Google is responding to me as Unauthorized. So I need to send my credentials such as access token in the request parameter for authentication in google?s Get User API request. But I don?t know how to configure dovecot to achieve that. Could you please help me with this? Best regards, --------------------------------------------------------------------------------------------------------------------------------- ?163-6017 ?????????6-8-1 ????????????? ???? ???????? ????? ?????????? ???? e-mail: taiki.fukuda at justsystems.com ??: 5158 TEL: 03-5324-7900 mobile: 080-6198-7328 --------------------------------------------------------------------------------------------------------------------------------- 2021?1?29?(?) 3:30 Odhiambo Washington <odhiambo at gmail.com>:> Your clue is in the log: > > 1611654464.207331 "message": "Request is missing required authentication > credential. Expected OAuth 2 access token, login cookie or other valid > authentication credential. See > https://developers.google.com/identity/sign-in/web/devconsole-project.", > 1611654464.207331 "status": "UNAUTHENTICATED" 1611654464.207331 } > > > > On Thu, 28 Jan 2021 at 09:25, ???? <taiki.fukuda at justsystems.com> wrote: > >> Dear Mr. Tuomi >> >> Do you have any idea how to solve this problem? >> >> Best regards, >> >> --------------------------------------------------------------------------------------------------------------------------------- >> ?163-6017 ?????????6-8-1 ????????????? >> ???? ???????? ????? ?????????? ???? >> e-mail: taiki.fukuda at justsystems.com >> ??: 5158 >> TEL: 03-5324-7900 >> mobile: 080-6198-7328 >> >> --------------------------------------------------------------------------------------------------------------------------------- >> >> >> 2021?1?26?(?) 18:51 ???? <taiki.fukuda at justsystems.com>: >> >>> Dear Mr. Tuomi >>> >>> Thank you for the instruction. >>> I was able to output rawlogs. >>> The following is the result. >>> >>> 20210126-184744.22221.1.in? >>> >>> 1611654464.207331 HTTP/1.1 401 Unauthorized >>> 1611654464.207331 Cache-Control: no-cache, no-store, max-age=0, must-revalidate >>> 1611654464.207331 Pragma: no-cache >>> 1611654464.207331 Expires: Mon, 01 Jan 1990 00:00:00 GMT >>> 1611654464.207331 Date: Tue, 26 Jan 2021 09:47:44 GMT >>> 1611654464.207331 Vary: X-Origin >>> 1611654464.207331 Vary: Referer >>> 1611654464.207331 Content-Type: application/json; charset=UTF-8 >>> 1611654464.207331 Server: ESF >>> 1611654464.207331 X-XSS-Protection: 0 >>> 1611654464.207331 X-Frame-Options: SAMEORIGIN >>> 1611654464.207331 X-Content-Type-Options: nosniff >>> 1611654464.207331 Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" >>> 1611654464.207331 Accept-Ranges: none >>> 1611654464.207331 Vary: Origin,Accept-Encoding >>> 1611654464.207331 Transfer-Encoding: chunked >>> 1611654464.207331 >>> 1611654464.207331 130 >>> 1611654464.207331 { >>> 1611654464.207331 "error": { >>> 1611654464.207331 "code": 401, >>> 1611654464.207331 "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.", >>> 1611654464.207331 "status": "UNAUTHENTICATED" >>> 1611654464.207331 } >>> 1611654464.207331 } >>> 1611654464.207331 >>> 1611654464.207737 0 >>> 1611654464.207737 >>> >>> 20210126-184744.22221.1.out? >>> >>> 1611654464.165704 GET /oauth2/v2/userinfo HTTP/1.1 >>> 1611654464.165704 Host: www.googleapis.com >>> 1611654464.165704 Date: Tue, 26 Jan 2021 09:47:44 GMT >>> 1611654464.165704 User-Agent: dovecot-oauth2-passdb/2.3.13 >>> 1611654464.165704 Connection: Keep-Alive >>> 1611654464.165727 Authorization: Bearer ?????? >>> 1611654464.165730 >>> >>> Best regards, >>> ------------------------------ >>> >>> ?163-6017 ?????????6-8-1 ????????????? >>> ???? ???????? ????? ?????????? ???? >>> e-mail: taiki.fukuda at justsystems.com >>> ??: 5158 >>> TEL: 03-5324-7900 >>> mobile: 080-6198-7328 >>> ------------------------------ >>> >>> 2021?1?26?(?) 18:35 Aki Tuomi aki.tuomi at open-xchange.com >>> <http://mailto:aki.tuomi at open-xchange.com>: >>> >>> No, the directory must exist. I'm sorry I wasn't clear enough when I >>>> replied last time, but dovecot will not create the directory. You need to >>>> create it and make it writable. >>>> >>>> Aki >>>> >>>> > On 26/01/2021 11:09 ???? <taiki.fukuda at justsystems.com> wrote: >>>> > >>>> > >>>> > Dear Mr. Tuomi >>>> > >>>> > Sorry, I have added the setting PrivateTmp=no to >>>> /etc/systemd/system/dovecot.service.d/override.conf >>>> > However, /tmp/oauth2 was not created. >>>> > >>>> > Best regards, >>>> > >>>> > >>>> --------------------------------------------------------------------------------------------------------------------------------- >>>> > ?163-6017 ?????????6-8-1 ????????????? >>>> > ???? ???????? ????? ?????????? ???? >>>> > e-mail: taiki.fukuda at justsystems.com >>>> > ??: 5158 >>>> > TEL: 03-5324-7900 >>>> > mobile: 080-6198-7328 >>>> > >>>> --------------------------------------------------------------------------------------------------------------------------------- >>>> > >>>> > >>>> > >>>> > 2021?1?26?(?) 18:01 Aki Tuomi <aki.tuomi at open-xchange.com>: >>>> > > That is because you are using systemd, where the unit file, by >>>> default, has PrivateTmp=yes. >>>> > > >>>> > > You can look under /tmp for dovecot private tmp directory and >>>> create the directory there, or you can temporarily disable this security >>>> measure. >>>> > > >>>> > > systemctl edit dovecot >>>> > > >>>> > > [Service] >>>> > > PrivateTmp=no >>>> > > >>>> > > systemctl daemon-reload >>>> > > systemctl restart dovecot >>>> > > >>>> > > Aki >>>> > > >>>> > > > On 26/01/2021 10:57 ???? <taiki.fukuda at justsystems.com> wrote: >>>> > > > >>>> > > > >>>> > > > Dear Mr. Tuomi >>>> > > > >>>> > > > I have added the setting rawlog_dir = /tmp/oauth2 to >>>> /etc/dovecot/dovecot-oauth2.conf.ext >>>> > > > However, /tmp/oauth2 was not created. >>>> > > > >>>> > > > Best regards, >>>> > > > >>>> > > > >>>> > > > >>>> --------------------------------------------------------------------------------------------------------------------------------- >>>> > > > ?163-6017 ?????????6-8-1 ????????????? >>>> > > > ???? ???????? ????? ?????????? ???? >>>> > > > e-mail: taiki.fukuda at justsystems.com >>>> > > > ??: 5158 >>>> > > > TEL: 03-5324-7900 >>>> > > > mobile: 080-6198-7328 >>>> > > > >>>> --------------------------------------------------------------------------------------------------------------------------------- >>>> > > > >>>> > > > >>>> > > > >>>> > > > 2021?1?26?(?) 15:45 Aki Tuomi <aki.tuomi at open-xchange.com>: >>>> > > > > Yes, however I still cannot see rawlogs. >>>> > > > > >>>> > > > > Aki >>>> > > > > >>>> > > > > > On 25/01/2021 10:25 ???? <taiki.fukuda at justsystems.com> >>>> wrote: >>>> > > > > > >>>> > > > > > >>>> > > > > > Yes. In my last email, I sent you the log of the result of >>>> running with oauth debug logging enabled. >>>> > > > > > /etc/dovecot/conf.d/10-logging.conf? >>>> > > > > > ## >>>> > > > > > ## Logging verbosity and debugging. >>>> > > > > > ## >>>> > > > > > >>>> > > > > > # Log filter is a space-separated list conditions. If any of >>>> the conditions >>>> > > > > > # match, the log filter matches (i.e. they're ORed >>>> together). Parenthesis >>>> > > > > > # are supported if multiple conditions need to be matched >>>> together. >>>> > > > > > # Supported conditions are: >>>> > > > > > # event:<name wildcard> - Match event name. '*' and '?' >>>> wildcards supported. >>>> > > > > > # source:<filename>[:<line number>] - Match source code >>>> filename [and line] >>>> > > > > > # field:<key>=<value wildcard> - Match field key to a value. >>>> Can be specified >>>> > > > > > # multiple times to match multiple keys. >>>> > > > > > # cat[egory]:<value> - Match a category. Can be specified >>>> multiple times to >>>> > > > > > # match multiple categories. >>>> > > > > > # For example: event:http_request_* (cat:error cat:storage) >>>> > > > > > >>>> > > > > > # Filter to specify what debug logging to enable. This will >>>> eventually replace >>>> > > > > > # mail_debug and auth_debug settings. >>>> > > > > > log_debug=category=oauth2 >>>> > > > > > >>>> > > > > > ------------------------------ >>>> > > > > > ?163-6017 ?????????6-8-1 ????????????? >>>> > > > > > ???? ???????? ????? ?????????? ???? >>>> > > > > > e-mail: taiki.fukuda at justsystems.com >>>> > > > > > ??: 5158 >>>> > > > > > TEL: 03-5324-7900 >>>> > > > > > mobile: 080-6198-7328 >>>> > > > > > ------------------------------ >>>> > > > > > >>>> > > > > > >>>> > > > > > 2021?1?25?(?) 17:24 ???? <taiki.fukuda at justsystems.com>: >>>> > > > > > > Yes. In my last email, I sent you the log of the result of >>>> running with oauth debug logging enabled. >>>> > > > > > > >>>> > > > > > > /etc/dovecot/conf.d/10-logging.conf? >>>> > > > > > > >>>> > > > > > > ``` >>>> > > > > > > ``` >>>> > > > > > > >>>> > > > > > > >>>> > > > > > > >>>> > > > > > > >>>> --------------------------------------------------------------------------------------------------------------------------------- >>>> > > > > > > ?163-6017 ?????????6-8-1 ????????????? >>>> > > > > > > ???? ???????? ????? ?????????? ???? >>>> > > > > > > e-mail: taiki.fukuda at justsystems.com >>>> > > > > > > ??: 5158 >>>> > > > > > > TEL: 03-5324-7900 >>>> > > > > > > mobile: 080-6198-7328 >>>> > > > > > > >>>> --------------------------------------------------------------------------------------------------------------------------------- >>>> > > > > > > >>>> > > > > > > >>>> > > > > > > >>>> > > > > > > 2021?1?25?(?) 17:16 Aki Tuomi <aki.tuomi at open-xchange.com >>>> >: >>>> > > > > > > > >>>> > > > > > > > > On 25/01/2021 10:12 ???? <taiki.fukuda at justsystems.com> >>>> wrote: >>>> > > > > > > > > >>>> > > > > > > > > >>>> > > > > > > > > Dear Mr. Tuomi >>>> > > > > > > > > Google is responding to me as Unauthorized. >>>> > > > > > > > > So I need to send my credentials such as access token >>>> in the request parameter for authentication in google?s Get User API >>>> request. >>>> > > > > > > > > But I don?t know how to configure dovecot to achieve >>>> that. >>>> > > > > > > > > Could you please help me with this? >>>> > > > > > > > > Best regards, >>>> > > > > > > > > >>>> > > > > > > > > ------------------------------ >>>> > > > > > > > > ?163-6017 ?????????6-8-1 ????????????? >>>> > > > > > > > > ???? ???????? ????? ?????????? ???? >>>> > > > > > > > > e-mail: taiki.fukuda at justsystems.com >>>> > > > > > > > > ??: 5158 >>>> > > > > > > > > TEL: 03-5324-7900 >>>> > > > > > > > > >>>> > > > > > > > > mobile: 080-6198-7328 >>>> > > > > > > > >>>> > > > > > > > >>>> > > > > > > > Did you try the debugging things I mentioned? Your logs >>>> do not indicate that you did. >>>> > > > > > > > >>>> > > > > > > > So, >>>> > > > > > > > >>>> > > > > > > > - Try turning on rawlogs for the oauth2 requests and see >>>> what google is sending you? >>>> > > > > > > > - You can also try log_debug=category=oauth2 (2.3.13) to >>>> get more debug logs from oauth2. >>>> > > > > > > > >>>> > > > > > > > Aki >>>> > > > > > > > >>>> > > > > >>>> > > >>>> >>> > > -- > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254 7 3200 0004/+254 7 2274 3223 > "Oh, the cruft.", grep ^[^#] :-) >-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20210129/e2ac2e87/attachment-0001.html>
Odhiambo Washington
2021-Jan-29 08:57 UTC
[EXT] Re: Reminder Re: Dovecot Gmail OAuth2.0 Setting Question
You broke this thread. In the original thread, I remember seeing Aki gave you the configuration which he believed might work. The next thing I thought was for you to go to https://developers.google.com/identity/sign-in/web/devconsole-project and get an access token. PS: I have never configured this kind of thing so I was only following the thread to try and understand what it entails. On Fri, 29 Jan 2021 at 04:00, ???? <taiki.fukuda at justsystems.com> wrote:> Google is responding to me as Unauthorized. > So I need to send my credentials such as access token in the request > parameter for authentication in google?s Get User API request. > But I don?t know how to configure dovecot to achieve that. > Could you please help me with this? > > Best regards, > > --------------------------------------------------------------------------------------------------------------------------------- > ?163-6017 ?????????6-8-1 ????????????? > ???? ???????? ????? ?????????? ???? > e-mail: taiki.fukuda at justsystems.com > ??: 5158 > TEL: 03-5324-7900 > mobile: 080-6198-7328 > > --------------------------------------------------------------------------------------------------------------------------------- > > > 2021?1?29?(?) 3:30 Odhiambo Washington <odhiambo at gmail.com>: > >> Your clue is in the log: >> >> 1611654464.207331 "message": "Request is missing required authentication >> credential. Expected OAuth 2 access token, login cookie or other valid >> authentication credential. See >> https://developers.google.com/identity/sign-in/web/devconsole-project.", >> 1611654464.207331 "status": "UNAUTHENTICATED" 1611654464.207331 } >> >> >> >> On Thu, 28 Jan 2021 at 09:25, ???? <taiki.fukuda at justsystems.com> wrote: >> >>> Dear Mr. Tuomi >>> >>> Do you have any idea how to solve this problem? >>> >>> Best regards, >>> >>> --------------------------------------------------------------------------------------------------------------------------------- >>> ?163-6017 ?????????6-8-1 ????????????? >>> ???? ???????? ????? ?????????? ???? >>> e-mail: taiki.fukuda at justsystems.com >>> ??: 5158 >>> TEL: 03-5324-7900 >>> mobile: 080-6198-7328 >>> >>> --------------------------------------------------------------------------------------------------------------------------------- >>> >>> >>> 2021?1?26?(?) 18:51 ???? <taiki.fukuda at justsystems.com>: >>> >>>> Dear Mr. Tuomi >>>> >>>> Thank you for the instruction. >>>> I was able to output rawlogs. >>>> The following is the result. >>>> >>>> 20210126-184744.22221.1.in? >>>> >>>> 1611654464.207331 HTTP/1.1 401 Unauthorized >>>> 1611654464.207331 Cache-Control: no-cache, no-store, max-age=0, must-revalidate >>>> 1611654464.207331 Pragma: no-cache >>>> 1611654464.207331 Expires: Mon, 01 Jan 1990 00:00:00 GMT >>>> 1611654464.207331 Date: Tue, 26 Jan 2021 09:47:44 GMT >>>> 1611654464.207331 Vary: X-Origin >>>> 1611654464.207331 Vary: Referer >>>> 1611654464.207331 Content-Type: application/json; charset=UTF-8 >>>> 1611654464.207331 Server: ESF >>>> 1611654464.207331 X-XSS-Protection: 0 >>>> 1611654464.207331 X-Frame-Options: SAMEORIGIN >>>> 1611654464.207331 X-Content-Type-Options: nosniff >>>> 1611654464.207331 Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" >>>> 1611654464.207331 Accept-Ranges: none >>>> 1611654464.207331 Vary: Origin,Accept-Encoding >>>> 1611654464.207331 Transfer-Encoding: chunked >>>> 1611654464.207331 >>>> 1611654464.207331 130 >>>> 1611654464.207331 { >>>> 1611654464.207331 "error": { >>>> 1611654464.207331 "code": 401, >>>> 1611654464.207331 "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.", >>>> 1611654464.207331 "status": "UNAUTHENTICATED" >>>> 1611654464.207331 } >>>> 1611654464.207331 } >>>> 1611654464.207331 >>>> 1611654464.207737 0 >>>> 1611654464.207737 >>>> >>>> 20210126-184744.22221.1.out? >>>> >>>> 1611654464.165704 GET /oauth2/v2/userinfo HTTP/1.1 >>>> 1611654464.165704 Host: www.googleapis.com >>>> 1611654464.165704 Date: Tue, 26 Jan 2021 09:47:44 GMT >>>> 1611654464.165704 User-Agent: dovecot-oauth2-passdb/2.3.13 >>>> 1611654464.165704 Connection: Keep-Alive >>>> 1611654464.165727 Authorization: Bearer ?????? >>>> 1611654464.165730 >>>> >>>> Best regards, >>>> ------------------------------ >>>> >>>> ?163-6017 ?????????6-8-1 ????????????? >>>> ???? ???????? ????? ?????????? ???? >>>> e-mail: taiki.fukuda at justsystems.com >>>> ??: 5158 >>>> TEL: 03-5324-7900 >>>> mobile: 080-6198-7328 >>>> ------------------------------ >>>> >>>> 2021?1?26?(?) 18:35 Aki Tuomi aki.tuomi at open-xchange.com >>>> <http://mailto:aki.tuomi at open-xchange.com>: >>>> >>>> No, the directory must exist. I'm sorry I wasn't clear enough when I >>>>> replied last time, but dovecot will not create the directory. You need to >>>>> create it and make it writable. >>>>> >>>>> Aki >>>>> >>>>> > On 26/01/2021 11:09 ???? <taiki.fukuda at justsystems.com> wrote: >>>>> > >>>>> > >>>>> > Dear Mr. Tuomi >>>>> > >>>>> > Sorry, I have added the setting PrivateTmp=no to >>>>> /etc/systemd/system/dovecot.service.d/override.conf >>>>> > However, /tmp/oauth2 was not created. >>>>> > >>>>> > Best regards, >>>>> > >>>>> > >>>>> --------------------------------------------------------------------------------------------------------------------------------- >>>>> > ?163-6017 ?????????6-8-1 ????????????? >>>>> > ???? ???????? ????? ?????????? ???? >>>>> > e-mail: taiki.fukuda at justsystems.com >>>>> > ??: 5158 >>>>> > TEL: 03-5324-7900 >>>>> > mobile: 080-6198-7328 >>>>> > >>>>> --------------------------------------------------------------------------------------------------------------------------------- >>>>> > >>>>> > >>>>> > >>>>> > 2021?1?26?(?) 18:01 Aki Tuomi <aki.tuomi at open-xchange.com>: >>>>> > > That is because you are using systemd, where the unit file, by >>>>> default, has PrivateTmp=yes. >>>>> > > >>>>> > > You can look under /tmp for dovecot private tmp directory and >>>>> create the directory there, or you can temporarily disable this security >>>>> measure. >>>>> > > >>>>> > > systemctl edit dovecot >>>>> > > >>>>> > > [Service] >>>>> > > PrivateTmp=no >>>>> > > >>>>> > > systemctl daemon-reload >>>>> > > systemctl restart dovecot >>>>> > > >>>>> > > Aki >>>>> > > >>>>> > > > On 26/01/2021 10:57 ???? <taiki.fukuda at justsystems.com> wrote: >>>>> > > > >>>>> > > > >>>>> > > > Dear Mr. Tuomi >>>>> > > > >>>>> > > > I have added the setting rawlog_dir = /tmp/oauth2 to >>>>> /etc/dovecot/dovecot-oauth2.conf.ext >>>>> > > > However, /tmp/oauth2 was not created. >>>>> > > > >>>>> > > > Best regards, >>>>> > > > >>>>> > > > >>>>> > > > >>>>> --------------------------------------------------------------------------------------------------------------------------------- >>>>> > > > ?163-6017 ?????????6-8-1 ????????????? >>>>> > > > ???? ???????? ????? ?????????? ???? >>>>> > > > e-mail: taiki.fukuda at justsystems.com >>>>> > > > ??: 5158 >>>>> > > > TEL: 03-5324-7900 >>>>> > > > mobile: 080-6198-7328 >>>>> > > > >>>>> --------------------------------------------------------------------------------------------------------------------------------- >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > 2021?1?26?(?) 15:45 Aki Tuomi <aki.tuomi at open-xchange.com>: >>>>> > > > > Yes, however I still cannot see rawlogs. >>>>> > > > > >>>>> > > > > Aki >>>>> > > > > >>>>> > > > > > On 25/01/2021 10:25 ???? <taiki.fukuda at justsystems.com> >>>>> wrote: >>>>> > > > > > >>>>> > > > > > >>>>> > > > > > Yes. In my last email, I sent you the log of the result of >>>>> running with oauth debug logging enabled. >>>>> > > > > > /etc/dovecot/conf.d/10-logging.conf? >>>>> > > > > > ## >>>>> > > > > > ## Logging verbosity and debugging. >>>>> > > > > > ## >>>>> > > > > > >>>>> > > > > > # Log filter is a space-separated list conditions. If any >>>>> of the conditions >>>>> > > > > > # match, the log filter matches (i.e. they're ORed >>>>> together). Parenthesis >>>>> > > > > > # are supported if multiple conditions need to be matched >>>>> together. >>>>> > > > > > # Supported conditions are: >>>>> > > > > > # event:<name wildcard> - Match event name. '*' and '?' >>>>> wildcards supported. >>>>> > > > > > # source:<filename>[:<line number>] - Match source code >>>>> filename [and line] >>>>> > > > > > # field:<key>=<value wildcard> - Match field key to a >>>>> value. Can be specified >>>>> > > > > > # multiple times to match multiple keys. >>>>> > > > > > # cat[egory]:<value> - Match a category. Can be specified >>>>> multiple times to >>>>> > > > > > # match multiple categories. >>>>> > > > > > # For example: event:http_request_* (cat:error cat:storage) >>>>> > > > > > >>>>> > > > > > # Filter to specify what debug logging to enable. This will >>>>> eventually replace >>>>> > > > > > # mail_debug and auth_debug settings. >>>>> > > > > > log_debug=category=oauth2 >>>>> > > > > > >>>>> > > > > > ------------------------------ >>>>> > > > > > ?163-6017 ?????????6-8-1 ????????????? >>>>> > > > > > ???? ???????? ????? ?????????? ???? >>>>> > > > > > e-mail: taiki.fukuda at justsystems.com >>>>> > > > > > ??: 5158 >>>>> > > > > > TEL: 03-5324-7900 >>>>> > > > > > mobile: 080-6198-7328 >>>>> > > > > > ------------------------------ >>>>> > > > > > >>>>> > > > > > >>>>> > > > > > 2021?1?25?(?) 17:24 ???? <taiki.fukuda at justsystems.com>: >>>>> > > > > > > Yes. In my last email, I sent you the log of the result >>>>> of running with oauth debug logging enabled. >>>>> > > > > > > >>>>> > > > > > > /etc/dovecot/conf.d/10-logging.conf? >>>>> > > > > > > >>>>> > > > > > > ``` >>>>> > > > > > > ``` >>>>> > > > > > > >>>>> > > > > > > >>>>> > > > > > > >>>>> > > > > > > >>>>> --------------------------------------------------------------------------------------------------------------------------------- >>>>> > > > > > > ?163-6017 ?????????6-8-1 ????????????? >>>>> > > > > > > ???? ???????? ????? ?????????? ???? >>>>> > > > > > > e-mail: taiki.fukuda at justsystems.com >>>>> > > > > > > ??: 5158 >>>>> > > > > > > TEL: 03-5324-7900 >>>>> > > > > > > mobile: 080-6198-7328 >>>>> > > > > > > >>>>> --------------------------------------------------------------------------------------------------------------------------------- >>>>> > > > > > > >>>>> > > > > > > >>>>> > > > > > > >>>>> > > > > > > 2021?1?25?(?) 17:16 Aki Tuomi <aki.tuomi at open-xchange.com >>>>> >: >>>>> > > > > > > > >>>>> > > > > > > > > On 25/01/2021 10:12 ???? < >>>>> taiki.fukuda at justsystems.com> wrote: >>>>> > > > > > > > > >>>>> > > > > > > > > >>>>> > > > > > > > > Dear Mr. Tuomi >>>>> > > > > > > > > Google is responding to me as Unauthorized. >>>>> > > > > > > > > So I need to send my credentials such as access token >>>>> in the request parameter for authentication in google?s Get User API >>>>> request. >>>>> > > > > > > > > But I don?t know how to configure dovecot to achieve >>>>> that. >>>>> > > > > > > > > Could you please help me with this? >>>>> > > > > > > > > Best regards, >>>>> > > > > > > > > >>>>> > > > > > > > > ------------------------------ >>>>> > > > > > > > > ?163-6017 ?????????6-8-1 ????????????? >>>>> > > > > > > > > ???? ???????? ????? ?????????? ???? >>>>> > > > > > > > > e-mail: taiki.fukuda at justsystems.com >>>>> > > > > > > > > ??: 5158 >>>>> > > > > > > > > TEL: 03-5324-7900 >>>>> > > > > > > > > >>>>> > > > > > > > > mobile: 080-6198-7328 >>>>> > > > > > > > >>>>> > > > > > > > >>>>> > > > > > > > Did you try the debugging things I mentioned? Your logs >>>>> do not indicate that you did. >>>>> > > > > > > > >>>>> > > > > > > > So, >>>>> > > > > > > > >>>>> > > > > > > > - Try turning on rawlogs for the oauth2 requests and >>>>> see what google is sending you? >>>>> > > > > > > > - You can also try log_debug=category=oauth2 (2.3.13) >>>>> to get more debug logs from oauth2. >>>>> > > > > > > > >>>>> > > > > > > > Aki >>>>> > > > > > > > >>>>> > > > > >>>>> > > >>>>> >>>> >> >> -- >> Best regards, >> Odhiambo WASHINGTON, >> Nairobi,KE >> +254 7 3200 0004/+254 7 2274 3223 >> "Oh, the cruft.", grep ^[^#] :-) >> >-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-) -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20210129/83825481/attachment-0001.html>
Dear Mr. Tuomi I created a gmail service account. and I have implemented the process of getting an access token using a gmail service account. https://developers.google.com/identity/protocols/oauth2/service-account I think I then need to set the grant_url to a URL that returns an access token and send that access token to the introspection_url, is that correct? Best regards, --------------------------------------------------------------------------------------------------------------------------------- ?163-6017 ?????????6-8-1 ????????????? ???? ???????? ????? ?????????? ???? e-mail: taiki.fukuda at justsystems.com ??: 5158 TEL: 03-5324-7900 mobile: 080-6198-7328 --------------------------------------------------------------------------------------------------------------------------------- 2021?1?29?(?) 17:58 Odhiambo Washington <odhiambo at gmail.com>:> You broke this thread. In the original thread, I remember seeing Aki gave > you the configuration which he believed might work. > The next thing I thought was for you to go to > https://developers.google.com/identity/sign-in/web/devconsole-project and > get an access token. > > PS: I have never configured this kind of thing so I was only following the > thread to try and understand what it entails. > > > On Fri, 29 Jan 2021 at 04:00, ???? <taiki.fukuda at justsystems.com> wrote: > >> Google is responding to me as Unauthorized. >> So I need to send my credentials such as access token in the request >> parameter for authentication in google?s Get User API request. >> But I don?t know how to configure dovecot to achieve that. >> Could you please help me with this? >> >> Best regards, >> >> --------------------------------------------------------------------------------------------------------------------------------- >> ?163-6017 ?????????6-8-1 ????????????? >> ???? ???????? ????? ?????????? ???? >> e-mail: taiki.fukuda at justsystems.com >> ??: 5158 >> TEL: 03-5324-7900 >> mobile: 080-6198-7328 >> >> --------------------------------------------------------------------------------------------------------------------------------- >> >> >> 2021?1?29?(?) 3:30 Odhiambo Washington <odhiambo at gmail.com>: >> >>> Your clue is in the log: >>> >>> 1611654464.207331 "message": "Request is missing required authentication >>> credential. Expected OAuth 2 access token, login cookie or other valid >>> authentication credential. See >>> https://developers.google.com/identity/sign-in/web/devconsole-project.", >>> 1611654464.207331 "status": "UNAUTHENTICATED" 1611654464.207331 } >>> >>> >>> >>> On Thu, 28 Jan 2021 at 09:25, ???? <taiki.fukuda at justsystems.com> wrote: >>> >>>> Dear Mr. Tuomi >>>> >>>> Do you have any idea how to solve this problem? >>>> >>>> Best regards, >>>> >>>> --------------------------------------------------------------------------------------------------------------------------------- >>>> ?163-6017 ?????????6-8-1 ????????????? >>>> ???? ???????? ????? ?????????? ???? >>>> e-mail: taiki.fukuda at justsystems.com >>>> ??: 5158 >>>> TEL: 03-5324-7900 >>>> mobile: 080-6198-7328 >>>> >>>> --------------------------------------------------------------------------------------------------------------------------------- >>>> >>>> >>>> 2021?1?26?(?) 18:51 ???? <taiki.fukuda at justsystems.com>: >>>> >>>>> Dear Mr. Tuomi >>>>> >>>>> Thank you for the instruction. >>>>> I was able to output rawlogs. >>>>> The following is the result. >>>>> >>>>> 20210126-184744.22221.1.in? >>>>> >>>>> 1611654464.207331 HTTP/1.1 401 Unauthorized >>>>> 1611654464.207331 Cache-Control: no-cache, no-store, max-age=0, must-revalidate >>>>> 1611654464.207331 Pragma: no-cache >>>>> 1611654464.207331 Expires: Mon, 01 Jan 1990 00:00:00 GMT >>>>> 1611654464.207331 Date: Tue, 26 Jan 2021 09:47:44 GMT >>>>> 1611654464.207331 Vary: X-Origin >>>>> 1611654464.207331 Vary: Referer >>>>> 1611654464.207331 Content-Type: application/json; charset=UTF-8 >>>>> 1611654464.207331 Server: ESF >>>>> 1611654464.207331 X-XSS-Protection: 0 >>>>> 1611654464.207331 X-Frame-Options: SAMEORIGIN >>>>> 1611654464.207331 X-Content-Type-Options: nosniff >>>>> 1611654464.207331 Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" >>>>> 1611654464.207331 Accept-Ranges: none >>>>> 1611654464.207331 Vary: Origin,Accept-Encoding >>>>> 1611654464.207331 Transfer-Encoding: chunked >>>>> 1611654464.207331 >>>>> 1611654464.207331 130 >>>>> 1611654464.207331 { >>>>> 1611654464.207331 "error": { >>>>> 1611654464.207331 "code": 401, >>>>> 1611654464.207331 "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.", >>>>> 1611654464.207331 "status": "UNAUTHENTICATED" >>>>> 1611654464.207331 } >>>>> 1611654464.207331 } >>>>> 1611654464.207331 >>>>> 1611654464.207737 0 >>>>> 1611654464.207737 >>>>> >>>>> 20210126-184744.22221.1.out? >>>>> >>>>> 1611654464.165704 GET /oauth2/v2/userinfo HTTP/1.1 >>>>> 1611654464.165704 Host: www.googleapis.com >>>>> 1611654464.165704 Date: Tue, 26 Jan 2021 09:47:44 GMT >>>>> 1611654464.165704 User-Agent: dovecot-oauth2-passdb/2.3.13 >>>>> 1611654464.165704 Connection: Keep-Alive >>>>> 1611654464.165727 Authorization: Bearer ?????? >>>>> 1611654464.165730 >>>>> >>>>> Best regards, >>>>> ------------------------------ >>>>> >>>>> ?163-6017 ?????????6-8-1 ????????????? >>>>> ???? ???????? ????? ?????????? ???? >>>>> e-mail: taiki.fukuda at justsystems.com >>>>> ??: 5158 >>>>> TEL: 03-5324-7900 >>>>> mobile: 080-6198-7328 >>>>> ------------------------------ >>>>> >>>>> 2021?1?26?(?) 18:35 Aki Tuomi aki.tuomi at open-xchange.com >>>>> <http://mailto:aki.tuomi at open-xchange.com>: >>>>> >>>>> No, the directory must exist. I'm sorry I wasn't clear enough when I >>>>>> replied last time, but dovecot will not create the directory. You need to >>>>>> create it and make it writable. >>>>>> >>>>>> Aki >>>>>> >>>>>> > On 26/01/2021 11:09 ???? <taiki.fukuda at justsystems.com> wrote: >>>>>> > >>>>>> > >>>>>> > Dear Mr. Tuomi >>>>>> > >>>>>> > Sorry, I have added the setting PrivateTmp=no to >>>>>> /etc/systemd/system/dovecot.service.d/override.conf >>>>>> > However, /tmp/oauth2 was not created. >>>>>> > >>>>>> > Best regards, >>>>>> > >>>>>> > >>>>>> --------------------------------------------------------------------------------------------------------------------------------- >>>>>> > ?163-6017 ?????????6-8-1 ????????????? >>>>>> > ???? ???????? ????? ?????????? ???? >>>>>> > e-mail: taiki.fukuda at justsystems.com >>>>>> > ??: 5158 >>>>>> > TEL: 03-5324-7900 >>>>>> > mobile: 080-6198-7328 >>>>>> > >>>>>> --------------------------------------------------------------------------------------------------------------------------------- >>>>>> > >>>>>> > >>>>>> > >>>>>> > 2021?1?26?(?) 18:01 Aki Tuomi <aki.tuomi at open-xchange.com>: >>>>>> > > That is because you are using systemd, where the unit file, by >>>>>> default, has PrivateTmp=yes. >>>>>> > > >>>>>> > > You can look under /tmp for dovecot private tmp directory and >>>>>> create the directory there, or you can temporarily disable this security >>>>>> measure. >>>>>> > > >>>>>> > > systemctl edit dovecot >>>>>> > > >>>>>> > > [Service] >>>>>> > > PrivateTmp=no >>>>>> > > >>>>>> > > systemctl daemon-reload >>>>>> > > systemctl restart dovecot >>>>>> > > >>>>>> > > Aki >>>>>> > > >>>>>> > > > On 26/01/2021 10:57 ???? <taiki.fukuda at justsystems.com> wrote: >>>>>> > > > >>>>>> > > > >>>>>> > > > Dear Mr. Tuomi >>>>>> > > > >>>>>> > > > I have added the setting rawlog_dir = /tmp/oauth2 to >>>>>> /etc/dovecot/dovecot-oauth2.conf.ext >>>>>> > > > However, /tmp/oauth2 was not created. >>>>>> > > > >>>>>> > > > Best regards, >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>> --------------------------------------------------------------------------------------------------------------------------------- >>>>>> > > > ?163-6017 ?????????6-8-1 ????????????? >>>>>> > > > ???? ???????? ????? ?????????? ???? >>>>>> > > > e-mail: taiki.fukuda at justsystems.com >>>>>> > > > ??: 5158 >>>>>> > > > TEL: 03-5324-7900 >>>>>> > > > mobile: 080-6198-7328 >>>>>> > > > >>>>>> --------------------------------------------------------------------------------------------------------------------------------- >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > 2021?1?26?(?) 15:45 Aki Tuomi <aki.tuomi at open-xchange.com>: >>>>>> > > > > Yes, however I still cannot see rawlogs. >>>>>> > > > > >>>>>> > > > > Aki >>>>>> > > > > >>>>>> > > > > > On 25/01/2021 10:25 ???? <taiki.fukuda at justsystems.com> >>>>>> wrote: >>>>>> > > > > > >>>>>> > > > > > >>>>>> > > > > > Yes. In my last email, I sent you the log of the result of >>>>>> running with oauth debug logging enabled. >>>>>> > > > > > /etc/dovecot/conf.d/10-logging.conf? >>>>>> > > > > > ## >>>>>> > > > > > ## Logging verbosity and debugging. >>>>>> > > > > > ## >>>>>> > > > > > >>>>>> > > > > > # Log filter is a space-separated list conditions. If any >>>>>> of the conditions >>>>>> > > > > > # match, the log filter matches (i.e. they're ORed >>>>>> together). Parenthesis >>>>>> > > > > > # are supported if multiple conditions need to be matched >>>>>> together. >>>>>> > > > > > # Supported conditions are: >>>>>> > > > > > # event:<name wildcard> - Match event name. '*' and '?' >>>>>> wildcards supported. >>>>>> > > > > > # source:<filename>[:<line number>] - Match source code >>>>>> filename [and line] >>>>>> > > > > > # field:<key>=<value wildcard> - Match field key to a >>>>>> value. Can be specified >>>>>> > > > > > # multiple times to match multiple keys. >>>>>> > > > > > # cat[egory]:<value> - Match a category. Can be specified >>>>>> multiple times to >>>>>> > > > > > # match multiple categories. >>>>>> > > > > > # For example: event:http_request_* (cat:error cat:storage) >>>>>> > > > > > >>>>>> > > > > > # Filter to specify what debug logging to enable. This >>>>>> will eventually replace >>>>>> > > > > > # mail_debug and auth_debug settings. >>>>>> > > > > > log_debug=category=oauth2 >>>>>> > > > > > >>>>>> > > > > > ------------------------------ >>>>>> > > > > > ?163-6017 ?????????6-8-1 ????????????? >>>>>> > > > > > ???? ???????? ????? ?????????? ???? >>>>>> > > > > > e-mail: taiki.fukuda at justsystems.com >>>>>> > > > > > ??: 5158 >>>>>> > > > > > TEL: 03-5324-7900 >>>>>> > > > > > mobile: 080-6198-7328 >>>>>> > > > > > ------------------------------ >>>>>> > > > > > >>>>>> > > > > > >>>>>> > > > > > 2021?1?25?(?) 17:24 ???? <taiki.fukuda at justsystems.com>: >>>>>> > > > > > > Yes. In my last email, I sent you the log of the result >>>>>> of running with oauth debug logging enabled. >>>>>> > > > > > > >>>>>> > > > > > > /etc/dovecot/conf.d/10-logging.conf? >>>>>> > > > > > > >>>>>> > > > > > > ``` >>>>>> > > > > > > ``` >>>>>> > > > > > > >>>>>> > > > > > > >>>>>> > > > > > > >>>>>> > > > > > > >>>>>> --------------------------------------------------------------------------------------------------------------------------------- >>>>>> > > > > > > ?163-6017 ?????????6-8-1 ????????????? >>>>>> > > > > > > ???? ???????? ????? ?????????? ???? >>>>>> > > > > > > e-mail: taiki.fukuda at justsystems.com >>>>>> > > > > > > ??: 5158 >>>>>> > > > > > > TEL: 03-5324-7900 >>>>>> > > > > > > mobile: 080-6198-7328 >>>>>> > > > > > > >>>>>> --------------------------------------------------------------------------------------------------------------------------------- >>>>>> > > > > > > >>>>>> > > > > > > >>>>>> > > > > > > >>>>>> > > > > > > 2021?1?25?(?) 17:16 Aki Tuomi < >>>>>> aki.tuomi at open-xchange.com>: >>>>>> > > > > > > > >>>>>> > > > > > > > > On 25/01/2021 10:12 ???? < >>>>>> taiki.fukuda at justsystems.com> wrote: >>>>>> > > > > > > > > >>>>>> > > > > > > > > >>>>>> > > > > > > > > Dear Mr. Tuomi >>>>>> > > > > > > > > Google is responding to me as Unauthorized. >>>>>> > > > > > > > > So I need to send my credentials such as access >>>>>> token in the request parameter for authentication in google?s Get User API >>>>>> request. >>>>>> > > > > > > > > But I don?t know how to configure dovecot to achieve >>>>>> that. >>>>>> > > > > > > > > Could you please help me with this? >>>>>> > > > > > > > > Best regards, >>>>>> > > > > > > > > >>>>>> > > > > > > > > ------------------------------ >>>>>> > > > > > > > > ?163-6017 ?????????6-8-1 ????????????? >>>>>> > > > > > > > > ???? ???????? ????? ?????????? ???? >>>>>> > > > > > > > > e-mail: taiki.fukuda at justsystems.com >>>>>> > > > > > > > > ??: 5158 >>>>>> > > > > > > > > TEL: 03-5324-7900 >>>>>> > > > > > > > > >>>>>> > > > > > > > > mobile: 080-6198-7328 >>>>>> > > > > > > > >>>>>> > > > > > > > >>>>>> > > > > > > > Did you try the debugging things I mentioned? Your >>>>>> logs do not indicate that you did. >>>>>> > > > > > > > >>>>>> > > > > > > > So, >>>>>> > > > > > > > >>>>>> > > > > > > > - Try turning on rawlogs for the oauth2 requests and >>>>>> see what google is sending you? >>>>>> > > > > > > > - You can also try log_debug=category=oauth2 (2.3.13) >>>>>> to get more debug logs from oauth2. >>>>>> > > > > > > > >>>>>> > > > > > > > Aki >>>>>> > > > > > > > >>>>>> > > > > >>>>>> > > >>>>>> >>>>> >>> >>> -- >>> Best regards, >>> Odhiambo WASHINGTON, >>> Nairobi,KE >>> +254 7 3200 0004/+254 7 2274 3223 >>> "Oh, the cruft.", grep ^[^#] :-) >>> >> > > -- > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254 7 3200 0004/+254 7 2274 3223 > "Oh, the cruft.", grep ^[^#] :-) >-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20210201/13d95a1d/attachment-0001.html>