Dear Mr. Tuomi Do you have any idea how to solve this problem? Best regards, --------------------------------------------------------------------------------------------------------------------------------- ?163-6017 ?????????6-8-1 ????????????? ???? ???????? ????? ?????????? ???? e-mail: taiki.fukuda at justsystems.com ??: 5158 TEL: 03-5324-7900 mobile: 080-6198-7328 --------------------------------------------------------------------------------------------------------------------------------- 2021?1?26?(?) 18:51 ???? <taiki.fukuda at justsystems.com>:> Dear Mr. Tuomi > > Thank you for the instruction. > I was able to output rawlogs. > The following is the result. > > 20210126-184744.22221.1.in? > > 1611654464.207331 HTTP/1.1 401 Unauthorized > 1611654464.207331 Cache-Control: no-cache, no-store, max-age=0, must-revalidate > 1611654464.207331 Pragma: no-cache > 1611654464.207331 Expires: Mon, 01 Jan 1990 00:00:00 GMT > 1611654464.207331 Date: Tue, 26 Jan 2021 09:47:44 GMT > 1611654464.207331 Vary: X-Origin > 1611654464.207331 Vary: Referer > 1611654464.207331 Content-Type: application/json; charset=UTF-8 > 1611654464.207331 Server: ESF > 1611654464.207331 X-XSS-Protection: 0 > 1611654464.207331 X-Frame-Options: SAMEORIGIN > 1611654464.207331 X-Content-Type-Options: nosniff > 1611654464.207331 Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" > 1611654464.207331 Accept-Ranges: none > 1611654464.207331 Vary: Origin,Accept-Encoding > 1611654464.207331 Transfer-Encoding: chunked > 1611654464.207331 > 1611654464.207331 130 > 1611654464.207331 { > 1611654464.207331 "error": { > 1611654464.207331 "code": 401, > 1611654464.207331 "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.", > 1611654464.207331 "status": "UNAUTHENTICATED" > 1611654464.207331 } > 1611654464.207331 } > 1611654464.207331 > 1611654464.207737 0 > 1611654464.207737 > > 20210126-184744.22221.1.out? > > 1611654464.165704 GET /oauth2/v2/userinfo HTTP/1.1 > 1611654464.165704 Host: www.googleapis.com > 1611654464.165704 Date: Tue, 26 Jan 2021 09:47:44 GMT > 1611654464.165704 User-Agent: dovecot-oauth2-passdb/2.3.13 > 1611654464.165704 Connection: Keep-Alive > 1611654464.165727 Authorization: Bearer ?????? > 1611654464.165730 > > Best regards, > ------------------------------ > > ?163-6017 ?????????6-8-1 ????????????? > ???? ???????? ????? ?????????? ???? > e-mail: taiki.fukuda at justsystems.com > ??: 5158 > TEL: 03-5324-7900 > mobile: 080-6198-7328 > ------------------------------ > > 2021?1?26?(?) 18:35 Aki Tuomi aki.tuomi at open-xchange.com > <http://mailto:aki.tuomi at open-xchange.com>: > > No, the directory must exist. I'm sorry I wasn't clear enough when I >> replied last time, but dovecot will not create the directory. You need to >> create it and make it writable. >> >> Aki >> >> > On 26/01/2021 11:09 ???? <taiki.fukuda at justsystems.com> wrote: >> > >> > >> > Dear Mr. Tuomi >> > >> > Sorry, I have added the setting PrivateTmp=no to >> /etc/systemd/system/dovecot.service.d/override.conf >> > However, /tmp/oauth2 was not created. >> > >> > Best regards, >> > >> > >> --------------------------------------------------------------------------------------------------------------------------------- >> > ?163-6017 ?????????6-8-1 ????????????? >> > ???? ???????? ????? ?????????? ???? >> > e-mail: taiki.fukuda at justsystems.com >> > ??: 5158 >> > TEL: 03-5324-7900 >> > mobile: 080-6198-7328 >> > >> --------------------------------------------------------------------------------------------------------------------------------- >> > >> > >> > >> > 2021?1?26?(?) 18:01 Aki Tuomi <aki.tuomi at open-xchange.com>: >> > > That is because you are using systemd, where the unit file, by >> default, has PrivateTmp=yes. >> > > >> > > You can look under /tmp for dovecot private tmp directory and create >> the directory there, or you can temporarily disable this security measure. >> > > >> > > systemctl edit dovecot >> > > >> > > [Service] >> > > PrivateTmp=no >> > > >> > > systemctl daemon-reload >> > > systemctl restart dovecot >> > > >> > > Aki >> > > >> > > > On 26/01/2021 10:57 ???? <taiki.fukuda at justsystems.com> wrote: >> > > > >> > > > >> > > > Dear Mr. Tuomi >> > > > >> > > > I have added the setting rawlog_dir = /tmp/oauth2 to >> /etc/dovecot/dovecot-oauth2.conf.ext >> > > > However, /tmp/oauth2 was not created. >> > > > >> > > > Best regards, >> > > > >> > > > >> > > > >> --------------------------------------------------------------------------------------------------------------------------------- >> > > > ?163-6017 ?????????6-8-1 ????????????? >> > > > ???? ???????? ????? ?????????? ???? >> > > > e-mail: taiki.fukuda at justsystems.com >> > > > ??: 5158 >> > > > TEL: 03-5324-7900 >> > > > mobile: 080-6198-7328 >> > > > >> --------------------------------------------------------------------------------------------------------------------------------- >> > > > >> > > > >> > > > >> > > > 2021?1?26?(?) 15:45 Aki Tuomi <aki.tuomi at open-xchange.com>: >> > > > > Yes, however I still cannot see rawlogs. >> > > > > >> > > > > Aki >> > > > > >> > > > > > On 25/01/2021 10:25 ???? <taiki.fukuda at justsystems.com> wrote: >> > > > > > >> > > > > > >> > > > > > Yes. In my last email, I sent you the log of the result of >> running with oauth debug logging enabled. >> > > > > > /etc/dovecot/conf.d/10-logging.conf? >> > > > > > ## >> > > > > > ## Logging verbosity and debugging. >> > > > > > ## >> > > > > > >> > > > > > # Log filter is a space-separated list conditions. If any of >> the conditions >> > > > > > # match, the log filter matches (i.e. they're ORed together). >> Parenthesis >> > > > > > # are supported if multiple conditions need to be matched >> together. >> > > > > > # Supported conditions are: >> > > > > > # event:<name wildcard> - Match event name. '*' and '?' >> wildcards supported. >> > > > > > # source:<filename>[:<line number>] - Match source code >> filename [and line] >> > > > > > # field:<key>=<value wildcard> - Match field key to a value. >> Can be specified >> > > > > > # multiple times to match multiple keys. >> > > > > > # cat[egory]:<value> - Match a category. Can be specified >> multiple times to >> > > > > > # match multiple categories. >> > > > > > # For example: event:http_request_* (cat:error cat:storage) >> > > > > > >> > > > > > # Filter to specify what debug logging to enable. This will >> eventually replace >> > > > > > # mail_debug and auth_debug settings. >> > > > > > log_debug=category=oauth2 >> > > > > > >> > > > > > ------------------------------ >> > > > > > ?163-6017 ?????????6-8-1 ????????????? >> > > > > > ???? ???????? ????? ?????????? ???? >> > > > > > e-mail: taiki.fukuda at justsystems.com >> > > > > > ??: 5158 >> > > > > > TEL: 03-5324-7900 >> > > > > > mobile: 080-6198-7328 >> > > > > > ------------------------------ >> > > > > > >> > > > > > >> > > > > > 2021?1?25?(?) 17:24 ???? <taiki.fukuda at justsystems.com>: >> > > > > > > Yes. In my last email, I sent you the log of the result of >> running with oauth debug logging enabled. >> > > > > > > >> > > > > > > /etc/dovecot/conf.d/10-logging.conf? >> > > > > > > >> > > > > > > ``` >> > > > > > > ``` >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > >> --------------------------------------------------------------------------------------------------------------------------------- >> > > > > > > ?163-6017 ?????????6-8-1 ????????????? >> > > > > > > ???? ???????? ????? ?????????? ???? >> > > > > > > e-mail: taiki.fukuda at justsystems.com >> > > > > > > ??: 5158 >> > > > > > > TEL: 03-5324-7900 >> > > > > > > mobile: 080-6198-7328 >> > > > > > > >> --------------------------------------------------------------------------------------------------------------------------------- >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > 2021?1?25?(?) 17:16 Aki Tuomi <aki.tuomi at open-xchange.com>: >> > > > > > > > >> > > > > > > > > On 25/01/2021 10:12 ???? <taiki.fukuda at justsystems.com> >> wrote: >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > Dear Mr. Tuomi >> > > > > > > > > Google is responding to me as Unauthorized. >> > > > > > > > > So I need to send my credentials such as access token in >> the request parameter for authentication in google?s Get User API request. >> > > > > > > > > But I don?t know how to configure dovecot to achieve >> that. >> > > > > > > > > Could you please help me with this? >> > > > > > > > > Best regards, >> > > > > > > > > >> > > > > > > > > ------------------------------ >> > > > > > > > > ?163-6017 ?????????6-8-1 ????????????? >> > > > > > > > > ???? ???????? ????? ?????????? ???? >> > > > > > > > > e-mail: taiki.fukuda at justsystems.com >> > > > > > > > > ??: 5158 >> > > > > > > > > TEL: 03-5324-7900 >> > > > > > > > > >> > > > > > > > > mobile: 080-6198-7328 >> > > > > > > > >> > > > > > > > >> > > > > > > > Did you try the debugging things I mentioned? Your logs do >> not indicate that you did. >> > > > > > > > >> > > > > > > > So, >> > > > > > > > >> > > > > > > > - Try turning on rawlogs for the oauth2 requests and see >> what google is sending you? >> > > > > > > > - You can also try log_debug=category=oauth2 (2.3.13) to >> get more debug logs from oauth2. >> > > > > > > > >> > > > > > > > Aki >> > > > > > > > >> > > > > >> > > >> >-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20210128/ad86e5ab/attachment-0001.html>
Odhiambo Washington
2021-Jan-28 18:29 UTC
[EXT] Re: Reminder Re: Dovecot Gmail OAuth2.0 Setting Question
Your clue is in the log: 1611654464.207331 "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.", 1611654464.207331 "status": "UNAUTHENTICATED" 1611654464.207331 } On Thu, 28 Jan 2021 at 09:25, ???? <taiki.fukuda at justsystems.com> wrote:> Dear Mr. Tuomi > > Do you have any idea how to solve this problem? > > Best regards, > > --------------------------------------------------------------------------------------------------------------------------------- > ?163-6017 ?????????6-8-1 ????????????? > ???? ???????? ????? ?????????? ???? > e-mail: taiki.fukuda at justsystems.com > ??: 5158 > TEL: 03-5324-7900 > mobile: 080-6198-7328 > > --------------------------------------------------------------------------------------------------------------------------------- > > > 2021?1?26?(?) 18:51 ???? <taiki.fukuda at justsystems.com>: > >> Dear Mr. Tuomi >> >> Thank you for the instruction. >> I was able to output rawlogs. >> The following is the result. >> >> 20210126-184744.22221.1.in? >> >> 1611654464.207331 HTTP/1.1 401 Unauthorized >> 1611654464.207331 Cache-Control: no-cache, no-store, max-age=0, must-revalidate >> 1611654464.207331 Pragma: no-cache >> 1611654464.207331 Expires: Mon, 01 Jan 1990 00:00:00 GMT >> 1611654464.207331 Date: Tue, 26 Jan 2021 09:47:44 GMT >> 1611654464.207331 Vary: X-Origin >> 1611654464.207331 Vary: Referer >> 1611654464.207331 Content-Type: application/json; charset=UTF-8 >> 1611654464.207331 Server: ESF >> 1611654464.207331 X-XSS-Protection: 0 >> 1611654464.207331 X-Frame-Options: SAMEORIGIN >> 1611654464.207331 X-Content-Type-Options: nosniff >> 1611654464.207331 Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" >> 1611654464.207331 Accept-Ranges: none >> 1611654464.207331 Vary: Origin,Accept-Encoding >> 1611654464.207331 Transfer-Encoding: chunked >> 1611654464.207331 >> 1611654464.207331 130 >> 1611654464.207331 { >> 1611654464.207331 "error": { >> 1611654464.207331 "code": 401, >> 1611654464.207331 "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.", >> 1611654464.207331 "status": "UNAUTHENTICATED" >> 1611654464.207331 } >> 1611654464.207331 } >> 1611654464.207331 >> 1611654464.207737 0 >> 1611654464.207737 >> >> 20210126-184744.22221.1.out? >> >> 1611654464.165704 GET /oauth2/v2/userinfo HTTP/1.1 >> 1611654464.165704 Host: www.googleapis.com >> 1611654464.165704 Date: Tue, 26 Jan 2021 09:47:44 GMT >> 1611654464.165704 User-Agent: dovecot-oauth2-passdb/2.3.13 >> 1611654464.165704 Connection: Keep-Alive >> 1611654464.165727 Authorization: Bearer ?????? >> 1611654464.165730 >> >> Best regards, >> ------------------------------ >> >> ?163-6017 ?????????6-8-1 ????????????? >> ???? ???????? ????? ?????????? ???? >> e-mail: taiki.fukuda at justsystems.com >> ??: 5158 >> TEL: 03-5324-7900 >> mobile: 080-6198-7328 >> ------------------------------ >> >> 2021?1?26?(?) 18:35 Aki Tuomi aki.tuomi at open-xchange.com >> <http://mailto:aki.tuomi at open-xchange.com>: >> >> No, the directory must exist. I'm sorry I wasn't clear enough when I >>> replied last time, but dovecot will not create the directory. You need to >>> create it and make it writable. >>> >>> Aki >>> >>> > On 26/01/2021 11:09 ???? <taiki.fukuda at justsystems.com> wrote: >>> > >>> > >>> > Dear Mr. Tuomi >>> > >>> > Sorry, I have added the setting PrivateTmp=no to >>> /etc/systemd/system/dovecot.service.d/override.conf >>> > However, /tmp/oauth2 was not created. >>> > >>> > Best regards, >>> > >>> > >>> --------------------------------------------------------------------------------------------------------------------------------- >>> > ?163-6017 ?????????6-8-1 ????????????? >>> > ???? ???????? ????? ?????????? ???? >>> > e-mail: taiki.fukuda at justsystems.com >>> > ??: 5158 >>> > TEL: 03-5324-7900 >>> > mobile: 080-6198-7328 >>> > >>> --------------------------------------------------------------------------------------------------------------------------------- >>> > >>> > >>> > >>> > 2021?1?26?(?) 18:01 Aki Tuomi <aki.tuomi at open-xchange.com>: >>> > > That is because you are using systemd, where the unit file, by >>> default, has PrivateTmp=yes. >>> > > >>> > > You can look under /tmp for dovecot private tmp directory and >>> create the directory there, or you can temporarily disable this security >>> measure. >>> > > >>> > > systemctl edit dovecot >>> > > >>> > > [Service] >>> > > PrivateTmp=no >>> > > >>> > > systemctl daemon-reload >>> > > systemctl restart dovecot >>> > > >>> > > Aki >>> > > >>> > > > On 26/01/2021 10:57 ???? <taiki.fukuda at justsystems.com> wrote: >>> > > > >>> > > > >>> > > > Dear Mr. Tuomi >>> > > > >>> > > > I have added the setting rawlog_dir = /tmp/oauth2 to >>> /etc/dovecot/dovecot-oauth2.conf.ext >>> > > > However, /tmp/oauth2 was not created. >>> > > > >>> > > > Best regards, >>> > > > >>> > > > >>> > > > >>> --------------------------------------------------------------------------------------------------------------------------------- >>> > > > ?163-6017 ?????????6-8-1 ????????????? >>> > > > ???? ???????? ????? ?????????? ???? >>> > > > e-mail: taiki.fukuda at justsystems.com >>> > > > ??: 5158 >>> > > > TEL: 03-5324-7900 >>> > > > mobile: 080-6198-7328 >>> > > > >>> --------------------------------------------------------------------------------------------------------------------------------- >>> > > > >>> > > > >>> > > > >>> > > > 2021?1?26?(?) 15:45 Aki Tuomi <aki.tuomi at open-xchange.com>: >>> > > > > Yes, however I still cannot see rawlogs. >>> > > > > >>> > > > > Aki >>> > > > > >>> > > > > > On 25/01/2021 10:25 ???? <taiki.fukuda at justsystems.com> >>> wrote: >>> > > > > > >>> > > > > > >>> > > > > > Yes. In my last email, I sent you the log of the result of >>> running with oauth debug logging enabled. >>> > > > > > /etc/dovecot/conf.d/10-logging.conf? >>> > > > > > ## >>> > > > > > ## Logging verbosity and debugging. >>> > > > > > ## >>> > > > > > >>> > > > > > # Log filter is a space-separated list conditions. If any of >>> the conditions >>> > > > > > # match, the log filter matches (i.e. they're ORed together). >>> Parenthesis >>> > > > > > # are supported if multiple conditions need to be matched >>> together. >>> > > > > > # Supported conditions are: >>> > > > > > # event:<name wildcard> - Match event name. '*' and '?' >>> wildcards supported. >>> > > > > > # source:<filename>[:<line number>] - Match source code >>> filename [and line] >>> > > > > > # field:<key>=<value wildcard> - Match field key to a value. >>> Can be specified >>> > > > > > # multiple times to match multiple keys. >>> > > > > > # cat[egory]:<value> - Match a category. Can be specified >>> multiple times to >>> > > > > > # match multiple categories. >>> > > > > > # For example: event:http_request_* (cat:error cat:storage) >>> > > > > > >>> > > > > > # Filter to specify what debug logging to enable. This will >>> eventually replace >>> > > > > > # mail_debug and auth_debug settings. >>> > > > > > log_debug=category=oauth2 >>> > > > > > >>> > > > > > ------------------------------ >>> > > > > > ?163-6017 ?????????6-8-1 ????????????? >>> > > > > > ???? ???????? ????? ?????????? ???? >>> > > > > > e-mail: taiki.fukuda at justsystems.com >>> > > > > > ??: 5158 >>> > > > > > TEL: 03-5324-7900 >>> > > > > > mobile: 080-6198-7328 >>> > > > > > ------------------------------ >>> > > > > > >>> > > > > > >>> > > > > > 2021?1?25?(?) 17:24 ???? <taiki.fukuda at justsystems.com>: >>> > > > > > > Yes. In my last email, I sent you the log of the result of >>> running with oauth debug logging enabled. >>> > > > > > > >>> > > > > > > /etc/dovecot/conf.d/10-logging.conf? >>> > > > > > > >>> > > > > > > ``` >>> > > > > > > ``` >>> > > > > > > >>> > > > > > > >>> > > > > > > >>> > > > > > > >>> --------------------------------------------------------------------------------------------------------------------------------- >>> > > > > > > ?163-6017 ?????????6-8-1 ????????????? >>> > > > > > > ???? ???????? ????? ?????????? ???? >>> > > > > > > e-mail: taiki.fukuda at justsystems.com >>> > > > > > > ??: 5158 >>> > > > > > > TEL: 03-5324-7900 >>> > > > > > > mobile: 080-6198-7328 >>> > > > > > > >>> --------------------------------------------------------------------------------------------------------------------------------- >>> > > > > > > >>> > > > > > > >>> > > > > > > >>> > > > > > > 2021?1?25?(?) 17:16 Aki Tuomi <aki.tuomi at open-xchange.com>: >>> > > > > > > > >>> > > > > > > > > On 25/01/2021 10:12 ???? <taiki.fukuda at justsystems.com> >>> wrote: >>> > > > > > > > > >>> > > > > > > > > >>> > > > > > > > > Dear Mr. Tuomi >>> > > > > > > > > Google is responding to me as Unauthorized. >>> > > > > > > > > So I need to send my credentials such as access token >>> in the request parameter for authentication in google?s Get User API >>> request. >>> > > > > > > > > But I don?t know how to configure dovecot to achieve >>> that. >>> > > > > > > > > Could you please help me with this? >>> > > > > > > > > Best regards, >>> > > > > > > > > >>> > > > > > > > > ------------------------------ >>> > > > > > > > > ?163-6017 ?????????6-8-1 ????????????? >>> > > > > > > > > ???? ???????? ????? ?????????? ???? >>> > > > > > > > > e-mail: taiki.fukuda at justsystems.com >>> > > > > > > > > ??: 5158 >>> > > > > > > > > TEL: 03-5324-7900 >>> > > > > > > > > >>> > > > > > > > > mobile: 080-6198-7328 >>> > > > > > > > >>> > > > > > > > >>> > > > > > > > Did you try the debugging things I mentioned? Your logs >>> do not indicate that you did. >>> > > > > > > > >>> > > > > > > > So, >>> > > > > > > > >>> > > > > > > > - Try turning on rawlogs for the oauth2 requests and see >>> what google is sending you? >>> > > > > > > > - You can also try log_debug=category=oauth2 (2.3.13) to >>> get more debug logs from oauth2. >>> > > > > > > > >>> > > > > > > > Aki >>> > > > > > > > >>> > > > > >>> > > >>> >>-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-) -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20210128/4af6f0ae/attachment-0001.html>