: 03-5324-7900
> > >  > mobile: 080-6198-7328
> > >  >
>
---------------------------------------------------------------------------------------------------------------------------------
> > >  >
> > >  >
> > >  >
> > >  > 2021?1?26?(?) 15:45 Aki Tuomi <aki.tuomi at
open-xchange.com>:
> > >  > > Yes, however I still cannot see rawlogs.
> > >  > >
> > >  > > Aki
> > >  > >
> > >  > > > On 25/01/2021 10:25 ???? <taiki.fukuda at
justsystems.com> wrote:
> > >  > > >
> > >  > > >
> > >  > > > Yes. In my last email, I sent you the log of the
result of
> running with oauth debug logging enabled.
> > >  > > > /etc/dovecot/conf.d/10-logging.conf?
> > >  > > > ##
> > >  > > > ## Logging verbosity and debugging.
> > >  > > > ##
> > >  > > >
> > >  > > > # Log filter is a space-separated list
conditions. If any of
> the conditions
> > >  > > > # match, the log filter matches (i.e. they're
ORed together).
> Parenthesis
> > >  > > > # are supported if multiple conditions need to be
matched
> together.
> > >  > > > # Supported conditions are:
> > >  > > > # event:<name wildcard> - Match event name.
'*' and '?'
> wildcards supported.
> > >  > > > # source:<filename>[:<line number>] -
Match source code
> filename [and line]
> > >  > > > # field:<key>=<value wildcard> -
Match field key to a value.
> Can be specified
> > >  > > > # multiple times to match multiple keys.
> > >  > > > # cat[egory]:<value> - Match a category.
Can be specified
> multiple times to
> > >  > > > # match multiple categories.
> > >  > > > # For example: event:http_request_* (cat:error
cat:storage)
> > >  > > >
> > >  > > > # Filter to specify what debug logging to enable.
This will
> eventually replace
> > >  > > > # mail_debug and auth_debug settings.
> > >  > > > log_debug=category=oauth2
> > >  > > >
> > >  > > > ------------------------------
> > >  > > > ?163-6017 ?????????6-8-1 ?????????????
> > >  > > > ???? ???????? ????? ?????????? ????
> > >  > > > e-mail: taiki.fukuda at justsystems.com
> > >  > > > ??: 5158
> > >  > > > TEL: 03-5324-7900
> > >  > > > mobile: 080-6198-7328
> > >  > > > ------------------------------
> > >  > > >
> > >  > > >
> > >  > > > 2021?1?25?(?) 17:24 ???? <taiki.fukuda at
justsystems.com>:
> > >  > > > > Yes. In my last email, I sent you the log of
the result of
> running with oauth debug logging enabled.
> > >  > > > >
> > >  > > > > /etc/dovecot/conf.d/10-logging.conf?
> > >  > > > >
> > >  > > > > ```
> > >  > > > > ```
> > >  > > > >
> > >  > > > >
> > >  > > > >
> > >  > > > >
>
---------------------------------------------------------------------------------------------------------------------------------
> > >  > > > > ?163-6017 ?????????6-8-1 ?????????????
> > >  > > > > ???? ???????? ????? ?????????? ????
> > >  > > > > e-mail: taiki.fukuda at justsystems.com
> > >  > > > > ??: 5158
> > >  > > > > TEL: 03-5324-7900
> > >  > > > > mobile: 080-6198-7328
> > >  > > > >
>
---------------------------------------------------------------------------------------------------------------------------------
> > >  > > > >
> > >  > > > >
> > >  > > > >
> > >  > > > > 2021?1?25?(?) 17:16 Aki Tuomi <aki.tuomi
at open-xchange.com>:
> > >  > > > > >
> > >  > > > > > > On 25/01/2021 10:12 ????
<taiki.fukuda at justsystems.com>
> wrote:
> > >  > > > > > >
> > >  > > > > > >
> > >  > > > > > > Dear Mr. Tuomi
> > >  > > > > > > Google is responding to me as
Unauthorized.
> > >  > > > > > > So I need to send my credentials
such as access token in
> the request parameter for authentication in google?s Get User API request.
> > >  > > > > > > But I don?t know how to configure
dovecot to achieve that.
> > >  > > > > > > Could you please help me with
this?
> > >  > > > > > > Best regards,
> > >  > > > > > >
> > >  > > > > > > ------------------------------
> > >  > > > > > > ?163-6017 ?????????6-8-1
?????????????
> > >  > > > > > > ???? ???????? ????? ??????????
????
> > >  > > > > > > e-mail: taiki.fukuda at
justsystems.com
> > >  > > > > > > ??: 5158
> > >  > > > > > > TEL: 03-5324-7900
> > >  > > > > > >
> > >  > > > > > > mobile: 080-6198-7328
> > >  > > > > >
> > >  > > > > >
> > >  > > > > > Did you try the debugging things I
mentioned? Your logs do
> not indicate that you did.
> > >  > > > > >
> > >  > > > > > So,
> > >  > > > > >
> > >  > > > > > - Try turning on rawlogs for the oauth2
requests and see
> what google is sending you?
> > >  > > > > > - You can also try
log_debug=category=oauth2 (2.3.13) to
> get more debug logs from oauth2.
> > >  > > > > >
> > >  > > > > > Aki
> > >  > > > > >
> > >  > >
> > >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20210126/065f83c2/attachment-0001.html>