Re: Reminder Re: Dovecot Gmail OAuth2.0 Setting Question

[福田泰葵]

Dear Mr. Tuomi

I created a gmail service account.
and I have implemented the process of getting an access token using a gmail
service account.

https://developers.google.com/identity/protocols/oauth2/service-account

I think I then need to set the grant_url to a URL that returns an access
token and send that access token to the introspection_url, is that correct?

Best regards,
-
〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
株式会社 ジャストシステム  技術企画室 情報システムグループ  福田泰葵
e-mail: taiki.fuk...@justsystems.com
内線: 5158
TEL: 03-5324-7900
mobile: 080-6198-7328
-


2021年1月29日(金) 17:58 Odhiambo Washington :

> You broke this thread. In the original thread, I remember seeing Aki gave
> you the configuration which he believed might work.
> The next thing I thought was for you to go to
> https://developers.google.com/identity/sign-in/web/devconsole-project and
> get an access token.
>
> PS: I have never configured this kind of thing so I was only following the
> thread to try and understand what it entails.
>
>
> On Fri, 29 Jan 2021 at 04:00, 福田泰葵  wrote:
>
>> Google is responding to me as Unauthorized.
>> So I need to send my credentials such as access token in the request
>> parameter for authentication in google’s Get User API request.
>> But I don’t know how to configure dovecot to achieve that.
>> Could you please help me with this?
>>
>> Best regards,
>>
>> ---------
>> 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
>> 株式会社 ジャストシステム  技術企画室 情報システムグループ  福田泰葵
>> e-mail: taiki.fuk...@justsystems.com
>> 内線: 5158
>> TEL: 03-5324-7900
>> mobile: 080-6198-7328
>>
>> -
>>
>>
>> 2021年1月29日(金) 3:30 Odhiambo Washington :
>>
>>> Your clue is in the log:
>>>
>>> 1611654464.207331 "message": "Request is missing required authentication
>>> credential. Expected OAuth 2 access token, login cookie or other valid
>>> authentication credential. See
>>> https://developers.google.com/identity/sign-in/web/devconsole-project.";,
>>> 1611654464.207331 "status": "UNAUTHENTICATED" 1611654464.207331 }
>>>
>>>
>>>
>>> On Thu, 28 Jan 2021 at 09:25, 福田泰葵  wrote:
>>>
>>>> Dear Mr. Tuomi
>>>>
>>>> Do you have any idea how to solve this problem?
>>>>
>>>> Best regards,
>>>>
>>>> -----
>>>> 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
>>>> 株式会社 ジャストシステム  技術企画室 情報システムグループ  福田泰葵
>>>> e-mail: taiki.fuk...@justsystems.com
>>>> 内線: 5158
>>>> TEL: 03-5324-7900
>>>> mobile: 080-6198-7328
>>>>
>>>> -
>>>>
>>>>
>>>> 2021年1月26日(火) 18:51 福田泰葵 :
>>>>
>>>>> Dear Mr. Tuomi
>>>>>
>>>>> Thank you for the instruction.
>>>>> I was able to output rawlogs.
>>>>> The following is the result.
>>>>>
>>>>> 20210126-184744.1.1.in：
>>>>>
>>>>> 1611654464.207331 HTTP/1.1 401 Unauthorized
>>>>> 1611654464.207331 Cache-Control: no-cache, no-store, max-age=0, 
>>>>> must-revalidate
>>>>> 1611654464.207331 Pragma: no-cache
>>>>> 1611654464.207331 Expires: Mon, 01 Jan 1990 00:00:00 GMT
>>>>> 1611654464.207331 Date: Tue, 26 Jan 2021 09:47:44 GMT
>>>>> 1611654464.207331 Vary: X-Origin
>>>>> 1611654464.207331 Vary: Referer
>>>>> 1611654464.207331 Content-Type: application/json; charset=UTF-8
>>>>> 1611654464.207331 Server: ESF
>>>>> 1611654464.207331 X-XSS-Protection: 0
>>>>> 1611654464.207331 X-Frame-Options: SAMEORIGIN
>>>>> 1611654464.207331 X-Content-Type-Options: nosniff
>>>>> 1611654464.207331 Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; 
>>>>> ma=2592000,h3-Q050=

Re: [EXT] Re: Reminder Re: Dovecot Gmail OAuth2.0 Setting Question

[福田泰葵]

Google is responding to me as Unauthorized.
So I need to send my credentials such as access token in the request
parameter for authentication in google’s Get User API request.
But I don’t know how to configure dovecot to achieve that.
Could you please help me with this?

Best regards,
-
〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
株式会社 ジャストシステム  技術企画室 情報システムグループ  福田泰葵
e-mail: taiki.fuk...@justsystems.com
内線: 5158
TEL: 03-5324-7900
mobile: 080-6198-7328
-


2021年1月29日(金) 3:30 Odhiambo Washington :

> Your clue is in the log:
>
> 1611654464.207331 "message": "Request is missing required authentication
> credential. Expected OAuth 2 access token, login cookie or other valid
> authentication credential. See
> https://developers.google.com/identity/sign-in/web/devconsole-project.";,
> 1611654464.207331 "status": "UNAUTHENTICATED" 1611654464.207331 }
>
>
>
> On Thu, 28 Jan 2021 at 09:25, 福田泰葵  wrote:
>
>> Dear Mr. Tuomi
>>
>> Do you have any idea how to solve this problem?
>>
>> Best regards,
>>
>> ---------
>> 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
>> 株式会社 ジャストシステム  技術企画室 情報システムグループ  福田泰葵
>> e-mail: taiki.fuk...@justsystems.com
>> 内線: 5158
>> TEL: 03-5324-7900
>> mobile: 080-6198-7328
>>
>> -
>>
>>
>> 2021年1月26日(火) 18:51 福田泰葵 :
>>
>>> Dear Mr. Tuomi
>>>
>>> Thank you for the instruction.
>>> I was able to output rawlogs.
>>> The following is the result.
>>>
>>> 20210126-184744.1.1.in：
>>>
>>> 1611654464.207331 HTTP/1.1 401 Unauthorized
>>> 1611654464.207331 Cache-Control: no-cache, no-store, max-age=0, 
>>> must-revalidate
>>> 1611654464.207331 Pragma: no-cache
>>> 1611654464.207331 Expires: Mon, 01 Jan 1990 00:00:00 GMT
>>> 1611654464.207331 Date: Tue, 26 Jan 2021 09:47:44 GMT
>>> 1611654464.207331 Vary: X-Origin
>>> 1611654464.207331 Vary: Referer
>>> 1611654464.207331 Content-Type: application/json; charset=UTF-8
>>> 1611654464.207331 Server: ESF
>>> 1611654464.207331 X-XSS-Protection: 0
>>> 1611654464.207331 X-Frame-Options: SAMEORIGIN
>>> 1611654464.207331 X-Content-Type-Options: nosniff
>>> 1611654464.207331 Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; 
>>> ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; 
>>> ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
>>> 1611654464.207331 Accept-Ranges: none
>>> 1611654464.207331 Vary: Origin,Accept-Encoding
>>> 1611654464.207331 Transfer-Encoding: chunked
>>> 1611654464.207331
>>> 1611654464.207331 130
>>> 1611654464.207331 {
>>> 1611654464.207331   "error": {
>>> 1611654464.207331 "code": 401,
>>> 1611654464.207331 "message": "Request is missing required 
>>> authentication credential. Expected OAuth 2 access token, login cookie or 
>>> other valid authentication credential. See 
>>> https://developers.google.com/identity/sign-in/web/devconsole-project.";,
>>> 1611654464.207331 "status": "UNAUTHENTICATED"
>>> 1611654464.207331   }
>>> 1611654464.207331 }
>>> 1611654464.207331
>>> 1611654464.207737 0
>>> 1611654464.207737
>>>
>>> 20210126-184744.1.1.out：
>>>
>>> 1611654464.165704 GET /oauth2/v2/userinfo HTTP/1.1
>>> 1611654464.165704 Host: www.googleapis.com
>>> 1611654464.165704 Date: Tue, 26 Jan 2021 09:47:44 GMT
>>> 1611654464.165704 User-Agent: dovecot-oauth2-passdb/2.3.13
>>> 1611654464.165704 Connection: Keep-Alive
>>> 1611654464.165727 Authorization: Bearer ??
>>> 1611654464.165730
>>>
>>> Best regards,
>>> --
>>>
>>> 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
>>> 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵
>>> e-mail: taiki.fuk...@justsystems.com
>>> 内線: 5158
>>> TEL: 03-5324-7900
>>> mobile: 080-6198-7328
>>> 

Re: [EXT] Re: Reminder Re: Dovecot Gmail OAuth2.0 Setting Question

[福田泰葵]

Dear Mr. Tuomi

Do you have any idea how to solve this problem?

Best regards,
-
〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
株式会社 ジャストシステム  技術企画室 情報システムグループ  福田泰葵
e-mail: taiki.fuk...@justsystems.com
内線: 5158
TEL: 03-5324-7900
mobile: 080-6198-7328
-


2021年1月26日(火) 18:51 福田泰葵 :

> Dear Mr. Tuomi
>
> Thank you for the instruction.
> I was able to output rawlogs.
> The following is the result.
>
> 20210126-184744.1.1.in：
>
> 1611654464.207331 HTTP/1.1 401 Unauthorized
> 1611654464.207331 Cache-Control: no-cache, no-store, max-age=0, 
> must-revalidate
> 1611654464.207331 Pragma: no-cache
> 1611654464.207331 Expires: Mon, 01 Jan 1990 00:00:00 GMT
> 1611654464.207331 Date: Tue, 26 Jan 2021 09:47:44 GMT
> 1611654464.207331 Vary: X-Origin
> 1611654464.207331 Vary: Referer
> 1611654464.207331 Content-Type: application/json; charset=UTF-8
> 1611654464.207331 Server: ESF
> 1611654464.207331 X-XSS-Protection: 0
> 1611654464.207331 X-Frame-Options: SAMEORIGIN
> 1611654464.207331 X-Content-Type-Options: nosniff
> 1611654464.207331 Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; 
> ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; 
> ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
> 1611654464.207331 Accept-Ranges: none
> 1611654464.207331 Vary: Origin,Accept-Encoding
> 1611654464.207331 Transfer-Encoding: chunked
> 1611654464.207331
> 1611654464.207331 130
> 1611654464.207331 {
> 1611654464.207331   "error": {
> 1611654464.207331 "code": 401,
> 1611654464.207331 "message": "Request is missing required authentication 
> credential. Expected OAuth 2 access token, login cookie or other valid 
> authentication credential. See 
> https://developers.google.com/identity/sign-in/web/devconsole-project.";,
> 1611654464.207331 "status": "UNAUTHENTICATED"
> 1611654464.207331   }
> 1611654464.207331 }
> 1611654464.207331
> 1611654464.207737 0
> 1611654464.207737
>
> 20210126-184744.1.1.out：
>
> 1611654464.165704 GET /oauth2/v2/userinfo HTTP/1.1
> 1611654464.165704 Host: www.googleapis.com
> 1611654464.165704 Date: Tue, 26 Jan 2021 09:47:44 GMT
> 1611654464.165704 User-Agent: dovecot-oauth2-passdb/2.3.13
> 1611654464.165704 Connection: Keep-Alive
> 1611654464.165727 Authorization: Bearer ??
> 1611654464.165730
>
> Best regards,
> --
>
> 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
> 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵
> e-mail: taiki.fuk...@justsystems.com
> 内線: 5158
> TEL: 03-5324-7900
> mobile: 080-6198-7328
> --
>
> 2021年1月26日(火) 18:35 Aki Tuomi aki.tu...@open-xchange.com
> <http://mailto:aki.tu...@open-xchange.com>:
>
> No, the directory must exist. I'm sorry I wasn't clear enough when I
>> replied last time, but dovecot will not create the directory. You need to
>> create it and make it writable.
>>
>> Aki
>>
>> > On 26/01/2021 11:09 福田泰葵  wrote:
>> >
>> >
>> > Dear Mr. Tuomi
>> >
>> > Sorry, I have added the setting PrivateTmp=no to
>> /etc/systemd/system/dovecot.service.d/override.conf
>> > However, /tmp/oauth2 was not created.
>> >
>> > Best regards,
>> >
>> >
>> -
>> > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
>> > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵
>> > e-mail: taiki.fuk...@justsystems.com
>> > 内線: 5158
>> > TEL: 03-5324-7900
>> > mobile: 080-6198-7328
>> >
>> -----
>> >
>> >
>> >
>> > 2021年1月26日(火) 18:01 Aki Tuomi :
>> > > That is because you are using systemd, where the unit file, by
>> default, has PrivateTmp=yes.
>> > >
>> > >  You can look under /tmp for dovecot private tmp directory and create
>> the directory there, or you can temporarily disable this security measure.
>> > >
>> > >  systemctl edit dovecot
>> > >
>> > >  [Service]
>> > >  PrivateTmp=no
>> > >
>> > >  systemctl daemon-reloa

Re: [EXT] Re: Reminder Re: Dovecot Gmail OAuth2.0 Setting Question

[福田泰葵]

Dear Mr. Tuomi

Thank you for the instruction.
I was able to output rawlogs.
The following is the result.

20210126-184744.1.1.in：

1611654464.207331 HTTP/1.1 401 Unauthorized
1611654464.207331 Cache-Control: no-cache, no-store, max-age=0, must-revalidate
1611654464.207331 Pragma: no-cache
1611654464.207331 Expires: Mon, 01 Jan 1990 00:00:00 GMT
1611654464.207331 Date: Tue, 26 Jan 2021 09:47:44 GMT
1611654464.207331 Vary: X-Origin
1611654464.207331 Vary: Referer
1611654464.207331 Content-Type: application/json; charset=UTF-8
1611654464.207331 Server: ESF
1611654464.207331 X-XSS-Protection: 0
1611654464.207331 X-Frame-Options: SAMEORIGIN
1611654464.207331 X-Content-Type-Options: nosniff
1611654464.207331 Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443";
ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443";
ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000;
v="46,43"
1611654464.207331 Accept-Ranges: none
1611654464.207331 Vary: Origin,Accept-Encoding
1611654464.207331 Transfer-Encoding: chunked
1611654464.207331
1611654464.207331 130
1611654464.207331 {
1611654464.207331   "error": {
1611654464.207331 "code": 401,
1611654464.207331 "message": "Request is missing required
authentication credential. Expected OAuth 2 access token, login cookie
or other valid authentication credential. See
https://developers.google.com/identity/sign-in/web/devconsole-project.";,
1611654464.207331 "status": "UNAUTHENTICATED"
1611654464.207331   }
1611654464.207331 }
1611654464.207331
1611654464.207737 0
1611654464.207737

20210126-184744.1.1.out：

1611654464.165704 GET /oauth2/v2/userinfo HTTP/1.1
1611654464.165704 Host: www.googleapis.com
1611654464.165704 Date: Tue, 26 Jan 2021 09:47:44 GMT
1611654464.165704 User-Agent: dovecot-oauth2-passdb/2.3.13
1611654464.165704 Connection: Keep-Alive
1611654464.165727 Authorization: Bearer ??
1611654464.165730

Best regards,
--

〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵
e-mail: taiki.fuk...@justsystems.com
内線: 5158
TEL: 03-5324-7900
mobile: 080-6198-7328
--

2021年1月26日(火) 18:35 Aki Tuomi aki.tu...@open-xchange.com
<http://mailto:aki.tu...@open-xchange.com>:

No, the directory must exist. I'm sorry I wasn't clear enough when I
> replied last time, but dovecot will not create the directory. You need to
> create it and make it writable.
>
> Aki
>
> > On 26/01/2021 11:09 福田泰葵  wrote:
> >
> >
> > Dear Mr. Tuomi
> >
> > Sorry, I have added the setting PrivateTmp=no to
> /etc/systemd/system/dovecot.service.d/override.conf
> > However, /tmp/oauth2 was not created.
> >
> > Best regards,
> >
> >
> -
> > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
> > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵
> > e-mail: taiki.fuk...@justsystems.com
> > 内線: 5158
> > TEL: 03-5324-7900
> > mobile: 080-6198-7328
> >
> -
> >
> >
> >
> > 2021年1月26日(火) 18:01 Aki Tuomi :
> > > That is because you are using systemd, where the unit file, by
> default, has PrivateTmp=yes.
> > >
> > >  You can look under /tmp for dovecot private tmp directory and create
> the directory there, or you can temporarily disable this security measure.
> > >
> > >  systemctl edit dovecot
> > >
> > >  [Service]
> > >  PrivateTmp=no
> > >
> > >  systemctl daemon-reload
> > >  systemctl restart dovecot
> > >
> > >  Aki
> > >
> > >  > On 26/01/2021 10:57 福田泰葵  wrote:
> > >  >
> > >  >
> > >  > Dear Mr. Tuomi
> > >  >
> > >  > I have added the setting rawlog_dir = /tmp/oauth2 to
> /etc/dovecot/dovecot-oauth2.conf.ext
> > >  > However, /tmp/oauth2 was not created.
> > >  >
> > >  > Best regards,
> > >  >
> > >  >
> > >  >
> -----
> > >  > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
> > >  > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵
> > >  > e-mail: taiki.fuk...@justsystems.com
> > >  > 内線: 5158
> > >  > TEL: 03-5324-7900
> > >  > mobile: 080-6198-7328
> > >  >
> ---

Re: [EXT] Re: Reminder Re: Dovecot Gmail OAuth2.0 Setting Question

[福田泰葵]

Dear Mr. Tuomi

Sorry, I have added the setting PrivateTmp=no to
/etc/systemd/system/dovecot.service.d/override.conf
However, /tmp/oauth2 was not created.

Best regards,
-
〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
株式会社 ジャストシステム  技術企画室 情報システムグループ  福田泰葵
e-mail: taiki.fuk...@justsystems.com
内線: 5158
TEL: 03-5324-7900
mobile: 080-6198-7328
-


2021年1月26日(火) 18:01 Aki Tuomi :

> That is because you are using systemd, where the unit file, by default,
> has PrivateTmp=yes.
>
> You can look under /tmp for dovecot private tmp directory and create the
> directory there, or you can temporarily disable this security measure.
>
> systemctl edit dovecot
>
> [Service]
> PrivateTmp=no
>
> systemctl daemon-reload
> systemctl restart dovecot
>
> Aki
>
> > On 26/01/2021 10:57 福田泰葵  wrote:
> >
> >
> > Dear Mr. Tuomi
> >
> > I have added the setting rawlog_dir = /tmp/oauth2 to
> /etc/dovecot/dovecot-oauth2.conf.ext
> > However, /tmp/oauth2 was not created.
> >
> > Best regards,
> >
> >
> >
> ---------
> > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
> > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵
> > e-mail: taiki.fuk...@justsystems.com
> > 内線: 5158
> > TEL: 03-5324-7900
> > mobile: 080-6198-7328
> >
> ---------
> >
> >
> >
> > 2021年1月26日(火) 15:45 Aki Tuomi :
> > > Yes, however I still cannot see rawlogs.
> > >
> > >  Aki
> > >
> > >  > On 25/01/2021 10:25 福田泰葵  wrote:
> > >  >
> > >  >
> > >  > Yes. In my last email, I sent you the log of the result of running
> with oauth debug logging enabled.
> > >  > /etc/dovecot/conf.d/10-logging.conf：
> > >  > ##
> > >  > ## Logging verbosity and debugging.
> > >  > ##
> > >  >
> > >  > # Log filter is a space-separated list conditions. If any of the
> conditions
> > >  > # match, the log filter matches (i.e. they're ORed together).
> Parenthesis
> > >  > # are supported if multiple conditions need to be matched together.
> > >  > # Supported conditions are:
> > >  > # event: - Match event name. '*' and '?' wildcards
> supported.
> > >  > # source:[:] - Match source code filename
> [and line]
> > >  > # field:= - Match field key to a value. Can be
> specified
> > >  > # multiple times to match multiple keys.
> > >  > # cat[egory]: - Match a category. Can be specified multiple
> times to
> > >  > # match multiple categories.
> > >  > # For example: event:http_request_* (cat:error cat:storage)
> > >  >
> > >  > # Filter to specify what debug logging to enable. This will
> eventually replace
> > >  > # mail_debug and auth_debug settings.
> > >  > log_debug=category=oauth2
> > >  >
> > >  > --
> > >  > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
> > >  > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵
> > >  > e-mail: taiki.fuk...@justsystems.com
> > >  > 内線: 5158
> > >  > TEL: 03-5324-7900
> > >  > mobile: 080-6198-7328
> > >  > --
> > >  >
> > >  >
> > >  > 2021年1月25日(月) 17:24 福田泰葵 :
> > >  > > Yes. In my last email, I sent you the log of the result of
> running with oauth debug logging enabled.
> > >  > >
> > >  > > /etc/dovecot/conf.d/10-logging.conf：
> > >  > >
> > >  > > ```
> > >  > > ```
> > >  > >
> > >  > >
> > >  > >
> > >  > >
> -
> > >  > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
> > >  > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵
> > >  > > e-mail: taiki.fuk...@justsystems.com
> > >  > > 内線: 5158
> > >  > > TEL: 03-5324-7900
> > >  > > mobile: 080-6198-7328
> > >  >

Re: Reminder Re: Dovecot Gmail OAuth2.0 Setting Question

[福田泰葵]

Dear Mr. Tuomi

I have added the setting rawlog_dir = /tmp/oauth2 to
/etc/dovecot/dovecot-oauth2.conf.ext
However, /tmp/oauth2 was not created.

Best regards,

-
〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
株式会社 ジャストシステム  技術企画室 情報システムグループ  福田泰葵
e-mail: taiki.fuk...@justsystems.com
内線: 5158
TEL: 03-5324-7900
mobile: 080-6198-7328
-


2021年1月26日(火) 15:45 Aki Tuomi :

> Yes, however I still cannot see rawlogs.
>
> Aki
>
> > On 25/01/2021 10:25 福田泰葵  wrote:
> >
> >
> > Yes. In my last email, I sent you the log of the result of running with
> oauth debug logging enabled.
> > /etc/dovecot/conf.d/10-logging.conf：
> > ##
> > ## Logging verbosity and debugging.
> > ##
> >
> > # Log filter is a space-separated list conditions. If any of the
> conditions
> > # match, the log filter matches (i.e. they're ORed together). Parenthesis
> > # are supported if multiple conditions need to be matched together.
> > # Supported conditions are:
> > #  event: - Match event name. '*' and '?' wildcards
> supported.
> > #  source:[:] - Match source code filename [and
> line]
> > #  field:= - Match field key to a value. Can be
> specified
> > #multiple times to match multiple keys.
> > #  cat[egory]: - Match a category. Can be specified multiple
> times to
> > #match multiple categories.
> > # For example: event:http_request_* (cat:error cat:storage)
> >
> > # Filter to specify what debug logging to enable. This will eventually
> replace
> > # mail_debug and auth_debug settings.
> > log_debug=category=oauth2
> >
> > --
> > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
> > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵
> > e-mail: taiki.fuk...@justsystems.com
> > 内線: 5158
> > TEL: 03-5324-7900
> > mobile: 080-6198-7328
> > --
> >
> >
> > 2021年1月25日(月) 17:24 福田泰葵 :
> > > Yes. In my last email, I sent you the log of the result of running
> with oauth debug logging enabled.
> > >
> > > /etc/dovecot/conf.d/10-logging.conf：
> > >
> > > ```
> > > ```
> > >
> > >
> > >
> > >
> -
> > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
> > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵
> > > e-mail: taiki.fuk...@justsystems.com
> > > 内線: 5158
> > > TEL: 03-5324-7900
> > > mobile: 080-6198-7328
> > >
> -
> > >
> > >
> > >
> > > 2021年1月25日(月) 17:16 Aki Tuomi :
> > > >
> > > >  > On 25/01/2021 10:12 福田泰葵  wrote:
> > > >  >
> > > >  >
> > > >  > Dear Mr. Tuomi
> > > >  > Google is responding to me as Unauthorized.
> > > >  > So I need to send my credentials such as access token in the
> request parameter for authentication in google’s Get User API request.
> > > >  > But I don’t know how to configure dovecot to achieve that.
> > > >  > Could you please help me with this?
> > > >  > Best regards,
> > > >  >
> > > >  > --
> > > >  > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
> > > >  > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵
> > > >  > e-mail: taiki.fuk...@justsystems.com
> > > >  > 内線: 5158
> > > >  > TEL: 03-5324-7900
> > > >  >
> > > >  > mobile: 080-6198-7328
> > > >
> > > >
> > > >  Did you try the debugging things I mentioned? Your logs do not
> indicate that you did.
> > > >
> > > >  So,
> > > >
> > > >  - Try turning on rawlogs for the oauth2 requests and see what
> google is sending you?
> > > >  - You can also try log_debug=category=oauth2 (2.3.13) to get more
> debug logs from oauth2.
> > > >
> > > >  Aki
> > > >
>

Re: Reminder Re: Dovecot Gmail OAuth2.0 Setting Question

[福田泰葵]

Yes. In my last email, I sent you the log of the result of running with
oauth debug logging enabled.

/etc/dovecot/conf.d/10-logging.conf：

##
## Logging verbosity and debugging.
##

# Log filter is a space-separated list conditions. If any of the conditions
# match, the log filter matches (i.e. they're ORed together). Parenthesis
# are supported if multiple conditions need to be matched together.
# Supported conditions are:
#  event: - Match event name. '*' and '?' wildcards supported.
#  source:[:] - Match source code filename [and line]
#  field:= - Match field key to a value. Can be specified
#multiple times to match multiple keys.
#  cat[egory]: - Match a category. Can be specified multiple times to
#match multiple categories.
# For example: event:http_request_* (cat:error cat:storage)

# Filter to specify what debug logging to enable. This will eventually replace
# mail_debug and auth_debug settings.
log_debug=category=oauth2

--

〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵
e-mail: taiki.fuk...@justsystems.com
内線: 5158
TEL: 03-5324-7900
mobile: 080-6198-7328
------

2021年1月25日(月) 17:24 福田泰葵 :

> Yes. In my last email, I sent you the log of the result of running with
> oauth debug logging enabled.
>
> /etc/dovecot/conf.d/10-logging.conf：
>
> ```
> ```
>
>
>
> -
> 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
> 株式会社 ジャストシステム  技術企画室 情報システムグループ  福田泰葵
> e-mail: taiki.fuk...@justsystems.com
> 内線: 5158
> TEL: 03-5324-7900
> mobile: 080-6198-7328
>
> -----
>
>
> 2021年1月25日(月) 17:16 Aki Tuomi :
>
>>
>> > On 25/01/2021 10:12 福田泰葵  wrote:
>> >
>> >
>> > Dear Mr. Tuomi
>> > Google is responding to me as Unauthorized.
>> > So I need to send my credentials such as access token in the request
>> parameter for authentication in google’s Get User API request.
>> > But I don’t know how to configure dovecot to achieve that.
>> > Could you please help me with this?
>> > Best regards,
>> >
>> > --
>> > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
>> > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵
>> > e-mail: taiki.fuk...@justsystems.com
>> > 内線: 5158
>> > TEL: 03-5324-7900
>> >
>> > mobile: 080-6198-7328
>>
>>
>> Did you try the debugging things I mentioned? Your logs do not indicate
>> that you did.
>>
>> So,
>>
>> - Try turning on rawlogs for the oauth2 requests and see what google is
>> sending you?
>> - You can also try log_debug=category=oauth2 (2.3.13) to get more debug
>> logs from oauth2.
>>
>> Aki
>>
>

Re: Reminder Re: Dovecot Gmail OAuth2.0 Setting Question

[福田泰葵]

Yes. In my last email, I sent you the log of the result of running with
oauth debug logging enabled.

/etc/dovecot/conf.d/10-logging.conf：

```
```


-
〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
株式会社 ジャストシステム  技術企画室 情報システムグループ  福田泰葵
e-mail: taiki.fuk...@justsystems.com
内線: 5158
TEL: 03-5324-7900
mobile: 080-6198-7328
-


2021年1月25日(月) 17:16 Aki Tuomi :

>
> > On 25/01/2021 10:12 福田泰葵  wrote:
> >
> >
> > Dear Mr. Tuomi
> > Google is responding to me as Unauthorized.
> > So I need to send my credentials such as access token in the request
> parameter for authentication in google’s Get User API request.
> > But I don’t know how to configure dovecot to achieve that.
> > Could you please help me with this?
> > Best regards,
> >
> > --
> > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
> > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵
> > e-mail: taiki.fuk...@justsystems.com
> > 内線: 5158
> > TEL: 03-5324-7900
> >
> > mobile: 080-6198-7328
>
>
> Did you try the debugging things I mentioned? Your logs do not indicate
> that you did.
>
> So,
>
> - Try turning on rawlogs for the oauth2 requests and see what google is
> sending you?
> - You can also try log_debug=category=oauth2 (2.3.13) to get more debug
> logs from oauth2.
>
> Aki
>

Re: Reminder Re: Dovecot Gmail OAuth2.0 Setting Question

[福田泰葵]

]: No more requests queued;
going idle (timeout = 6 msecs)
 1月 25 17:06:34 ip-10-243-150-190 dovecot[5955]: lmtp(5957): Connect
from 10.243.148.174
 1月 25 17:06:34 ip-10-243-150-190 dovecot[5955]: lmtp(5957):
Disconnect from 10.243.148.174: Remote closed connection (state=READY)
 1月 25 17:06:34 ip-10-243-150-190 dovecot[5955]: lmtp(5957): Connect
from 10.243.148.174

--

〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵
e-mail: taiki.fuk...@justsystems.com
内線: 5158
TEL: 03-5324-7900
mobile: 080-6198-7328

2021年1月22日(金) 15:51 Aki Tuomi aki.tu...@open-xchange.com
<http://mailto:aki.tu...@open-xchange.com>:

Your emails come through to the mailing list, you can verify this from
> https://dovecot.org/pipermail/dovecot
>
> Try turning on rawlogs for the oauth2 requests and see what google is
> sending you?
>
> You can also try log_debug=category=oauth2 (2.3.13) to get more debug logs
> from oauth2.
>
> Aki
>
> > On 22/01/2021 02:51 福田泰葵  wrote:
> >
> >
> > Dear Mr. Tuomi,
> >
> > This is just to remind you that I haven’t received your response to my
> e-mail I sent you. I’m afraid my e-mail may not have reached you.
> > If you have any questions or concerns, please let me know.
> >
> > Best regards,
> >
> >
> > 2021年1月19日(火) 18:52 福田泰葵 :
> > > Thank you for your reply.
> > > But I need more help.
> > > How do I set request parameter of
> https://www.googleapis.com/oauth2/v2/userinfo？
> > > Logs：
> > > dovecot[30307]: lmtp(30320): Connect from 10.243.148.174
> > > dovecot[30307]: lmtp(30320): Disconnect from 10.243.148.174 (
> http://10.243.148.174): Remote closed connection (state=READY)
> > > dovecot[30307]: auth: Debug: http-client: host www.googleapis.com (
> http://www.googleapis.com): Host created
> > > dovecot[30307]: auth: Debug: http-client: host www.googleapis.com (
> http://www.googleapis.com): Host session created
> > > dovecot[30307]: auth: Debug: http-client: host www.googleapis.com (
> http://www.googleapis.com): Need to perform DNS lookup
> > > dovecot[30307]: auth: Debug: http-client: host www.googleapis.com (
> http://www.googleapis.com): Performing asynchronous DNS lookup
> > > dovecot[30307]: auth: Debug: http-client[1]: request [Req1: GET
> https://www.googleapis.com/oauth2/v2/userinfo]: Submitted (requests
> left=1)
> > > dovecot[30307]: auth: Debug: http-client: host www.googleapis.com (
> http://www.googleapis.com): DNS lookup successful; got 20 IPs
> > > dovecot[30307]: auth: Debug: http-client: peer 172.217.31.170:443 (
> http://172.217.31.170:443) (shared): Peer created
> > > dovecot[30307]: auth: Debug: http-client: peer 172.217.31.170:443 (
> http://172.217.31.170:443): Peer pool created
> > > dovecot[30307]: auth: Debug: http-client[1]: peer 172.217.31.170:443 (
> http://172.217.31.170:443): Peer created
> > > dovecot[30307]: auth: Debug: http-client[1]: queue
> https://www.googleapis.com:443: Setting up connection to
> 172.217.31.170:443 (http://172.217.31.170:443) (SSL=www.googleapis.com (
> http://www.googleapis.com)) (1 requests pending)
> > > dovecot[30307]: auth: Debug: http-client[1]: peer 172.217.31.170:443 (
> http://172.217.31.170:443): Linked queue https://www.googleapis.com:443
> (1 queues linked)
> > > dovecot[30307]: auth: Debug: http-client[1]: queue
> https://www.googleapis.com:443: Started new connection to
> 172.217.31.170:443 (http://172.217.31.170:443) (SSL=www.googleapis.com (
> http://www.googleapis.com))
> > > dovecot[30307]: auth: Debug: http-client[1]: peer 172.217.31.170:443 (
> http://172.217.31.170:443): Creating 1 new connections to handle requests
> (already 0 usable, connecting to 0, closing 0)
> > > dovecot[30307]: auth: Debug: http-client[1]: peer 172.217.31.170:443 (
> http://172.217.31.170:443): Making new connection 1 of 1 (0 connections
> exist, 0 pending)
> > > dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 (
> http://172.217.31.170:443) [1]: Connecting
> > > dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 (
> http://172.217.31.170:443) [1]: Waiting for connect (fd=22) to finish for
> max 0 msecs
> > > dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 (
> http://172.217.31.170:443) [1]: HTTPS connection created (1 parallel
> connections exist)
> > > dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 (
> http://172.217.31.170:443) [1]: Client connected (fd=22)
> > > dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 (
> http://172.217.31.170:443) [1]: Connected
> > > doveco

Reminder Re: Dovecot Gmail OAuth2.0 Setting Question

[福田泰葵]

Dear Mr. Tuomi,

This is just to remind you that I haven’t received your response to my
e-mail I sent you. I’m afraid my e-mail may not have reached you.
If you have any questions or concerns, please let me know.

Best regards,

2021年1月19日(火) 18:52 福田泰葵 :

> Thank you for your reply.
> But I need more help.
>
> How do I set request parameter of
> https://www.googleapis.com/oauth2/v2/userinfo？
>
> Logs：
>
> dovecot[30307]: lmtp(30320): Connect from 10.243.148.174
> dovecot[30307]: lmtp(30320): Disconnect from 10.243.148.174: Remote closed 
> connection (state=READY)
> dovecot[30307]: auth: Debug: http-client: host www.googleapis.com: Host 
> created
> dovecot[30307]: auth: Debug: http-client: host www.googleapis.com: Host 
> session created
> dovecot[30307]: auth: Debug: http-client: host www.googleapis.com: Need to 
> perform DNS lookup
> dovecot[30307]: auth: Debug: http-client: host www.googleapis.com: Performing 
> asynchronous DNS lookup
> dovecot[30307]: auth: Debug: http-client[1]: request [Req1: GET 
> https://www.googleapis.com/oauth2/v2/userinfo]: Submitted (requests left=1)
> dovecot[30307]: auth: Debug: http-client: host www.googleapis.com: DNS lookup 
> successful; got 20 IPs
> dovecot[30307]: auth: Debug: http-client: peer 172.217.31.170:443 (shared): 
> Peer created
> dovecot[30307]: auth: Debug: http-client: peer 172.217.31.170:443: Peer pool 
> created
> dovecot[30307]: auth: Debug: http-client[1]: peer 172.217.31.170:443: Peer 
> created
> dovecot[30307]: auth: Debug: http-client[1]: queue 
> https://www.googleapis.com:443: Setting up connection to 172.217.31.170:443 
> (SSL=www.googleapis.com) (1 requests pending)
> dovecot[30307]: auth: Debug: http-client[1]: peer 172.217.31.170:443: Linked 
> queue https://www.googleapis.com:443 (1 queues linked)
> dovecot[30307]: auth: Debug: http-client[1]: queue 
> https://www.googleapis.com:443: Started new connection to 172.217.31.170:443 
> (SSL=www.googleapis.com)
> dovecot[30307]: auth: Debug: http-client[1]: peer 172.217.31.170:443: 
> Creating 1 new connections to handle requests (already 0 usable, connecting 
> to 0, closing 0)
> dovecot[30307]: auth: Debug: http-client[1]: peer 172.217.31.170:443: Making 
> new connection 1 of 1 (0 connections exist, 0 pending)
> dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 [1]: 
> Connecting
> dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 [1]: 
> Waiting for connect (fd=22) to finish for max 0 msecs
> dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 [1]: HTTPS 
> connection created (1 parallel connections exist)
> dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 [1]: Client 
> connected (fd=22)
> dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 [1]: 
> Connected
> dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 [1]: 
> Starting SSL handshake
> dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x10, ret=1: 
> before/connect initialization
> dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x1001, ret=1: 
> before/connect initialization
> dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x1001, ret=1: 
> SSLv2/v3 write client hello A
> dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x1002, ret=-1: 
> SSLv2/v3 read server hello A
> dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x1002, ret=-1: 
> SSLv2/v3 read server hello A
> dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x1002, ret=-1: 
> SSLv2/v3 read server hello A
> dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x1001, ret=1: 
> SSLv3 read server hello A
> dovecot[30307]: auth: Received valid SSL certificate: /OU=GlobalSign Root CA 
> - R2/O=GlobalSign/CN=GlobalSign
> dovecot[30307]: auth: Received valid SSL certificate: /C=US/O=Google Trust 
> Services/CN=GTS CA 1O1
> dovecot[30307]: auth: Received valid SSL certificate: 
> /C=US/ST=California/L=Mountain View/O=Google LLC/CN=upload.video.google.com
> dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x1001, ret=1: 
> SSLv3 read server certificate A
> dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x1001, ret=1: 
> SSLv3 read server key exchange A
> dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x1001, ret=1: 
> SSLv3 read server done A
> dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x1001, ret=1: 
> SSLv3 write client key exchange A
> dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x1001, ret=1: 
> SSLv3 write change cipher spec A
> dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x1001, ret=1: 
> SSLv3 write finished A
> dovecot[30307]: auth: Debug: www.googleapis.com: SSL: w

Re: Dovecot Gmail OAuth2.0 Setting Question

[福田泰葵]

 finished successfully
dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 [1]:
SSL handshake successful
dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 [1]:
Ready for requests
dovecot[30307]: auth: Debug: http-client[1]: peer 172.217.31.170:443:
Successfully connected (1 connections exist, 0 pending)
dovecot[30307]: auth: Debug: http-client: peer 172.217.31.170:443:
Successfully connected (1 connections exist, 0 pending)
dovecot[30307]: auth: Debug: http-client[1]: peer 172.217.31.170:443:
Using 1 idle connections to handle 1 requests (1 total connections
ready)
dovecot[30307]: auth: Debug: http-client[1]: queue
https://www.googleapis.com:443: Connection to peer 172.217.31.170:443
claimed request [Req1: GET
https://www.googleapis.com/oauth2/v2/userinfo]
dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 [1]:
Claimed request [Req1: GET
https://www.googleapis.com/oauth2/v2/userinfo]
dovecot[30307]: auth: Debug: http-client[1]: request [Req1: GET
https://www.googleapis.com/oauth2/v2/userinfo]: Sent header
dovecot[30307]: auth: Debug: http-client[1]: peer 172.217.31.170:443:
No more requests to service for this peer (1 connections exist, 0
pending)
dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 [1]:
Got 401 response for request [Req1: GET
https://www.googleapis.com/oauth2/v2/userinfo]: Unauthorized (took 46
ms + 59 ms in queue)
dovecot[30307]: auth: Error:
oauth2(fukudata,118.103.29.199,): oauth2 failed: No
username returned
dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 [1]:
Response payload stream destroyed (0 ms after initial response)
dovecot[30307]: auth: Debug: http-client[1]: request [Req1: GET
https://www.googleapis.com/oauth2/v2/userinfo]: Finished
dovecot[30307]: auth: Debug: http-client[1]: queue
https://www.googleapis.com:443: Dropping request [Req1: GET
https://www.googleapis.com/oauth2/v2/userinfo]
dovecot[30307]: auth: Debug: http-client: host www.googleapis.com:
Host is idle (timeout = 1799906 msecs)
dovecot[30307]: auth: Debug: http-client[1]: request [Req1: GET
https://www.googleapis.com/oauth2/v2/userinfo]: Free (requests left=1)
dovecot[30307]: auth: Debug: http-client[1]: peer 172.217.31.170:443:
No requests to service for this peer (1 connections exist, 0 pending)
dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 [1]:
No more requests queued; going idle (timeout = 6 msecs)
dovecot[30307]: lmtp(30309): Connect from 10.243.148.174
dovecot[30307]: lmtp(30309): Disconnect from 10.243.148.174: Remote
closed connection (state=READY)
dovecot[30307]: lmtp(30320): Connect from 10.243.148.174
dovecot[30307]: lmtp(30320): Disconnect from 10.243.148.174: Remote
closed connection (state=READY)
dovecot[30307]: lmtp(30320): Connect from 10.243.148.174
dovecot[30307]: lmtp(30320): Disconnect from 10.243.148.174: Remote
closed connection (state=READY)
dovecot[30307]: lmtp(30309): Connect from 10.243.148.174
dovecot[30307]: lmtp(30309): Disconnect from 10.243.148.174: Remote
closed connection (state=READY)
dovecot[30307]: lmtp(30309): Connect from 10.243.148.110
dovecot[30307]: lmtp(30309): Disconnect from 10.243.148.110: Remote
closed connection (state=READY)
dovecot[30307]: lmtp(30309): Connect from 10.243.148.110
dovecot[30307]: lmtp(30309): Disconnect from 10.243.148.110: Remote
closed connection (state=READY)
dovecot[30307]: lmtp(30309): Connect from 10.243.148.110
dovecot[30307]: lmtp(30309): Disconnect from 10.243.148.110: Remote
closed connection (state=READY)
sshd[30475]: Connection closed by 10.243.150.20 port 48174 [preauth]
dovecot[30307]: imap-login: Disconnected (auth service reported
temporary failure): user=, method=PLAIN, rip=118.103.29.199,
lip=10.243.150.190, session=
dovecot[30307]: lmtp(30317): Connect from 10.243.148.174
dovecot[30307]: lmtp(30317): Disconnect from 10.243.148.174: Remote
closed connection (state=READY)

I would appreciate your reply.

Yours faithfully,

2021年1月19日(火) 15:34 Aki Tuomi :


> > On 19/01/2021 07:17 福田泰葵  wrote:
> >
> >
> > Dear Sir or Madam
> > Unable to build OAuth2.0 authentication to Gmail using dovecot as proxy.
> > I have a question about how to use dovecot as a proxy to perform OAuth
> 2.0 authentication to Gmail using a mail client.
>
> Mail client is required, in this case, to provide valid oauth2 bearer
> token. I don't think google supports other ways.
>
> >   1. Is the following all I need to do to authenticate to Gmail using
> dovecot as a proxy?
> >   * passdb
> >   passdb {
> >   driver = oauth2
> >   mechanisms = oauthbearer xoauth2
> >   args = /etc/dovecot/dovecot-oauth2.token.conf.ext
> >   }
> >   passdb {
> >   driver = oauth2
> >   mechanisms = plain login
> >   args = /etc/dovecot/dovecot-oauth2.plain.conf.ext
> >   }
> >
>
> The plain config is a way to do 'password grant' au

Dovecot Gmail OAuth2.0 Setting Question

[福田泰葵]

Dear Sir or Madam

Unable to build OAuth2.0 authentication to Gmail using dovecot as proxy.
I have a question about how to use dovecot as a proxy to perform OAuth 2.0
authentication to Gmail using a mail client.

   1.

   Is the following all I need to do to authenticate to Gmail using dovecot
   as a proxy?
   -

  passdb

  passdb {
  driver = oauth2
  mechanisms = oauthbearer xoauth2
  args = /etc/dovecot/dovecot-oauth2.token.conf.ext
  }
  passdb {
  driver = oauth2
  mechanisms = plain login
  args = /etc/dovecot/dovecot-oauth2.plain.conf.ext
  }

  -

  create dovecot-oauth2.token.conf.ext and dovecot-oauth2.plain.conf.ext
  - create gmail service account api
   2.

   grant_url in dovecot-oauth2.token.conf.ext and
   dovecot-oauth2.plain.conf.ext is URL for obtaining a Google access token
   for a web server that I have built myself?
   3.

   I use a Gmail service account, so I don’t need a client ID and secret
   ID, right?
   4.

   Do I set introspection_url to the URL of my own web server with the
   access token used for authentication to Google as the response?
   5.

   The documentation says “pass_attrs = host=127.0.0.1”, but if you are
   authenticating to Gmail, I should use
   “pass_attrs = proxy=y
host=%{if;%s;eq;imap;imap.gmail.com;%{if;%s;eq;pop3;smtp
   .gmail.com;pop.gmail.com}}
   port=%{if;%s;eq;imap;993;%{if;%s;eq;pop3;587;465}} proxy_mech=xoauth2
   pass=%{oauth2:access_token} user=%{oauth2:email oauth2:email}”?
   6.

   What is the difference between dovecot-oauth2.token.conf.ext and
   dovecot-oauth2.plain.conf.ext ? Do I need to configure both?

I used
https://doc.dovecot.org/configuration_manual/authentication/oauth2/#proxy
as a reference.
I would appreciate your reply.

Yours faithfully,
--

e-mail: taiki.fuk...@justsystems.com
TEL: 03-5324-7900
mobile: 080-6198-7328
--

Dovecot Gmail OAuth2.0 Setting Question

[福田泰葵]

Dear Sir or Madam

Unable to build OAuth2.0 authentication to Gmail using dovecot as proxy.
I have a question about how to use dovecot as a proxy to perform OAuth 2.0
authentication to Gmail using a mail client.

   1.

   Is the following all I need to do to authenticate to Gmail using dovecot
   as a proxy?
   -

  passdb

  passdb {
  driver = oauth2
  mechanisms = oauthbearer xoauth2
  args = /etc/dovecot/dovecot-oauth2.token.conf.ext
  }
  passdb {
  driver = oauth2
  mechanisms = plain login
  args = /etc/dovecot/dovecot-oauth2.plain.conf.ext
  }

  -

  create dovecot-oauth2.token.conf.ext and dovecot-oauth2.plain.conf.ext
  - create gmail service account api
   2.

   grant_url in dovecot-oauth2.token.conf.ext and
   dovecot-oauth2.plain.conf.ext is URL for obtaining a Google access token
   for a web server that I have built myself?
   3.

   I use a Gmail service account, so I don’t need a client ID and secret
   ID, right?
   4.

   Do I set introspection_url to the URL of my own web server with the
   access token used for authentication to Google as the response?
   5.

   The documentation says “pass_attrs = host=127.0.0.1”, but if you are
   authenticating to Gmail, I should use
   “pass_attrs = proxy=y
host=%{if;%s;eq;imap;imap.gmail.com;%{if;%s;eq;pop3;smtp
   .gmail.com;pop.gmail.com}}
   port=%{if;%s;eq;imap;993;%{if;%s;eq;pop3;587;465}} proxy_mech=xoauth2
   pass=%{oauth2:access_token} user=%{oauth2:email oauth2:email}”?
   6.

   What is the difference between dovecot-oauth2.token.conf.ext and
   dovecot-oauth2.plain.conf.ext ? Do I need to configure both?

I used
https://doc.dovecot.org/configuration_manual/authentication/oauth2/#proxy as
a reference.
I would appreciate your reply.

Yours faithfully,
--

e-mail: taiki.fuk...@justsystems.com
TEL: 03-5324-7900
mobile: 080-6198-7328
--