Dear Mr. Tuomi
Do you have any idea how to solve this problem?
Best regards,
---------------------------------------------------------------------------------------------------------------------------------
?163-6017 ?????????6-8-1 ?????????????
???? ???????? ????? ?????????? ????
e-mail: taiki.fukuda at justsystems.com
??: 5158
TEL: 03-5324-7900
mobile: 080-6198-7328
---------------------------------------------------------------------------------------------------------------------------------
2021?1?26?(?) 18:51 ???? <taiki.fukuda at justsystems.com>:
> Dear Mr. Tuomi
>
> Thank you for the instruction.
> I was able to output rawlogs.
> The following is the result.
>
> 20210126-184744.22221.1.in?
>
> 1611654464.207331 HTTP/1.1 401 Unauthorized
> 1611654464.207331 Cache-Control: no-cache, no-store, max-age=0,
must-revalidate
> 1611654464.207331 Pragma: no-cache
> 1611654464.207331 Expires: Mon, 01 Jan 1990 00:00:00 GMT
> 1611654464.207331 Date: Tue, 26 Jan 2021 09:47:44 GMT
> 1611654464.207331 Vary: X-Origin
> 1611654464.207331 Vary: Referer
> 1611654464.207331 Content-Type: application/json; charset=UTF-8
> 1611654464.207331 Server: ESF
> 1611654464.207331 X-XSS-Protection: 0
> 1611654464.207331 X-Frame-Options: SAMEORIGIN
> 1611654464.207331 X-Content-Type-Options: nosniff
> 1611654464.207331 Alt-Svc: h3-29=":443";
ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443";
ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443";
ma=2592000,quic=":443"; ma=2592000; v="46,43"
> 1611654464.207331 Accept-Ranges: none
> 1611654464.207331 Vary: Origin,Accept-Encoding
> 1611654464.207331 Transfer-Encoding: chunked
> 1611654464.207331
> 1611654464.207331 130
> 1611654464.207331 {
> 1611654464.207331 "error": {
> 1611654464.207331 "code": 401,
> 1611654464.207331 "message": "Request is missing
required authentication credential. Expected OAuth 2 access token, login cookie
or other valid authentication credential. See
https://developers.google.com/identity/sign-in/web/devconsole-project.",
> 1611654464.207331 "status": "UNAUTHENTICATED"
> 1611654464.207331 }
> 1611654464.207331 }
> 1611654464.207331
> 1611654464.207737 0
> 1611654464.207737
>
> 20210126-184744.22221.1.out?
>
> 1611654464.165704 GET /oauth2/v2/userinfo HTTP/1.1
> 1611654464.165704 Host: www.googleapis.com
> 1611654464.165704 Date: Tue, 26 Jan 2021 09:47:44 GMT
> 1611654464.165704 User-Agent: dovecot-oauth2-passdb/2.3.13
> 1611654464.165704 Connection: Keep-Alive
> 1611654464.165727 Authorization: Bearer ??????
> 1611654464.165730
>
> Best regards,
> ------------------------------
>
> ?163-6017 ?????????6-8-1 ?????????????
> ???? ???????? ????? ?????????? ????
> e-mail: taiki.fukuda at justsystems.com
> ??: 5158
> TEL: 03-5324-7900
> mobile: 080-6198-7328
> ------------------------------
>
> 2021?1?26?(?) 18:35 Aki Tuomi aki.tuomi at open-xchange.com
> <http://mailto:aki.tuomi at open-xchange.com>:
>
> No, the directory must exist. I'm sorry I wasn't clear enough when
I
>> replied last time, but dovecot will not create the directory. You need
to
>> create it and make it writable.
>>
>> Aki
>>
>> > On 26/01/2021 11:09 ???? <taiki.fukuda at justsystems.com>
wrote:
>> >
>> >
>> > Dear Mr. Tuomi
>> >
>> > Sorry, I have added the setting PrivateTmp=no to
>> /etc/systemd/system/dovecot.service.d/override.conf
>> > However, /tmp/oauth2 was not created.
>> >
>> > Best regards,
>> >
>> >
>>
---------------------------------------------------------------------------------------------------------------------------------
>> > ?163-6017 ?????????6-8-1 ?????????????
>> > ???? ???????? ????? ?????????? ????
>> > e-mail: taiki.fukuda at justsystems.com
>> > ??: 5158
>> > TEL: 03-5324-7900
>> > mobile: 080-6198-7328
>> >
>>
---------------------------------------------------------------------------------------------------------------------------------
>> >
>> >
>> >
>> > 2021?1?26?(?) 18:01 Aki Tuomi <aki.tuomi at
open-xchange.com>:
>> > > That is because you are using systemd, where the unit file,
by
>> default, has PrivateTmp=yes.
>> > >
>> > > You can look under /tmp for dovecot private tmp directory
and create
>> the directory there, or you can temporarily disable this security
measure.
>> > >
>> > > systemctl edit dovecot
>> > >
>> > > [Service]
>> > > PrivateTmp=no
>> > >
>> > > systemctl daemon-reload
>> > > systemctl restart dovecot
>> > >
>> > > Aki
>> > >
>> > > > On 26/01/2021 10:57 ???? <taiki.fukuda at
justsystems.com> wrote:
>> > > >
>> > > >
>> > > > Dear Mr. Tuomi
>> > > >
>> > > > I have added the setting rawlog_dir = /tmp/oauth2 to
>> /etc/dovecot/dovecot-oauth2.conf.ext
>> > > > However, /tmp/oauth2 was not created.
>> > > >
>> > > > Best regards,
>> > > >
>> > > >
>> > > >
>>
---------------------------------------------------------------------------------------------------------------------------------
>> > > > ?163-6017 ?????????6-8-1 ?????????????
>> > > > ???? ???????? ????? ?????????? ????
>> > > > e-mail: taiki.fukuda at justsystems.com
>> > > > ??: 5158
>> > > > TEL: 03-5324-7900
>> > > > mobile: 080-6198-7328
>> > > >
>>
---------------------------------------------------------------------------------------------------------------------------------
>> > > >
>> > > >
>> > > >
>> > > > 2021?1?26?(?) 15:45 Aki Tuomi <aki.tuomi at
open-xchange.com>:
>> > > > > Yes, however I still cannot see rawlogs.
>> > > > >
>> > > > > Aki
>> > > > >
>> > > > > > On 25/01/2021 10:25 ???? <taiki.fukuda at
justsystems.com> wrote:
>> > > > > >
>> > > > > >
>> > > > > > Yes. In my last email, I sent you the log of
the result of
>> running with oauth debug logging enabled.
>> > > > > > /etc/dovecot/conf.d/10-logging.conf?
>> > > > > > ##
>> > > > > > ## Logging verbosity and debugging.
>> > > > > > ##
>> > > > > >
>> > > > > > # Log filter is a space-separated list
conditions. If any of
>> the conditions
>> > > > > > # match, the log filter matches (i.e.
they're ORed together).
>> Parenthesis
>> > > > > > # are supported if multiple conditions need
to be matched
>> together.
>> > > > > > # Supported conditions are:
>> > > > > > # event:<name wildcard> - Match event
name. '*' and '?'
>> wildcards supported.
>> > > > > > # source:<filename>[:<line
number>] - Match source code
>> filename [and line]
>> > > > > > # field:<key>=<value wildcard> -
Match field key to a value.
>> Can be specified
>> > > > > > # multiple times to match multiple keys.
>> > > > > > # cat[egory]:<value> - Match a
category. Can be specified
>> multiple times to
>> > > > > > # match multiple categories.
>> > > > > > # For example: event:http_request_*
(cat:error cat:storage)
>> > > > > >
>> > > > > > # Filter to specify what debug logging to
enable. This will
>> eventually replace
>> > > > > > # mail_debug and auth_debug settings.
>> > > > > > log_debug=category=oauth2
>> > > > > >
>> > > > > > ------------------------------
>> > > > > > ?163-6017 ?????????6-8-1 ?????????????
>> > > > > > ???? ???????? ????? ?????????? ????
>> > > > > > e-mail: taiki.fukuda at justsystems.com
>> > > > > > ??: 5158
>> > > > > > TEL: 03-5324-7900
>> > > > > > mobile: 080-6198-7328
>> > > > > > ------------------------------
>> > > > > >
>> > > > > >
>> > > > > > 2021?1?25?(?) 17:24 ???? <taiki.fukuda at
justsystems.com>:
>> > > > > > > Yes. In my last email, I sent you the
log of the result of
>> running with oauth debug logging enabled.
>> > > > > > >
>> > > > > > > /etc/dovecot/conf.d/10-logging.conf?
>> > > > > > >
>> > > > > > > ```
>> > > > > > > ```
>> > > > > > >
>> > > > > > >
>> > > > > > >
>> > > > > > >
>>
---------------------------------------------------------------------------------------------------------------------------------
>> > > > > > > ?163-6017 ?????????6-8-1 ?????????????
>> > > > > > > ???? ???????? ????? ?????????? ????
>> > > > > > > e-mail: taiki.fukuda at justsystems.com
>> > > > > > > ??: 5158
>> > > > > > > TEL: 03-5324-7900
>> > > > > > > mobile: 080-6198-7328
>> > > > > > >
>>
---------------------------------------------------------------------------------------------------------------------------------
>> > > > > > >
>> > > > > > >
>> > > > > > >
>> > > > > > > 2021?1?25?(?) 17:16 Aki Tuomi
<aki.tuomi at open-xchange.com>:
>> > > > > > > >
>> > > > > > > > > On 25/01/2021 10:12 ????
<taiki.fukuda at justsystems.com>
>> wrote:
>> > > > > > > > >
>> > > > > > > > >
>> > > > > > > > > Dear Mr. Tuomi
>> > > > > > > > > Google is responding to me as
Unauthorized.
>> > > > > > > > > So I need to send my
credentials such as access token in
>> the request parameter for authentication in google?s Get User API
request.
>> > > > > > > > > But I don?t know how to
configure dovecot to achieve
>> that.
>> > > > > > > > > Could you please help me with
this?
>> > > > > > > > > Best regards,
>> > > > > > > > >
>> > > > > > > > > ------------------------------
>> > > > > > > > > ?163-6017 ?????????6-8-1
?????????????
>> > > > > > > > > ???? ???????? ????? ??????????
????
>> > > > > > > > > e-mail: taiki.fukuda at
justsystems.com
>> > > > > > > > > ??: 5158
>> > > > > > > > > TEL: 03-5324-7900
>> > > > > > > > >
>> > > > > > > > > mobile: 080-6198-7328
>> > > > > > > >
>> > > > > > > >
>> > > > > > > > Did you try the debugging things I
mentioned? Your logs do
>> not indicate that you did.
>> > > > > > > >
>> > > > > > > > So,
>> > > > > > > >
>> > > > > > > > - Try turning on rawlogs for the
oauth2 requests and see
>> what google is sending you?
>> > > > > > > > - You can also try
log_debug=category=oauth2 (2.3.13) to
>> get more debug logs from oauth2.
>> > > > > > > >
>> > > > > > > > Aki
>> > > > > > > >
>> > > > >
>> > >
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20210128/ad86e5ab/attachment-0001.html>