Dear Mr. Tuomi I created a gmail service account. and I have implemented the process of getting an access token using a gmail service account.
https://developers.google.com/identity/protocols/oauth2/service-account I think I then need to set the grant_url to a URL that returns an access token and send that access token to the introspection_url, is that correct? Best regards, --------------------------------------------------------------------------------------------------------------------------------- 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 e-mail: taiki.fuk...@justsystems.com 内線: 5158 TEL: 03-5324-7900 mobile: 080-6198-7328 --------------------------------------------------------------------------------------------------------------------------------- 2021年1月29日(金) 17:58 Odhiambo Washington <odhia...@gmail.com>: > You broke this thread. In the original thread, I remember seeing Aki gave > you the configuration which he believed might work. > The next thing I thought was for you to go to > https://developers.google.com/identity/sign-in/web/devconsole-project and > get an access token. > > PS: I have never configured this kind of thing so I was only following the > thread to try and understand what it entails. > > > On Fri, 29 Jan 2021 at 04:00, 福田泰葵 <taiki.fuk...@justsystems.com> wrote: > >> Google is responding to me as Unauthorized. >> So I need to send my credentials such as access token in the request >> parameter for authentication in google’s Get User API request. >> But I don’t know how to configure dovecot to achieve that. >> Could you please help me with this? >> >> Best regards, >> >> --------------------------------------------------------------------------------------------------------------------------------- >> 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー >> 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 >> e-mail: taiki.fuk...@justsystems.com >> 内線: 5158 >> TEL: 03-5324-7900 >> mobile: 080-6198-7328 >> >> --------------------------------------------------------------------------------------------------------------------------------- >> >> >> 2021年1月29日(金) 3:30 Odhiambo Washington <odhia...@gmail.com>: >> >>> Your clue is in the log: >>> >>> 1611654464.207331 "message": "Request is missing required authentication >>> credential. Expected OAuth 2 access token, login cookie or other valid >>> authentication credential. See >>> https://developers.google.com/identity/sign-in/web/devconsole-project.";, >>> 1611654464.207331 "status": "UNAUTHENTICATED" 1611654464.207331 } >>> >>> >>> >>> On Thu, 28 Jan 2021 at 09:25, 福田泰葵 <taiki.fuk...@justsystems.com> wrote: >>> >>>> Dear Mr. Tuomi >>>> >>>> Do you have any idea how to solve this problem? >>>> >>>> Best regards, >>>> >>>> --------------------------------------------------------------------------------------------------------------------------------- >>>> 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー >>>> 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 >>>> e-mail: taiki.fuk...@justsystems.com >>>> 内線: 5158 >>>> TEL: 03-5324-7900 >>>> mobile: 080-6198-7328 >>>> >>>> --------------------------------------------------------------------------------------------------------------------------------- >>>> >>>> >>>> 2021年1月26日(火) 18:51 福田泰葵 <taiki.fuk...@justsystems.com>: >>>> >>>>> Dear Mr. Tuomi >>>>> >>>>> Thank you for the instruction. >>>>> I was able to output rawlogs. >>>>> The following is the result. >>>>> >>>>> 20210126-184744.22221.1.in: >>>>> >>>>> 1611654464.207331 HTTP/1.1 401 Unauthorized >>>>> 1611654464.207331 Cache-Control: no-cache, no-store, max-age=0, >>>>> must-revalidate >>>>> 1611654464.207331 Pragma: no-cache >>>>> 1611654464.207331 Expires: Mon, 01 Jan 1990 00:00:00 GMT >>>>> 1611654464.207331 Date: Tue, 26 Jan 2021 09:47:44 GMT >>>>> 1611654464.207331 Vary: X-Origin >>>>> 1611654464.207331 Vary: Referer >>>>> 1611654464.207331 Content-Type: application/json; charset=UTF-8 >>>>> 1611654464.207331 Server: ESF >>>>> 1611654464.207331 X-XSS-Protection: 0 >>>>> 1611654464.207331 X-Frame-Options: SAMEORIGIN >>>>> 1611654464.207331 X-Content-Type-Options: nosniff >>>>> 1611654464.207331 Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; >>>>> ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; >>>>> ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" >>>>> 1611654464.207331 Accept-Ranges: none >>>>> 1611654464.207331 Vary: Origin,Accept-Encoding >>>>> 1611654464.207331 Transfer-Encoding: chunked >>>>> 1611654464.207331 >>>>> 1611654464.207331 130 >>>>> 1611654464.207331 { >>>>> 1611654464.207331 "error": { >>>>> 1611654464.207331 "code": 401, >>>>> 1611654464.207331 "message": "Request is missing required >>>>> authentication credential. Expected OAuth 2 access token, login cookie or >>>>> other valid authentication credential. See >>>>> https://developers.google.com/identity/sign-in/web/devconsole-project.";, >>>>> 1611654464.207331 "status": "UNAUTHENTICATED" >>>>> 1611654464.207331 } >>>>> 1611654464.207331 } >>>>> 1611654464.207331 >>>>> 1611654464.207737 0 >>>>> 1611654464.207737 >>>>> >>>>> 20210126-184744.22221.1.out: >>>>> >>>>> 1611654464.165704 GET /oauth2/v2/userinfo HTTP/1.1 >>>>> 1611654464.165704 Host: www.googleapis.com >>>>> 1611654464.165704 Date: Tue, 26 Jan 2021 09:47:44 GMT >>>>> 1611654464.165704 User-Agent: dovecot-oauth2-passdb/2.3.13 >>>>> 1611654464.165704 Connection: Keep-Alive >>>>> 1611654464.165727 Authorization: Bearer ?????? >>>>> 1611654464.165730 >>>>> >>>>> Best regards, >>>>> ------------------------------ >>>>> >>>>> 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー >>>>> 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 >>>>> e-mail: taiki.fuk...@justsystems.com >>>>> 内線: 5158 >>>>> TEL: 03-5324-7900 >>>>> mobile: 080-6198-7328 >>>>> ------------------------------ >>>>> >>>>> 2021年1月26日(火) 18:35 Aki Tuomi aki.tu...@open-xchange.com >>>>> <http://mailto:aki.tu...@open-xchange.com>: >>>>> >>>>> No, the directory must exist. I'm sorry I wasn't clear enough when I >>>>>> replied last time, but dovecot will not create the directory. You need to >>>>>> create it and make it writable. >>>>>> >>>>>> Aki >>>>>> >>>>>> > On 26/01/2021 11:09 福田泰葵 <taiki.fuk...@justsystems.com> wrote: >>>>>> > >>>>>> > >>>>>> > Dear Mr. Tuomi >>>>>> > >>>>>> > Sorry, I have added the setting PrivateTmp=no to >>>>>> /etc/systemd/system/dovecot.service.d/override.conf >>>>>> > However, /tmp/oauth2 was not created. >>>>>> > >>>>>> > Best regards, >>>>>> > >>>>>> > >>>>>> --------------------------------------------------------------------------------------------------------------------------------- >>>>>> > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー >>>>>> > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 >>>>>> > e-mail: taiki.fuk...@justsystems.com >>>>>> > 内線: 5158 >>>>>> > TEL: 03-5324-7900 >>>>>> > mobile: 080-6198-7328 >>>>>> > >>>>>> --------------------------------------------------------------------------------------------------------------------------------- >>>>>> > >>>>>> > >>>>>> > >>>>>> > 2021年1月26日(火) 18:01 Aki Tuomi <aki.tu...@open-xchange.com>: >>>>>> > > That is because you are using systemd, where the unit file, by >>>>>> default, has PrivateTmp=yes. >>>>>> > > >>>>>> > > You can look under /tmp for dovecot private tmp directory and >>>>>> create the directory there, or you can temporarily disable this security >>>>>> measure. >>>>>> > > >>>>>> > > systemctl edit dovecot >>>>>> > > >>>>>> > > [Service] >>>>>> > > PrivateTmp=no >>>>>> > > >>>>>> > > systemctl daemon-reload >>>>>> > > systemctl restart dovecot >>>>>> > > >>>>>> > > Aki >>>>>> > > >>>>>> > > > On 26/01/2021 10:57 福田泰葵 <taiki.fuk...@justsystems.com> wrote: >>>>>> > > > >>>>>> > > > >>>>>> > > > Dear Mr. Tuomi >>>>>> > > > >>>>>> > > > I have added the setting rawlog_dir = /tmp/oauth2 to >>>>>> /etc/dovecot/dovecot-oauth2.conf.ext >>>>>> > > > However, /tmp/oauth2 was not created. >>>>>> > > > >>>>>> > > > Best regards, >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>> --------------------------------------------------------------------------------------------------------------------------------- >>>>>> > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー >>>>>> > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 >>>>>> > > > e-mail: taiki.fuk...@justsystems.com >>>>>> > > > 内線: 5158 >>>>>> > > > TEL: 03-5324-7900 >>>>>> > > > mobile: 080-6198-7328 >>>>>> > > > >>>>>> --------------------------------------------------------------------------------------------------------------------------------- >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > 2021年1月26日(火) 15:45 Aki Tuomi <aki.tu...@open-xchange.com>: >>>>>> > > > > Yes, however I still cannot see rawlogs. >>>>>> > > > > >>>>>> > > > > Aki >>>>>> > > > > >>>>>> > > > > > On 25/01/2021 10:25 福田泰葵 <taiki.fuk...@justsystems.com> >>>>>> wrote: >>>>>> > > > > > >>>>>> > > > > > >>>>>> > > > > > Yes. In my last email, I sent you the log of the result of >>>>>> running with oauth debug logging enabled. >>>>>> > > > > > /etc/dovecot/conf.d/10-logging.conf: >>>>>> > > > > > ## >>>>>> > > > > > ## Logging verbosity and debugging. >>>>>> > > > > > ## >>>>>> > > > > > >>>>>> > > > > > # Log filter is a space-separated list conditions. If any >>>>>> of the conditions >>>>>> > > > > > # match, the log filter matches (i.e. they're ORed >>>>>> together). Parenthesis >>>>>> > > > > > # are supported if multiple conditions need to be matched >>>>>> together. >>>>>> > > > > > # Supported conditions are: >>>>>> > > > > > # event:<name wildcard> - Match event name. '*' and '?' >>>>>> wildcards supported. >>>>>> > > > > > # source:<filename>[:<line number>] - Match source code >>>>>> filename [and line] >>>>>> > > > > > # field:<key>=<value wildcard> - Match field key to a >>>>>> value. Can be specified >>>>>> > > > > > # multiple times to match multiple keys. >>>>>> > > > > > # cat[egory]:<value> - Match a category. Can be specified >>>>>> multiple times to >>>>>> > > > > > # match multiple categories. >>>>>> > > > > > # For example: event:http_request_* (cat:error cat:storage) >>>>>> > > > > > >>>>>> > > > > > # Filter to specify what debug logging to enable. This >>>>>> will eventually replace >>>>>> > > > > > # mail_debug and auth_debug settings. >>>>>> > > > > > log_debug=category=oauth2 >>>>>> > > > > > >>>>>> > > > > > ------------------------------ >>>>>> > > > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー >>>>>> > > > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 >>>>>> > > > > > e-mail: taiki.fuk...@justsystems.com >>>>>> > > > > > 内線: 5158 >>>>>> > > > > > TEL: 03-5324-7900 >>>>>> > > > > > mobile: 080-6198-7328 >>>>>> > > > > > ------------------------------ >>>>>> > > > > > >>>>>> > > > > > >>>>>> > > > > > 2021年1月25日(月) 17:24 福田泰葵 <taiki.fuk...@justsystems.com>: >>>>>> > > > > > > Yes. In my last email, I sent you the log of the result >>>>>> of running with oauth debug logging enabled. >>>>>> > > > > > > >>>>>> > > > > > > /etc/dovecot/conf.d/10-logging.conf: >>>>>> > > > > > > >>>>>> > > > > > > ``` >>>>>> > > > > > > ``` >>>>>> > > > > > > >>>>>> > > > > > > >>>>>> > > > > > > >>>>>> > > > > > > >>>>>> --------------------------------------------------------------------------------------------------------------------------------- >>>>>> > > > > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー >>>>>> > > > > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 >>>>>> > > > > > > e-mail: taiki.fuk...@justsystems.com >>>>>> > > > > > > 内線: 5158 >>>>>> > > > > > > TEL: 03-5324-7900 >>>>>> > > > > > > mobile: 080-6198-7328 >>>>>> > > > > > > >>>>>> --------------------------------------------------------------------------------------------------------------------------------- >>>>>> > > > > > > >>>>>> > > > > > > >>>>>> > > > > > > >>>>>> > > > > > > 2021年1月25日(月) 17:16 Aki Tuomi < >>>>>> aki.tu...@open-xchange.com>: >>>>>> > > > > > > > >>>>>> > > > > > > > > On 25/01/2021 10:12 福田泰葵 < >>>>>> taiki.fuk...@justsystems.com> wrote: >>>>>> > > > > > > > > >>>>>> > > > > > > > > >>>>>> > > > > > > > > Dear Mr. Tuomi >>>>>> > > > > > > > > Google is responding to me as Unauthorized. >>>>>> > > > > > > > > So I need to send my credentials such as access >>>>>> token in the request parameter for authentication in google’s Get User >>>>>> API >>>>>> request. >>>>>> > > > > > > > > But I don’t know how to configure dovecot to achieve >>>>>> that. >>>>>> > > > > > > > > Could you please help me with this? >>>>>> > > > > > > > > Best regards, >>>>>> > > > > > > > > >>>>>> > > > > > > > > ------------------------------ >>>>>> > > > > > > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー >>>>>> > > > > > > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 >>>>>> > > > > > > > > e-mail: taiki.fuk...@justsystems.com >>>>>> > > > > > > > > 内線: 5158 >>>>>> > > > > > > > > TEL: 03-5324-7900 >>>>>> > > > > > > > > >>>>>> > > > > > > > > mobile: 080-6198-7328 >>>>>> > > > > > > > >>>>>> > > > > > > > >>>>>> > > > > > > > Did you try the debugging things I mentioned? Your >>>>>> logs do not indicate that you did. >>>>>> > > > > > > > >>>>>> > > > > > > > So, >>>>>> > > > > > > > >>>>>> > > > > > > > - Try turning on rawlogs for the oauth2 requests and >>>>>> see what google is sending you? >>>>>> > > > > > > > - You can also try log_debug=category=oauth2 (2.3.13) >>>>>> to get more debug logs from oauth2. >>>>>> > > > > > > > >>>>>> > > > > > > > Aki >>>>>> > > > > > > > >>>>>> > > > > >>>>>> > > >>>>>> >>>>> >>> >>> -- >>> Best regards, >>> Odhiambo WASHINGTON, >>> Nairobi,KE >>> +254 7 3200 0004/+254 7 2274 3223 >>> "Oh, the cruft.", grep ^[^#] :-) >>> >> > > -- > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254 7 3200 0004/+254 7 2274 3223 > "Oh, the cruft.", grep ^[^#] :-) >
