You broke this thread. In the original thread, I remember seeing Aki gave you the configuration which he believed might work. The next thing I thought was for you to go to https://developers.google.com/identity/sign-in/web/devconsole-project and get an access token.
PS: I have never configured this kind of thing so I was only following the thread to try and understand what it entails. On Fri, 29 Jan 2021 at 04:00, 福田泰葵 <taiki.fuk...@justsystems.com> wrote: > Google is responding to me as Unauthorized. > So I need to send my credentials such as access token in the request > parameter for authentication in google’s Get User API request. > But I don’t know how to configure dovecot to achieve that. > Could you please help me with this? > > Best regards, > > --------------------------------------------------------------------------------------------------------------------------------- > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > e-mail: taiki.fuk...@justsystems.com > 内線: 5158 > TEL: 03-5324-7900 > mobile: 080-6198-7328 > > --------------------------------------------------------------------------------------------------------------------------------- > > > 2021年1月29日(金) 3:30 Odhiambo Washington <odhia...@gmail.com>: > >> Your clue is in the log: >> >> 1611654464.207331 "message": "Request is missing required authentication >> credential. Expected OAuth 2 access token, login cookie or other valid >> authentication credential. See >> https://developers.google.com/identity/sign-in/web/devconsole-project.";, >> 1611654464.207331 "status": "UNAUTHENTICATED" 1611654464.207331 } >> >> >> >> On Thu, 28 Jan 2021 at 09:25, 福田泰葵 <taiki.fuk...@justsystems.com> wrote: >> >>> Dear Mr. Tuomi >>> >>> Do you have any idea how to solve this problem? >>> >>> Best regards, >>> >>> --------------------------------------------------------------------------------------------------------------------------------- >>> 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー >>> 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 >>> e-mail: taiki.fuk...@justsystems.com >>> 内線: 5158 >>> TEL: 03-5324-7900 >>> mobile: 080-6198-7328 >>> >>> --------------------------------------------------------------------------------------------------------------------------------- >>> >>> >>> 2021年1月26日(火) 18:51 福田泰葵 <taiki.fuk...@justsystems.com>: >>> >>>> Dear Mr. Tuomi >>>> >>>> Thank you for the instruction. >>>> I was able to output rawlogs. >>>> The following is the result. >>>> >>>> 20210126-184744.22221.1.in: >>>> >>>> 1611654464.207331 HTTP/1.1 401 Unauthorized >>>> 1611654464.207331 Cache-Control: no-cache, no-store, max-age=0, >>>> must-revalidate >>>> 1611654464.207331 Pragma: no-cache >>>> 1611654464.207331 Expires: Mon, 01 Jan 1990 00:00:00 GMT >>>> 1611654464.207331 Date: Tue, 26 Jan 2021 09:47:44 GMT >>>> 1611654464.207331 Vary: X-Origin >>>> 1611654464.207331 Vary: Referer >>>> 1611654464.207331 Content-Type: application/json; charset=UTF-8 >>>> 1611654464.207331 Server: ESF >>>> 1611654464.207331 X-XSS-Protection: 0 >>>> 1611654464.207331 X-Frame-Options: SAMEORIGIN >>>> 1611654464.207331 X-Content-Type-Options: nosniff >>>> 1611654464.207331 Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; >>>> ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; >>>> ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" >>>> 1611654464.207331 Accept-Ranges: none >>>> 1611654464.207331 Vary: Origin,Accept-Encoding >>>> 1611654464.207331 Transfer-Encoding: chunked >>>> 1611654464.207331 >>>> 1611654464.207331 130 >>>> 1611654464.207331 { >>>> 1611654464.207331 "error": { >>>> 1611654464.207331 "code": 401, >>>> 1611654464.207331 "message": "Request is missing required >>>> authentication credential. Expected OAuth 2 access token, login cookie or >>>> other valid authentication credential. See >>>> https://developers.google.com/identity/sign-in/web/devconsole-project.";, >>>> 1611654464.207331 "status": "UNAUTHENTICATED" >>>> 1611654464.207331 } >>>> 1611654464.207331 } >>>> 1611654464.207331 >>>> 1611654464.207737 0 >>>> 1611654464.207737 >>>> >>>> 20210126-184744.22221.1.out: >>>> >>>> 1611654464.165704 GET /oauth2/v2/userinfo HTTP/1.1 >>>> 1611654464.165704 Host: www.googleapis.com >>>> 1611654464.165704 Date: Tue, 26 Jan 2021 09:47:44 GMT >>>> 1611654464.165704 User-Agent: dovecot-oauth2-passdb/2.3.13 >>>> 1611654464.165704 Connection: Keep-Alive >>>> 1611654464.165727 Authorization: Bearer ?????? >>>> 1611654464.165730 >>>> >>>> Best regards, >>>> ------------------------------ >>>> >>>> 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー >>>> 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 >>>> e-mail: taiki.fuk...@justsystems.com >>>> 内線: 5158 >>>> TEL: 03-5324-7900 >>>> mobile: 080-6198-7328 >>>> ------------------------------ >>>> >>>> 2021年1月26日(火) 18:35 Aki Tuomi aki.tu...@open-xchange.com >>>> <http://mailto:aki.tu...@open-xchange.com>: >>>> >>>> No, the directory must exist. I'm sorry I wasn't clear enough when I >>>>> replied last time, but dovecot will not create the directory. You need to >>>>> create it and make it writable. >>>>> >>>>> Aki >>>>> >>>>> > On 26/01/2021 11:09 福田泰葵 <taiki.fuk...@justsystems.com> wrote: >>>>> > >>>>> > >>>>> > Dear Mr. Tuomi >>>>> > >>>>> > Sorry, I have added the setting PrivateTmp=no to >>>>> /etc/systemd/system/dovecot.service.d/override.conf >>>>> > However, /tmp/oauth2 was not created. >>>>> > >>>>> > Best regards, >>>>> > >>>>> > >>>>> --------------------------------------------------------------------------------------------------------------------------------- >>>>> > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー >>>>> > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 >>>>> > e-mail: taiki.fuk...@justsystems.com >>>>> > 内線: 5158 >>>>> > TEL: 03-5324-7900 >>>>> > mobile: 080-6198-7328 >>>>> > >>>>> --------------------------------------------------------------------------------------------------------------------------------- >>>>> > >>>>> > >>>>> > >>>>> > 2021年1月26日(火) 18:01 Aki Tuomi <aki.tu...@open-xchange.com>: >>>>> > > That is because you are using systemd, where the unit file, by >>>>> default, has PrivateTmp=yes. >>>>> > > >>>>> > > You can look under /tmp for dovecot private tmp directory and >>>>> create the directory there, or you can temporarily disable this security >>>>> measure. >>>>> > > >>>>> > > systemctl edit dovecot >>>>> > > >>>>> > > [Service] >>>>> > > PrivateTmp=no >>>>> > > >>>>> > > systemctl daemon-reload >>>>> > > systemctl restart dovecot >>>>> > > >>>>> > > Aki >>>>> > > >>>>> > > > On 26/01/2021 10:57 福田泰葵 <taiki.fuk...@justsystems.com> wrote: >>>>> > > > >>>>> > > > >>>>> > > > Dear Mr. Tuomi >>>>> > > > >>>>> > > > I have added the setting rawlog_dir = /tmp/oauth2 to >>>>> /etc/dovecot/dovecot-oauth2.conf.ext >>>>> > > > However, /tmp/oauth2 was not created. >>>>> > > > >>>>> > > > Best regards, >>>>> > > > >>>>> > > > >>>>> > > > >>>>> --------------------------------------------------------------------------------------------------------------------------------- >>>>> > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー >>>>> > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 >>>>> > > > e-mail: taiki.fuk...@justsystems.com >>>>> > > > 内線: 5158 >>>>> > > > TEL: 03-5324-7900 >>>>> > > > mobile: 080-6198-7328 >>>>> > > > >>>>> --------------------------------------------------------------------------------------------------------------------------------- >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > 2021年1月26日(火) 15:45 Aki Tuomi <aki.tu...@open-xchange.com>: >>>>> > > > > Yes, however I still cannot see rawlogs. >>>>> > > > > >>>>> > > > > Aki >>>>> > > > > >>>>> > > > > > On 25/01/2021 10:25 福田泰葵 <taiki.fuk...@justsystems.com> >>>>> wrote: >>>>> > > > > > >>>>> > > > > > >>>>> > > > > > Yes. In my last email, I sent you the log of the result of >>>>> running with oauth debug logging enabled. >>>>> > > > > > /etc/dovecot/conf.d/10-logging.conf: >>>>> > > > > > ## >>>>> > > > > > ## Logging verbosity and debugging. >>>>> > > > > > ## >>>>> > > > > > >>>>> > > > > > # Log filter is a space-separated list conditions. If any >>>>> of the conditions >>>>> > > > > > # match, the log filter matches (i.e. they're ORed >>>>> together). Parenthesis >>>>> > > > > > # are supported if multiple conditions need to be matched >>>>> together. >>>>> > > > > > # Supported conditions are: >>>>> > > > > > # event:<name wildcard> - Match event name. '*' and '?' >>>>> wildcards supported. >>>>> > > > > > # source:<filename>[:<line number>] - Match source code >>>>> filename [and line] >>>>> > > > > > # field:<key>=<value wildcard> - Match field key to a >>>>> value. Can be specified >>>>> > > > > > # multiple times to match multiple keys. >>>>> > > > > > # cat[egory]:<value> - Match a category. Can be specified >>>>> multiple times to >>>>> > > > > > # match multiple categories. >>>>> > > > > > # For example: event:http_request_* (cat:error cat:storage) >>>>> > > > > > >>>>> > > > > > # Filter to specify what debug logging to enable. This will >>>>> eventually replace >>>>> > > > > > # mail_debug and auth_debug settings. >>>>> > > > > > log_debug=category=oauth2 >>>>> > > > > > >>>>> > > > > > ------------------------------ >>>>> > > > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー >>>>> > > > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 >>>>> > > > > > e-mail: taiki.fuk...@justsystems.com >>>>> > > > > > 内線: 5158 >>>>> > > > > > TEL: 03-5324-7900 >>>>> > > > > > mobile: 080-6198-7328 >>>>> > > > > > ------------------------------ >>>>> > > > > > >>>>> > > > > > >>>>> > > > > > 2021年1月25日(月) 17:24 福田泰葵 <taiki.fuk...@justsystems.com>: >>>>> > > > > > > Yes. In my last email, I sent you the log of the result >>>>> of running with oauth debug logging enabled. >>>>> > > > > > > >>>>> > > > > > > /etc/dovecot/conf.d/10-logging.conf: >>>>> > > > > > > >>>>> > > > > > > ``` >>>>> > > > > > > ``` >>>>> > > > > > > >>>>> > > > > > > >>>>> > > > > > > >>>>> > > > > > > >>>>> --------------------------------------------------------------------------------------------------------------------------------- >>>>> > > > > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー >>>>> > > > > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 >>>>> > > > > > > e-mail: taiki.fuk...@justsystems.com >>>>> > > > > > > 内線: 5158 >>>>> > > > > > > TEL: 03-5324-7900 >>>>> > > > > > > mobile: 080-6198-7328 >>>>> > > > > > > >>>>> --------------------------------------------------------------------------------------------------------------------------------- >>>>> > > > > > > >>>>> > > > > > > >>>>> > > > > > > >>>>> > > > > > > 2021年1月25日(月) 17:16 Aki Tuomi <aki.tu...@open-xchange.com >>>>> >: >>>>> > > > > > > > >>>>> > > > > > > > > On 25/01/2021 10:12 福田泰葵 < >>>>> taiki.fuk...@justsystems.com> wrote: >>>>> > > > > > > > > >>>>> > > > > > > > > >>>>> > > > > > > > > Dear Mr. Tuomi >>>>> > > > > > > > > Google is responding to me as Unauthorized. >>>>> > > > > > > > > So I need to send my credentials such as access token >>>>> in the request parameter for authentication in google’s Get User API >>>>> request. >>>>> > > > > > > > > But I don’t know how to configure dovecot to achieve >>>>> that. >>>>> > > > > > > > > Could you please help me with this? >>>>> > > > > > > > > Best regards, >>>>> > > > > > > > > >>>>> > > > > > > > > ------------------------------ >>>>> > > > > > > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー >>>>> > > > > > > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 >>>>> > > > > > > > > e-mail: taiki.fuk...@justsystems.com >>>>> > > > > > > > > 内線: 5158 >>>>> > > > > > > > > TEL: 03-5324-7900 >>>>> > > > > > > > > >>>>> > > > > > > > > mobile: 080-6198-7328 >>>>> > > > > > > > >>>>> > > > > > > > >>>>> > > > > > > > Did you try the debugging things I mentioned? Your logs >>>>> do not indicate that you did. >>>>> > > > > > > > >>>>> > > > > > > > So, >>>>> > > > > > > > >>>>> > > > > > > > - Try turning on rawlogs for the oauth2 requests and >>>>> see what google is sending you? >>>>> > > > > > > > - You can also try log_debug=category=oauth2 (2.3.13) >>>>> to get more debug logs from oauth2. >>>>> > > > > > > > >>>>> > > > > > > > Aki >>>>> > > > > > > > >>>>> > > > > >>>>> > > >>>>> >>>> >> >> -- >> Best regards, >> Odhiambo WASHINGTON, >> Nairobi,KE >> +254 7 3200 0004/+254 7 2274 3223 >> "Oh, the cruft.", grep ^[^#] :-) >> > -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-)
