Re: Reminder Re: Dovecot Gmail OAuth2.0 Setting Question
Dear Mr. Tuomi I created a gmail service account. and I have implemented the process of getting an access token using a gmail service account. https://developers.google.com/identity/protocols/oauth2/service-account I think I then need to set the grant_url to a URL that returns an access token and send that access token to the introspection_url, is that correct? Best regards, - 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 e-mail: taiki.fuk...@justsystems.com 内線: 5158 TEL: 03-5324-7900 mobile: 080-6198-7328 - 2021年1月29日(金) 17:58 Odhiambo Washington : > You broke this thread. In the original thread, I remember seeing Aki gave > you the configuration which he believed might work. > The next thing I thought was for you to go to > https://developers.google.com/identity/sign-in/web/devconsole-project and > get an access token. > > PS: I have never configured this kind of thing so I was only following the > thread to try and understand what it entails. > > > On Fri, 29 Jan 2021 at 04:00, 福田泰葵 wrote: > >> Google is responding to me as Unauthorized. >> So I need to send my credentials such as access token in the request >> parameter for authentication in google’s Get User API request. >> But I don’t know how to configure dovecot to achieve that. >> Could you please help me with this? >> >> Best regards, >> >> --------- >> 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー >> 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 >> e-mail: taiki.fuk...@justsystems.com >> 内線: 5158 >> TEL: 03-5324-7900 >> mobile: 080-6198-7328 >> >> - >> >> >> 2021年1月29日(金) 3:30 Odhiambo Washington : >> >>> Your clue is in the log: >>> >>> 1611654464.207331 "message": "Request is missing required authentication >>> credential. Expected OAuth 2 access token, login cookie or other valid >>> authentication credential. See >>> https://developers.google.com/identity/sign-in/web/devconsole-project.";, >>> 1611654464.207331 "status": "UNAUTHENTICATED" 1611654464.207331 } >>> >>> >>> >>> On Thu, 28 Jan 2021 at 09:25, 福田泰葵 wrote: >>> >>>> Dear Mr. Tuomi >>>> >>>> Do you have any idea how to solve this problem? >>>> >>>> Best regards, >>>> >>>> ----- >>>> 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー >>>> 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 >>>> e-mail: taiki.fuk...@justsystems.com >>>> 内線: 5158 >>>> TEL: 03-5324-7900 >>>> mobile: 080-6198-7328 >>>> >>>> - >>>> >>>> >>>> 2021年1月26日(火) 18:51 福田泰葵 : >>>> >>>>> Dear Mr. Tuomi >>>>> >>>>> Thank you for the instruction. >>>>> I was able to output rawlogs. >>>>> The following is the result. >>>>> >>>>> 20210126-184744.1.1.in: >>>>> >>>>> 1611654464.207331 HTTP/1.1 401 Unauthorized >>>>> 1611654464.207331 Cache-Control: no-cache, no-store, max-age=0, >>>>> must-revalidate >>>>> 1611654464.207331 Pragma: no-cache >>>>> 1611654464.207331 Expires: Mon, 01 Jan 1990 00:00:00 GMT >>>>> 1611654464.207331 Date: Tue, 26 Jan 2021 09:47:44 GMT >>>>> 1611654464.207331 Vary: X-Origin >>>>> 1611654464.207331 Vary: Referer >>>>> 1611654464.207331 Content-Type: application/json; charset=UTF-8 >>>>> 1611654464.207331 Server: ESF >>>>> 1611654464.207331 X-XSS-Protection: 0 >>>>> 1611654464.207331 X-Frame-Options: SAMEORIGIN >>>>> 1611654464.207331 X-Content-Type-Options: nosniff >>>>> 1611654464.207331 Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; >>>>> ma=2592000,h3-Q050=
Re: [EXT] Re: Reminder Re: Dovecot Gmail OAuth2.0 Setting Question
Google is responding to me as Unauthorized. So I need to send my credentials such as access token in the request parameter for authentication in google’s Get User API request. But I don’t know how to configure dovecot to achieve that. Could you please help me with this? Best regards, - 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 e-mail: taiki.fuk...@justsystems.com 内線: 5158 TEL: 03-5324-7900 mobile: 080-6198-7328 - 2021年1月29日(金) 3:30 Odhiambo Washington : > Your clue is in the log: > > 1611654464.207331 "message": "Request is missing required authentication > credential. Expected OAuth 2 access token, login cookie or other valid > authentication credential. See > https://developers.google.com/identity/sign-in/web/devconsole-project.";, > 1611654464.207331 "status": "UNAUTHENTICATED" 1611654464.207331 } > > > > On Thu, 28 Jan 2021 at 09:25, 福田泰葵 wrote: > >> Dear Mr. Tuomi >> >> Do you have any idea how to solve this problem? >> >> Best regards, >> >> --------- >> 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー >> 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 >> e-mail: taiki.fuk...@justsystems.com >> 内線: 5158 >> TEL: 03-5324-7900 >> mobile: 080-6198-7328 >> >> - >> >> >> 2021年1月26日(火) 18:51 福田泰葵 : >> >>> Dear Mr. Tuomi >>> >>> Thank you for the instruction. >>> I was able to output rawlogs. >>> The following is the result. >>> >>> 20210126-184744.1.1.in: >>> >>> 1611654464.207331 HTTP/1.1 401 Unauthorized >>> 1611654464.207331 Cache-Control: no-cache, no-store, max-age=0, >>> must-revalidate >>> 1611654464.207331 Pragma: no-cache >>> 1611654464.207331 Expires: Mon, 01 Jan 1990 00:00:00 GMT >>> 1611654464.207331 Date: Tue, 26 Jan 2021 09:47:44 GMT >>> 1611654464.207331 Vary: X-Origin >>> 1611654464.207331 Vary: Referer >>> 1611654464.207331 Content-Type: application/json; charset=UTF-8 >>> 1611654464.207331 Server: ESF >>> 1611654464.207331 X-XSS-Protection: 0 >>> 1611654464.207331 X-Frame-Options: SAMEORIGIN >>> 1611654464.207331 X-Content-Type-Options: nosniff >>> 1611654464.207331 Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; >>> ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; >>> ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" >>> 1611654464.207331 Accept-Ranges: none >>> 1611654464.207331 Vary: Origin,Accept-Encoding >>> 1611654464.207331 Transfer-Encoding: chunked >>> 1611654464.207331 >>> 1611654464.207331 130 >>> 1611654464.207331 { >>> 1611654464.207331 "error": { >>> 1611654464.207331 "code": 401, >>> 1611654464.207331 "message": "Request is missing required >>> authentication credential. Expected OAuth 2 access token, login cookie or >>> other valid authentication credential. See >>> https://developers.google.com/identity/sign-in/web/devconsole-project.";, >>> 1611654464.207331 "status": "UNAUTHENTICATED" >>> 1611654464.207331 } >>> 1611654464.207331 } >>> 1611654464.207331 >>> 1611654464.207737 0 >>> 1611654464.207737 >>> >>> 20210126-184744.1.1.out: >>> >>> 1611654464.165704 GET /oauth2/v2/userinfo HTTP/1.1 >>> 1611654464.165704 Host: www.googleapis.com >>> 1611654464.165704 Date: Tue, 26 Jan 2021 09:47:44 GMT >>> 1611654464.165704 User-Agent: dovecot-oauth2-passdb/2.3.13 >>> 1611654464.165704 Connection: Keep-Alive >>> 1611654464.165727 Authorization: Bearer ?? >>> 1611654464.165730 >>> >>> Best regards, >>> -- >>> >>> 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー >>> 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 >>> e-mail: taiki.fuk...@justsystems.com >>> 内線: 5158 >>> TEL: 03-5324-7900 >>> mobile: 080-6198-7328 >>>
Re: [EXT] Re: Reminder Re: Dovecot Gmail OAuth2.0 Setting Question
Dear Mr. Tuomi Do you have any idea how to solve this problem? Best regards, - 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 e-mail: taiki.fuk...@justsystems.com 内線: 5158 TEL: 03-5324-7900 mobile: 080-6198-7328 - 2021年1月26日(火) 18:51 福田泰葵 : > Dear Mr. Tuomi > > Thank you for the instruction. > I was able to output rawlogs. > The following is the result. > > 20210126-184744.1.1.in: > > 1611654464.207331 HTTP/1.1 401 Unauthorized > 1611654464.207331 Cache-Control: no-cache, no-store, max-age=0, > must-revalidate > 1611654464.207331 Pragma: no-cache > 1611654464.207331 Expires: Mon, 01 Jan 1990 00:00:00 GMT > 1611654464.207331 Date: Tue, 26 Jan 2021 09:47:44 GMT > 1611654464.207331 Vary: X-Origin > 1611654464.207331 Vary: Referer > 1611654464.207331 Content-Type: application/json; charset=UTF-8 > 1611654464.207331 Server: ESF > 1611654464.207331 X-XSS-Protection: 0 > 1611654464.207331 X-Frame-Options: SAMEORIGIN > 1611654464.207331 X-Content-Type-Options: nosniff > 1611654464.207331 Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; > ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; > ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" > 1611654464.207331 Accept-Ranges: none > 1611654464.207331 Vary: Origin,Accept-Encoding > 1611654464.207331 Transfer-Encoding: chunked > 1611654464.207331 > 1611654464.207331 130 > 1611654464.207331 { > 1611654464.207331 "error": { > 1611654464.207331 "code": 401, > 1611654464.207331 "message": "Request is missing required authentication > credential. Expected OAuth 2 access token, login cookie or other valid > authentication credential. See > https://developers.google.com/identity/sign-in/web/devconsole-project.";, > 1611654464.207331 "status": "UNAUTHENTICATED" > 1611654464.207331 } > 1611654464.207331 } > 1611654464.207331 > 1611654464.207737 0 > 1611654464.207737 > > 20210126-184744.1.1.out: > > 1611654464.165704 GET /oauth2/v2/userinfo HTTP/1.1 > 1611654464.165704 Host: www.googleapis.com > 1611654464.165704 Date: Tue, 26 Jan 2021 09:47:44 GMT > 1611654464.165704 User-Agent: dovecot-oauth2-passdb/2.3.13 > 1611654464.165704 Connection: Keep-Alive > 1611654464.165727 Authorization: Bearer ?? > 1611654464.165730 > > Best regards, > -- > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > e-mail: taiki.fuk...@justsystems.com > 内線: 5158 > TEL: 03-5324-7900 > mobile: 080-6198-7328 > -- > > 2021年1月26日(火) 18:35 Aki Tuomi aki.tu...@open-xchange.com > <http://mailto:aki.tu...@open-xchange.com>: > > No, the directory must exist. I'm sorry I wasn't clear enough when I >> replied last time, but dovecot will not create the directory. You need to >> create it and make it writable. >> >> Aki >> >> > On 26/01/2021 11:09 福田泰葵 wrote: >> > >> > >> > Dear Mr. Tuomi >> > >> > Sorry, I have added the setting PrivateTmp=no to >> /etc/systemd/system/dovecot.service.d/override.conf >> > However, /tmp/oauth2 was not created. >> > >> > Best regards, >> > >> > >> - >> > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー >> > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 >> > e-mail: taiki.fuk...@justsystems.com >> > 内線: 5158 >> > TEL: 03-5324-7900 >> > mobile: 080-6198-7328 >> > >> ----- >> > >> > >> > >> > 2021年1月26日(火) 18:01 Aki Tuomi : >> > > That is because you are using systemd, where the unit file, by >> default, has PrivateTmp=yes. >> > > >> > > You can look under /tmp for dovecot private tmp directory and create >> the directory there, or you can temporarily disable this security measure. >> > > >> > > systemctl edit dovecot >> > > >> > > [Service] >> > > PrivateTmp=no >> > > >> > > systemctl daemon-reloa
Re: [EXT] Re: Reminder Re: Dovecot Gmail OAuth2.0 Setting Question
Dear Mr. Tuomi Thank you for the instruction. I was able to output rawlogs. The following is the result. 20210126-184744.1.1.in: 1611654464.207331 HTTP/1.1 401 Unauthorized 1611654464.207331 Cache-Control: no-cache, no-store, max-age=0, must-revalidate 1611654464.207331 Pragma: no-cache 1611654464.207331 Expires: Mon, 01 Jan 1990 00:00:00 GMT 1611654464.207331 Date: Tue, 26 Jan 2021 09:47:44 GMT 1611654464.207331 Vary: X-Origin 1611654464.207331 Vary: Referer 1611654464.207331 Content-Type: application/json; charset=UTF-8 1611654464.207331 Server: ESF 1611654464.207331 X-XSS-Protection: 0 1611654464.207331 X-Frame-Options: SAMEORIGIN 1611654464.207331 X-Content-Type-Options: nosniff 1611654464.207331 Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" 1611654464.207331 Accept-Ranges: none 1611654464.207331 Vary: Origin,Accept-Encoding 1611654464.207331 Transfer-Encoding: chunked 1611654464.207331 1611654464.207331 130 1611654464.207331 { 1611654464.207331 "error": { 1611654464.207331 "code": 401, 1611654464.207331 "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.";, 1611654464.207331 "status": "UNAUTHENTICATED" 1611654464.207331 } 1611654464.207331 } 1611654464.207331 1611654464.207737 0 1611654464.207737 20210126-184744.1.1.out: 1611654464.165704 GET /oauth2/v2/userinfo HTTP/1.1 1611654464.165704 Host: www.googleapis.com 1611654464.165704 Date: Tue, 26 Jan 2021 09:47:44 GMT 1611654464.165704 User-Agent: dovecot-oauth2-passdb/2.3.13 1611654464.165704 Connection: Keep-Alive 1611654464.165727 Authorization: Bearer ?? 1611654464.165730 Best regards, -- 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 e-mail: taiki.fuk...@justsystems.com 内線: 5158 TEL: 03-5324-7900 mobile: 080-6198-7328 -- 2021年1月26日(火) 18:35 Aki Tuomi aki.tu...@open-xchange.com <http://mailto:aki.tu...@open-xchange.com>: No, the directory must exist. I'm sorry I wasn't clear enough when I > replied last time, but dovecot will not create the directory. You need to > create it and make it writable. > > Aki > > > On 26/01/2021 11:09 福田泰葵 wrote: > > > > > > Dear Mr. Tuomi > > > > Sorry, I have added the setting PrivateTmp=no to > /etc/systemd/system/dovecot.service.d/override.conf > > However, /tmp/oauth2 was not created. > > > > Best regards, > > > > > - > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > > e-mail: taiki.fuk...@justsystems.com > > 内線: 5158 > > TEL: 03-5324-7900 > > mobile: 080-6198-7328 > > > - > > > > > > > > 2021年1月26日(火) 18:01 Aki Tuomi : > > > That is because you are using systemd, where the unit file, by > default, has PrivateTmp=yes. > > > > > > You can look under /tmp for dovecot private tmp directory and create > the directory there, or you can temporarily disable this security measure. > > > > > > systemctl edit dovecot > > > > > > [Service] > > > PrivateTmp=no > > > > > > systemctl daemon-reload > > > systemctl restart dovecot > > > > > > Aki > > > > > > > On 26/01/2021 10:57 福田泰葵 wrote: > > > > > > > > > > > > Dear Mr. Tuomi > > > > > > > > I have added the setting rawlog_dir = /tmp/oauth2 to > /etc/dovecot/dovecot-oauth2.conf.ext > > > > However, /tmp/oauth2 was not created. > > > > > > > > Best regards, > > > > > > > > > > > > > ----- > > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > > > > e-mail: taiki.fuk...@justsystems.com > > > > 内線: 5158 > > > > TEL: 03-5324-7900 > > > > mobile: 080-6198-7328 > > > > > ---
Re: [EXT] Re: Reminder Re: Dovecot Gmail OAuth2.0 Setting Question
Dear Mr. Tuomi Sorry, I have added the setting PrivateTmp=no to /etc/systemd/system/dovecot.service.d/override.conf However, /tmp/oauth2 was not created. Best regards, - 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 e-mail: taiki.fuk...@justsystems.com 内線: 5158 TEL: 03-5324-7900 mobile: 080-6198-7328 - 2021年1月26日(火) 18:01 Aki Tuomi : > That is because you are using systemd, where the unit file, by default, > has PrivateTmp=yes. > > You can look under /tmp for dovecot private tmp directory and create the > directory there, or you can temporarily disable this security measure. > > systemctl edit dovecot > > [Service] > PrivateTmp=no > > systemctl daemon-reload > systemctl restart dovecot > > Aki > > > On 26/01/2021 10:57 福田泰葵 wrote: > > > > > > Dear Mr. Tuomi > > > > I have added the setting rawlog_dir = /tmp/oauth2 to > /etc/dovecot/dovecot-oauth2.conf.ext > > However, /tmp/oauth2 was not created. > > > > Best regards, > > > > > > > --------- > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > > e-mail: taiki.fuk...@justsystems.com > > 内線: 5158 > > TEL: 03-5324-7900 > > mobile: 080-6198-7328 > > > --------- > > > > > > > > 2021年1月26日(火) 15:45 Aki Tuomi : > > > Yes, however I still cannot see rawlogs. > > > > > > Aki > > > > > > > On 25/01/2021 10:25 福田泰葵 wrote: > > > > > > > > > > > > Yes. In my last email, I sent you the log of the result of running > with oauth debug logging enabled. > > > > /etc/dovecot/conf.d/10-logging.conf: > > > > ## > > > > ## Logging verbosity and debugging. > > > > ## > > > > > > > > # Log filter is a space-separated list conditions. If any of the > conditions > > > > # match, the log filter matches (i.e. they're ORed together). > Parenthesis > > > > # are supported if multiple conditions need to be matched together. > > > > # Supported conditions are: > > > > # event: - Match event name. '*' and '?' wildcards > supported. > > > > # source:[:] - Match source code filename > [and line] > > > > # field:= - Match field key to a value. Can be > specified > > > > # multiple times to match multiple keys. > > > > # cat[egory]: - Match a category. Can be specified multiple > times to > > > > # match multiple categories. > > > > # For example: event:http_request_* (cat:error cat:storage) > > > > > > > > # Filter to specify what debug logging to enable. This will > eventually replace > > > > # mail_debug and auth_debug settings. > > > > log_debug=category=oauth2 > > > > > > > > -- > > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > > > > e-mail: taiki.fuk...@justsystems.com > > > > 内線: 5158 > > > > TEL: 03-5324-7900 > > > > mobile: 080-6198-7328 > > > > -- > > > > > > > > > > > > 2021年1月25日(月) 17:24 福田泰葵 : > > > > > Yes. In my last email, I sent you the log of the result of > running with oauth debug logging enabled. > > > > > > > > > > /etc/dovecot/conf.d/10-logging.conf: > > > > > > > > > > ``` > > > > > ``` > > > > > > > > > > > > > > > > > > > > > - > > > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > > > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > > > > > e-mail: taiki.fuk...@justsystems.com > > > > > 内線: 5158 > > > > > TEL: 03-5324-7900 > > > > > mobile: 080-6198-7328 > > > >
Re: Reminder Re: Dovecot Gmail OAuth2.0 Setting Question
Dear Mr. Tuomi I have added the setting rawlog_dir = /tmp/oauth2 to /etc/dovecot/dovecot-oauth2.conf.ext However, /tmp/oauth2 was not created. Best regards, - 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 e-mail: taiki.fuk...@justsystems.com 内線: 5158 TEL: 03-5324-7900 mobile: 080-6198-7328 - 2021年1月26日(火) 15:45 Aki Tuomi : > Yes, however I still cannot see rawlogs. > > Aki > > > On 25/01/2021 10:25 福田泰葵 wrote: > > > > > > Yes. In my last email, I sent you the log of the result of running with > oauth debug logging enabled. > > /etc/dovecot/conf.d/10-logging.conf: > > ## > > ## Logging verbosity and debugging. > > ## > > > > # Log filter is a space-separated list conditions. If any of the > conditions > > # match, the log filter matches (i.e. they're ORed together). Parenthesis > > # are supported if multiple conditions need to be matched together. > > # Supported conditions are: > > # event: - Match event name. '*' and '?' wildcards > supported. > > # source:[:] - Match source code filename [and > line] > > # field:= - Match field key to a value. Can be > specified > > #multiple times to match multiple keys. > > # cat[egory]: - Match a category. Can be specified multiple > times to > > #match multiple categories. > > # For example: event:http_request_* (cat:error cat:storage) > > > > # Filter to specify what debug logging to enable. This will eventually > replace > > # mail_debug and auth_debug settings. > > log_debug=category=oauth2 > > > > -- > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > > e-mail: taiki.fuk...@justsystems.com > > 内線: 5158 > > TEL: 03-5324-7900 > > mobile: 080-6198-7328 > > -- > > > > > > 2021年1月25日(月) 17:24 福田泰葵 : > > > Yes. In my last email, I sent you the log of the result of running > with oauth debug logging enabled. > > > > > > /etc/dovecot/conf.d/10-logging.conf: > > > > > > ``` > > > ``` > > > > > > > > > > > > > - > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > > > e-mail: taiki.fuk...@justsystems.com > > > 内線: 5158 > > > TEL: 03-5324-7900 > > > mobile: 080-6198-7328 > > > > - > > > > > > > > > > > > 2021年1月25日(月) 17:16 Aki Tuomi : > > > > > > > > > On 25/01/2021 10:12 福田泰葵 wrote: > > > > > > > > > > > > > > > Dear Mr. Tuomi > > > > > Google is responding to me as Unauthorized. > > > > > So I need to send my credentials such as access token in the > request parameter for authentication in google’s Get User API request. > > > > > But I don’t know how to configure dovecot to achieve that. > > > > > Could you please help me with this? > > > > > Best regards, > > > > > > > > > > -- > > > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > > > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > > > > > e-mail: taiki.fuk...@justsystems.com > > > > > 内線: 5158 > > > > > TEL: 03-5324-7900 > > > > > > > > > > mobile: 080-6198-7328 > > > > > > > > > > > > Did you try the debugging things I mentioned? Your logs do not > indicate that you did. > > > > > > > > So, > > > > > > > > - Try turning on rawlogs for the oauth2 requests and see what > google is sending you? > > > > - You can also try log_debug=category=oauth2 (2.3.13) to get more > debug logs from oauth2. > > > > > > > > Aki > > > > >
Re: Reminder Re: Dovecot Gmail OAuth2.0 Setting Question
Yes. In my last email, I sent you the log of the result of running with oauth debug logging enabled. /etc/dovecot/conf.d/10-logging.conf: ## ## Logging verbosity and debugging. ## # Log filter is a space-separated list conditions. If any of the conditions # match, the log filter matches (i.e. they're ORed together). Parenthesis # are supported if multiple conditions need to be matched together. # Supported conditions are: # event: - Match event name. '*' and '?' wildcards supported. # source:[:] - Match source code filename [and line] # field:= - Match field key to a value. Can be specified #multiple times to match multiple keys. # cat[egory]: - Match a category. Can be specified multiple times to #match multiple categories. # For example: event:http_request_* (cat:error cat:storage) # Filter to specify what debug logging to enable. This will eventually replace # mail_debug and auth_debug settings. log_debug=category=oauth2 -- 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 e-mail: taiki.fuk...@justsystems.com 内線: 5158 TEL: 03-5324-7900 mobile: 080-6198-7328 ------ 2021年1月25日(月) 17:24 福田泰葵 : > Yes. In my last email, I sent you the log of the result of running with > oauth debug logging enabled. > > /etc/dovecot/conf.d/10-logging.conf: > > ``` > ``` > > > > - > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > e-mail: taiki.fuk...@justsystems.com > 内線: 5158 > TEL: 03-5324-7900 > mobile: 080-6198-7328 > > ----- > > > 2021年1月25日(月) 17:16 Aki Tuomi : > >> >> > On 25/01/2021 10:12 福田泰葵 wrote: >> > >> > >> > Dear Mr. Tuomi >> > Google is responding to me as Unauthorized. >> > So I need to send my credentials such as access token in the request >> parameter for authentication in google’s Get User API request. >> > But I don’t know how to configure dovecot to achieve that. >> > Could you please help me with this? >> > Best regards, >> > >> > -- >> > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー >> > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 >> > e-mail: taiki.fuk...@justsystems.com >> > 内線: 5158 >> > TEL: 03-5324-7900 >> > >> > mobile: 080-6198-7328 >> >> >> Did you try the debugging things I mentioned? Your logs do not indicate >> that you did. >> >> So, >> >> - Try turning on rawlogs for the oauth2 requests and see what google is >> sending you? >> - You can also try log_debug=category=oauth2 (2.3.13) to get more debug >> logs from oauth2. >> >> Aki >> >
Re: Reminder Re: Dovecot Gmail OAuth2.0 Setting Question
Yes. In my last email, I sent you the log of the result of running with oauth debug logging enabled. /etc/dovecot/conf.d/10-logging.conf: ``` ``` - 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 e-mail: taiki.fuk...@justsystems.com 内線: 5158 TEL: 03-5324-7900 mobile: 080-6198-7328 - 2021年1月25日(月) 17:16 Aki Tuomi : > > > On 25/01/2021 10:12 福田泰葵 wrote: > > > > > > Dear Mr. Tuomi > > Google is responding to me as Unauthorized. > > So I need to send my credentials such as access token in the request > parameter for authentication in google’s Get User API request. > > But I don’t know how to configure dovecot to achieve that. > > Could you please help me with this? > > Best regards, > > > > -- > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > > e-mail: taiki.fuk...@justsystems.com > > 内線: 5158 > > TEL: 03-5324-7900 > > > > mobile: 080-6198-7328 > > > Did you try the debugging things I mentioned? Your logs do not indicate > that you did. > > So, > > - Try turning on rawlogs for the oauth2 requests and see what google is > sending you? > - You can also try log_debug=category=oauth2 (2.3.13) to get more debug > logs from oauth2. > > Aki >
Re: Reminder Re: Dovecot Gmail OAuth2.0 Setting Question
]: No more requests queued; going idle (timeout = 6 msecs) 1月 25 17:06:34 ip-10-243-150-190 dovecot[5955]: lmtp(5957): Connect from 10.243.148.174 1月 25 17:06:34 ip-10-243-150-190 dovecot[5955]: lmtp(5957): Disconnect from 10.243.148.174: Remote closed connection (state=READY) 1月 25 17:06:34 ip-10-243-150-190 dovecot[5955]: lmtp(5957): Connect from 10.243.148.174 -- 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 e-mail: taiki.fuk...@justsystems.com 内線: 5158 TEL: 03-5324-7900 mobile: 080-6198-7328 2021年1月22日(金) 15:51 Aki Tuomi aki.tu...@open-xchange.com <http://mailto:aki.tu...@open-xchange.com>: Your emails come through to the mailing list, you can verify this from > https://dovecot.org/pipermail/dovecot > > Try turning on rawlogs for the oauth2 requests and see what google is > sending you? > > You can also try log_debug=category=oauth2 (2.3.13) to get more debug logs > from oauth2. > > Aki > > > On 22/01/2021 02:51 福田泰葵 wrote: > > > > > > Dear Mr. Tuomi, > > > > This is just to remind you that I haven’t received your response to my > e-mail I sent you. I’m afraid my e-mail may not have reached you. > > If you have any questions or concerns, please let me know. > > > > Best regards, > > > > > > 2021年1月19日(火) 18:52 福田泰葵 : > > > Thank you for your reply. > > > But I need more help. > > > How do I set request parameter of > https://www.googleapis.com/oauth2/v2/userinfo? > > > Logs: > > > dovecot[30307]: lmtp(30320): Connect from 10.243.148.174 > > > dovecot[30307]: lmtp(30320): Disconnect from 10.243.148.174 ( > http://10.243.148.174): Remote closed connection (state=READY) > > > dovecot[30307]: auth: Debug: http-client: host www.googleapis.com ( > http://www.googleapis.com): Host created > > > dovecot[30307]: auth: Debug: http-client: host www.googleapis.com ( > http://www.googleapis.com): Host session created > > > dovecot[30307]: auth: Debug: http-client: host www.googleapis.com ( > http://www.googleapis.com): Need to perform DNS lookup > > > dovecot[30307]: auth: Debug: http-client: host www.googleapis.com ( > http://www.googleapis.com): Performing asynchronous DNS lookup > > > dovecot[30307]: auth: Debug: http-client[1]: request [Req1: GET > https://www.googleapis.com/oauth2/v2/userinfo]: Submitted (requests > left=1) > > > dovecot[30307]: auth: Debug: http-client: host www.googleapis.com ( > http://www.googleapis.com): DNS lookup successful; got 20 IPs > > > dovecot[30307]: auth: Debug: http-client: peer 172.217.31.170:443 ( > http://172.217.31.170:443) (shared): Peer created > > > dovecot[30307]: auth: Debug: http-client: peer 172.217.31.170:443 ( > http://172.217.31.170:443): Peer pool created > > > dovecot[30307]: auth: Debug: http-client[1]: peer 172.217.31.170:443 ( > http://172.217.31.170:443): Peer created > > > dovecot[30307]: auth: Debug: http-client[1]: queue > https://www.googleapis.com:443: Setting up connection to > 172.217.31.170:443 (http://172.217.31.170:443) (SSL=www.googleapis.com ( > http://www.googleapis.com)) (1 requests pending) > > > dovecot[30307]: auth: Debug: http-client[1]: peer 172.217.31.170:443 ( > http://172.217.31.170:443): Linked queue https://www.googleapis.com:443 > (1 queues linked) > > > dovecot[30307]: auth: Debug: http-client[1]: queue > https://www.googleapis.com:443: Started new connection to > 172.217.31.170:443 (http://172.217.31.170:443) (SSL=www.googleapis.com ( > http://www.googleapis.com)) > > > dovecot[30307]: auth: Debug: http-client[1]: peer 172.217.31.170:443 ( > http://172.217.31.170:443): Creating 1 new connections to handle requests > (already 0 usable, connecting to 0, closing 0) > > > dovecot[30307]: auth: Debug: http-client[1]: peer 172.217.31.170:443 ( > http://172.217.31.170:443): Making new connection 1 of 1 (0 connections > exist, 0 pending) > > > dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 ( > http://172.217.31.170:443) [1]: Connecting > > > dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 ( > http://172.217.31.170:443) [1]: Waiting for connect (fd=22) to finish for > max 0 msecs > > > dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 ( > http://172.217.31.170:443) [1]: HTTPS connection created (1 parallel > connections exist) > > > dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 ( > http://172.217.31.170:443) [1]: Client connected (fd=22) > > > dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 ( > http://172.217.31.170:443) [1]: Connected > > > doveco
Reminder Re: Dovecot Gmail OAuth2.0 Setting Question
Dear Mr. Tuomi, This is just to remind you that I haven’t received your response to my e-mail I sent you. I’m afraid my e-mail may not have reached you. If you have any questions or concerns, please let me know. Best regards, 2021年1月19日(火) 18:52 福田泰葵 : > Thank you for your reply. > But I need more help. > > How do I set request parameter of > https://www.googleapis.com/oauth2/v2/userinfo? > > Logs: > > dovecot[30307]: lmtp(30320): Connect from 10.243.148.174 > dovecot[30307]: lmtp(30320): Disconnect from 10.243.148.174: Remote closed > connection (state=READY) > dovecot[30307]: auth: Debug: http-client: host www.googleapis.com: Host > created > dovecot[30307]: auth: Debug: http-client: host www.googleapis.com: Host > session created > dovecot[30307]: auth: Debug: http-client: host www.googleapis.com: Need to > perform DNS lookup > dovecot[30307]: auth: Debug: http-client: host www.googleapis.com: Performing > asynchronous DNS lookup > dovecot[30307]: auth: Debug: http-client[1]: request [Req1: GET > https://www.googleapis.com/oauth2/v2/userinfo]: Submitted (requests left=1) > dovecot[30307]: auth: Debug: http-client: host www.googleapis.com: DNS lookup > successful; got 20 IPs > dovecot[30307]: auth: Debug: http-client: peer 172.217.31.170:443 (shared): > Peer created > dovecot[30307]: auth: Debug: http-client: peer 172.217.31.170:443: Peer pool > created > dovecot[30307]: auth: Debug: http-client[1]: peer 172.217.31.170:443: Peer > created > dovecot[30307]: auth: Debug: http-client[1]: queue > https://www.googleapis.com:443: Setting up connection to 172.217.31.170:443 > (SSL=www.googleapis.com) (1 requests pending) > dovecot[30307]: auth: Debug: http-client[1]: peer 172.217.31.170:443: Linked > queue https://www.googleapis.com:443 (1 queues linked) > dovecot[30307]: auth: Debug: http-client[1]: queue > https://www.googleapis.com:443: Started new connection to 172.217.31.170:443 > (SSL=www.googleapis.com) > dovecot[30307]: auth: Debug: http-client[1]: peer 172.217.31.170:443: > Creating 1 new connections to handle requests (already 0 usable, connecting > to 0, closing 0) > dovecot[30307]: auth: Debug: http-client[1]: peer 172.217.31.170:443: Making > new connection 1 of 1 (0 connections exist, 0 pending) > dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 [1]: > Connecting > dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 [1]: > Waiting for connect (fd=22) to finish for max 0 msecs > dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 [1]: HTTPS > connection created (1 parallel connections exist) > dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 [1]: Client > connected (fd=22) > dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 [1]: > Connected > dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 [1]: > Starting SSL handshake > dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x10, ret=1: > before/connect initialization > dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x1001, ret=1: > before/connect initialization > dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x1001, ret=1: > SSLv2/v3 write client hello A > dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x1002, ret=-1: > SSLv2/v3 read server hello A > dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x1002, ret=-1: > SSLv2/v3 read server hello A > dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x1002, ret=-1: > SSLv2/v3 read server hello A > dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x1001, ret=1: > SSLv3 read server hello A > dovecot[30307]: auth: Received valid SSL certificate: /OU=GlobalSign Root CA > - R2/O=GlobalSign/CN=GlobalSign > dovecot[30307]: auth: Received valid SSL certificate: /C=US/O=Google Trust > Services/CN=GTS CA 1O1 > dovecot[30307]: auth: Received valid SSL certificate: > /C=US/ST=California/L=Mountain View/O=Google LLC/CN=upload.video.google.com > dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x1001, ret=1: > SSLv3 read server certificate A > dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x1001, ret=1: > SSLv3 read server key exchange A > dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x1001, ret=1: > SSLv3 read server done A > dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x1001, ret=1: > SSLv3 write client key exchange A > dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x1001, ret=1: > SSLv3 write change cipher spec A > dovecot[30307]: auth: Debug: www.googleapis.com: SSL: where=0x1001, ret=1: > SSLv3 write finished A > dovecot[30307]: auth: Debug: www.googleapis.com: SSL: w
Re: Dovecot Gmail OAuth2.0 Setting Question
finished successfully dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 [1]: SSL handshake successful dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 [1]: Ready for requests dovecot[30307]: auth: Debug: http-client[1]: peer 172.217.31.170:443: Successfully connected (1 connections exist, 0 pending) dovecot[30307]: auth: Debug: http-client: peer 172.217.31.170:443: Successfully connected (1 connections exist, 0 pending) dovecot[30307]: auth: Debug: http-client[1]: peer 172.217.31.170:443: Using 1 idle connections to handle 1 requests (1 total connections ready) dovecot[30307]: auth: Debug: http-client[1]: queue https://www.googleapis.com:443: Connection to peer 172.217.31.170:443 claimed request [Req1: GET https://www.googleapis.com/oauth2/v2/userinfo] dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 [1]: Claimed request [Req1: GET https://www.googleapis.com/oauth2/v2/userinfo] dovecot[30307]: auth: Debug: http-client[1]: request [Req1: GET https://www.googleapis.com/oauth2/v2/userinfo]: Sent header dovecot[30307]: auth: Debug: http-client[1]: peer 172.217.31.170:443: No more requests to service for this peer (1 connections exist, 0 pending) dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 [1]: Got 401 response for request [Req1: GET https://www.googleapis.com/oauth2/v2/userinfo]: Unauthorized (took 46 ms + 59 ms in queue) dovecot[30307]: auth: Error: oauth2(fukudata,118.103.29.199,): oauth2 failed: No username returned dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 [1]: Response payload stream destroyed (0 ms after initial response) dovecot[30307]: auth: Debug: http-client[1]: request [Req1: GET https://www.googleapis.com/oauth2/v2/userinfo]: Finished dovecot[30307]: auth: Debug: http-client[1]: queue https://www.googleapis.com:443: Dropping request [Req1: GET https://www.googleapis.com/oauth2/v2/userinfo] dovecot[30307]: auth: Debug: http-client: host www.googleapis.com: Host is idle (timeout = 1799906 msecs) dovecot[30307]: auth: Debug: http-client[1]: request [Req1: GET https://www.googleapis.com/oauth2/v2/userinfo]: Free (requests left=1) dovecot[30307]: auth: Debug: http-client[1]: peer 172.217.31.170:443: No requests to service for this peer (1 connections exist, 0 pending) dovecot[30307]: auth: Debug: http-client: conn 172.217.31.170:443 [1]: No more requests queued; going idle (timeout = 6 msecs) dovecot[30307]: lmtp(30309): Connect from 10.243.148.174 dovecot[30307]: lmtp(30309): Disconnect from 10.243.148.174: Remote closed connection (state=READY) dovecot[30307]: lmtp(30320): Connect from 10.243.148.174 dovecot[30307]: lmtp(30320): Disconnect from 10.243.148.174: Remote closed connection (state=READY) dovecot[30307]: lmtp(30320): Connect from 10.243.148.174 dovecot[30307]: lmtp(30320): Disconnect from 10.243.148.174: Remote closed connection (state=READY) dovecot[30307]: lmtp(30309): Connect from 10.243.148.174 dovecot[30307]: lmtp(30309): Disconnect from 10.243.148.174: Remote closed connection (state=READY) dovecot[30307]: lmtp(30309): Connect from 10.243.148.110 dovecot[30307]: lmtp(30309): Disconnect from 10.243.148.110: Remote closed connection (state=READY) dovecot[30307]: lmtp(30309): Connect from 10.243.148.110 dovecot[30307]: lmtp(30309): Disconnect from 10.243.148.110: Remote closed connection (state=READY) dovecot[30307]: lmtp(30309): Connect from 10.243.148.110 dovecot[30307]: lmtp(30309): Disconnect from 10.243.148.110: Remote closed connection (state=READY) sshd[30475]: Connection closed by 10.243.150.20 port 48174 [preauth] dovecot[30307]: imap-login: Disconnected (auth service reported temporary failure): user=, method=PLAIN, rip=118.103.29.199, lip=10.243.150.190, session= dovecot[30307]: lmtp(30317): Connect from 10.243.148.174 dovecot[30307]: lmtp(30317): Disconnect from 10.243.148.174: Remote closed connection (state=READY) I would appreciate your reply. Yours faithfully, 2021年1月19日(火) 15:34 Aki Tuomi : > > On 19/01/2021 07:17 福田泰葵 wrote: > > > > > > Dear Sir or Madam > > Unable to build OAuth2.0 authentication to Gmail using dovecot as proxy. > > I have a question about how to use dovecot as a proxy to perform OAuth > 2.0 authentication to Gmail using a mail client. > > Mail client is required, in this case, to provide valid oauth2 bearer > token. I don't think google supports other ways. > > > 1. Is the following all I need to do to authenticate to Gmail using > dovecot as a proxy? > > * passdb > > passdb { > > driver = oauth2 > > mechanisms = oauthbearer xoauth2 > > args = /etc/dovecot/dovecot-oauth2.token.conf.ext > > } > > passdb { > > driver = oauth2 > > mechanisms = plain login > > args = /etc/dovecot/dovecot-oauth2.plain.conf.ext > > } > > > > The plain config is a way to do 'password grant' au
Dovecot Gmail OAuth2.0 Setting Question
Dear Sir or Madam Unable to build OAuth2.0 authentication to Gmail using dovecot as proxy. I have a question about how to use dovecot as a proxy to perform OAuth 2.0 authentication to Gmail using a mail client. 1. Is the following all I need to do to authenticate to Gmail using dovecot as a proxy? - passdb passdb { driver = oauth2 mechanisms = oauthbearer xoauth2 args = /etc/dovecot/dovecot-oauth2.token.conf.ext } passdb { driver = oauth2 mechanisms = plain login args = /etc/dovecot/dovecot-oauth2.plain.conf.ext } - create dovecot-oauth2.token.conf.ext and dovecot-oauth2.plain.conf.ext - create gmail service account api 2. grant_url in dovecot-oauth2.token.conf.ext and dovecot-oauth2.plain.conf.ext is URL for obtaining a Google access token for a web server that I have built myself? 3. I use a Gmail service account, so I don’t need a client ID and secret ID, right? 4. Do I set introspection_url to the URL of my own web server with the access token used for authentication to Google as the response? 5. The documentation says “pass_attrs = host=127.0.0.1”, but if you are authenticating to Gmail, I should use “pass_attrs = proxy=y host=%{if;%s;eq;imap;imap.gmail.com;%{if;%s;eq;pop3;smtp .gmail.com;pop.gmail.com}} port=%{if;%s;eq;imap;993;%{if;%s;eq;pop3;587;465}} proxy_mech=xoauth2 pass=%{oauth2:access_token} user=%{oauth2:email oauth2:email}”? 6. What is the difference between dovecot-oauth2.token.conf.ext and dovecot-oauth2.plain.conf.ext ? Do I need to configure both? I used https://doc.dovecot.org/configuration_manual/authentication/oauth2/#proxy as a reference. I would appreciate your reply. Yours faithfully, -- e-mail: taiki.fuk...@justsystems.com TEL: 03-5324-7900 mobile: 080-6198-7328 --
Dovecot Gmail OAuth2.0 Setting Question
Dear Sir or Madam Unable to build OAuth2.0 authentication to Gmail using dovecot as proxy. I have a question about how to use dovecot as a proxy to perform OAuth 2.0 authentication to Gmail using a mail client. 1. Is the following all I need to do to authenticate to Gmail using dovecot as a proxy? - passdb passdb { driver = oauth2 mechanisms = oauthbearer xoauth2 args = /etc/dovecot/dovecot-oauth2.token.conf.ext } passdb { driver = oauth2 mechanisms = plain login args = /etc/dovecot/dovecot-oauth2.plain.conf.ext } - create dovecot-oauth2.token.conf.ext and dovecot-oauth2.plain.conf.ext - create gmail service account api 2. grant_url in dovecot-oauth2.token.conf.ext and dovecot-oauth2.plain.conf.ext is URL for obtaining a Google access token for a web server that I have built myself? 3. I use a Gmail service account, so I don’t need a client ID and secret ID, right? 4. Do I set introspection_url to the URL of my own web server with the access token used for authentication to Google as the response? 5. The documentation says “pass_attrs = host=127.0.0.1”, but if you are authenticating to Gmail, I should use “pass_attrs = proxy=y host=%{if;%s;eq;imap;imap.gmail.com;%{if;%s;eq;pop3;smtp .gmail.com;pop.gmail.com}} port=%{if;%s;eq;imap;993;%{if;%s;eq;pop3;587;465}} proxy_mech=xoauth2 pass=%{oauth2:access_token} user=%{oauth2:email oauth2:email}”? 6. What is the difference between dovecot-oauth2.token.conf.ext and dovecot-oauth2.plain.conf.ext ? Do I need to configure both? I used https://doc.dovecot.org/configuration_manual/authentication/oauth2/#proxy as a reference. I would appreciate your reply. Yours faithfully, -- e-mail: taiki.fuk...@justsystems.com TEL: 03-5324-7900 mobile: 080-6198-7328 --