Possibly, not sure. Give it a try? Aki
> On 01/02/2021 13:09 福田泰葵 <taiki.fuk...@justsystems.com> wrote: > > > Dear Mr. Tuomi > > I created a gmail service account. > and I have implemented the process of getting an access token using a gmail > service account. > > https://developers.google.com/identity/protocols/oauth2/service-account > > I think I then need to set the grant_url to a URL that returns an access > token and send that access token to the introspection_url, is that correct? > > Best regards, > > --------------------------------------------------------------------------------------------------------------------------------- > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > e-mail: taiki.fuk...@justsystems.com > 内線: 5158 > TEL: 03-5324-7900 > mobile: 080-6198-7328 > --------------------------------------------------------------------------------------------------------------------------------- > > > > 2021年1月29日(金) 17:58 Odhiambo Washington <odhia...@gmail.com>: > > You broke this thread. In the original thread, I remember seeing Aki gave > > you the configuration which he believed might work. > > The next thing I thought was for you to go to > > https://developers.google.com/identity/sign-in/web/devconsole-project and > > get an access token. > > > > PS: I have never configured this kind of thing so I was only following the > > thread to try and understand what it entails. > > > > > > > > On Fri, 29 Jan 2021 at 04:00, 福田泰葵 <taiki.fuk...@justsystems.com> wrote: > > > Google is responding to me as Unauthorized. > > > So I need to send my credentials such as access token in the request > > > parameter for authentication in google’s Get User API request. > > > But I don’t know how to configure dovecot to achieve that. > > > Could you please help me with this? > > > Best regards, > > > --------------------------------------------------------------------------------------------------------------------------------- > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > > > e-mail: taiki.fuk...@justsystems.com > > > 内線: 5158 > > > TEL: 03-5324-7900 > > > mobile: 080-6198-7328 > > > --------------------------------------------------------------------------------------------------------------------------------- > > > > > > > > > > > > 2021年1月29日(金) 3:30 Odhiambo Washington <odhia...@gmail.com>: > > > > Your clue is in the log: > > > > > > > > 1611654464.207331 "message": "Request is missing required > > > > authentication credential. Expected OAuth 2 access token, login cookie > > > > or other valid authentication credential. > > > > Seehttps://developers.google.com/identity/sign-in/web/devconsole-project.";, > > > > 1611654464.207331 "status": "UNAUTHENTICATED" 1611654464.207331 } > > > > > > > > > > > > > > > > > > > > On Thu, 28 Jan 2021 at 09:25, 福田泰葵 <taiki.fuk...@justsystems.com> wrote: > > > > > Dear Mr. Tuomi > > > > > > > > > > Do you have any idea how to solve this problem? > > > > > > > > > > Best regards, > > > > > > > > > > --------------------------------------------------------------------------------------------------------------------------------- > > > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > > > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > > > > > e-mail: taiki.fuk...@justsystems.com > > > > > 内線: 5158 > > > > > TEL: 03-5324-7900 > > > > > mobile: 080-6198-7328 > > > > > --------------------------------------------------------------------------------------------------------------------------------- > > > > > > > > > > > > > > > > > > > > 2021年1月26日(火) 18:51 福田泰葵 <taiki.fuk...@justsystems.com>: > > > > > > Dear Mr. Tuomi > > > > > > Thank you for the instruction. > > > > > > I was able to output rawlogs. > > > > > > The following is the result. > > > > > > 20210126-184744.22221.1.in (http://20210126-184744.22221.1.in): > > > > > > 1611654464.207331 HTTP/1.1 401 Unauthorized > > > > > > 1611654464.207331 Cache-Control: no-cache, no-store, max-age=0, > > > > > > must-revalidate > > > > > > 1611654464.207331 Pragma: no-cache > > > > > > 1611654464.207331 Expires: Mon, 01 Jan 1990 00:00:00 GMT > > > > > > 1611654464.207331 Date: Tue, 26 Jan 2021 09:47:44 GMT > > > > > > 1611654464.207331 Vary: X-Origin > > > > > > 1611654464.207331 Vary: Referer > > > > > > 1611654464.207331 Content-Type: application/json; charset=UTF-8 > > > > > > 1611654464.207331 Server: ESF > > > > > > 1611654464.207331 X-XSS-Protection: 0 > > > > > > 1611654464.207331 X-Frame-Options: SAMEORIGIN > > > > > > 1611654464.207331 X-Content-Type-Options: nosniff > > > > > > 1611654464.207331 Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; > > > > > > ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; > > > > > > ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; > > > > > > v="46,43" > > > > > > 1611654464.207331 Accept-Ranges: none > > > > > > 1611654464.207331 Vary: Origin,Accept-Encoding > > > > > > 1611654464.207331 Transfer-Encoding: chunked > > > > > > 1611654464.207331 > > > > > > 1611654464.207331 130 > > > > > > 1611654464.207331 { > > > > > > 1611654464.207331 "error": { > > > > > > 1611654464.207331 "code": 401, > > > > > > 1611654464.207331 "message": "Request is missing required > > > > > > authentication credential. Expected OAuth 2 access token, login > > > > > > cookie or other valid authentication credential. See > > > > > > https://developers.google.com/identity/sign-in/web/devconsole-project.";, > > > > > > 1611654464.207331 "status": "UNAUTHENTICATED" > > > > > > 1611654464.207331 } > > > > > > 1611654464.207331 } > > > > > > 1611654464.207331 > > > > > > 1611654464.207737 0 > > > > > > 1611654464.207737 > > > > > > > > > > > > 20210126-184744.22221.1.out: > > > > > > 1611654464.165704 GET /oauth2/v2/userinfo HTTP/1.1 > > > > > > 1611654464.165704 Host: www.googleapis.com > > > > > > (http://www.googleapis.com) > > > > > > 1611654464.165704 Date: Tue, 26 Jan 2021 09:47:44 GMT > > > > > > 1611654464.165704 User-Agent: dovecot-oauth2-passdb/2.3.13 > > > > > > 1611654464.165704 Connection: Keep-Alive > > > > > > 1611654464.165727 Authorization: Bearer ?????? > > > > > > 1611654464.165730 > > > > > > > > > > > > Best regards, > > > > > > ------------------------------ > > > > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > > > > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > > > > > > e-mail: taiki.fuk...@justsystems.com > > > > > > 内線: 5158 > > > > > > TEL: 03-5324-7900 > > > > > > mobile: 080-6198-7328 > > > > > > ------------------------------ > > > > > > 2021年1月26日(火) 18:35 Aki Tuomi aki.tu...@open-xchange.com > > > > > > (http://mailto:aki.tu...@open-xchange.com): > > > > > > > > > > > > > No, the directory must exist. I'm sorry I wasn't clear enough > > > > > > > when I replied last time, but dovecot will not create the > > > > > > > directory. You need to create it and make it writable. > > > > > > > > > > > > > > Aki > > > > > > > > > > > > > > > On 26/01/2021 11:09 福田泰葵 <taiki.fuk...@justsystems.com> wrote: > > > > > > > > > > > > > > > > > > > > > > > > Dear Mr. Tuomi > > > > > > > > > > > > > > > > Sorry, I have added the setting PrivateTmp=no to > > > > > > > /etc/systemd/system/dovecot.service.d/override.conf > > > > > > > > However, /tmp/oauth2 was not created. > > > > > > > > > > > > > > > > Best regards, > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------------------------------------------------------------------- > > > > > > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > > > > > > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > > > > > > > > e-mail: taiki.fuk...@justsystems.com > > > > > > > > 内線: 5158 > > > > > > > > TEL: 03-5324-7900 > > > > > > > > mobile: 080-6198-7328 > > > > > > > > > > > > > > > --------------------------------------------------------------------------------------------------------------------------------- > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > 2021年1月26日(火) 18:01 Aki Tuomi <aki.tu...@open-xchange.com>: > > > > > > > > > That is because you are using systemd, where the unit file, > > > > > > > by default, has PrivateTmp=yes. > > > > > > > > > > > > > > > > > > You can look under /tmp for dovecot private tmp directory > > > > > > > and create the directory there, or you can temporarily disable > > > > > > > this security measure. > > > > > > > > > > > > > > > > > > systemctl edit dovecot > > > > > > > > > > > > > > > > > > [Service] > > > > > > > > > PrivateTmp=no > > > > > > > > > > > > > > > > > > systemctl daemon-reload > > > > > > > > > systemctl restart dovecot > > > > > > > > > > > > > > > > > > Aki > > > > > > > > > > > > > > > > > > > On 26/01/2021 10:57 福田泰葵 <taiki.fuk...@justsystems.com> > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Dear Mr. Tuomi > > > > > > > > > > > > > > > > > > > > I have added the setting rawlog_dir = /tmp/oauth2 to > > > > > > > /etc/dovecot/dovecot-oauth2.conf.ext > > > > > > > > > > However, /tmp/oauth2 was not created. > > > > > > > > > > > > > > > > > > > > Best regards, > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------------------------------------------------------------------- > > > > > > > > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > > > > > > > > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > > > > > > > > > > e-mail: taiki.fuk...@justsystems.com > > > > > > > > > > 内線: 5158 > > > > > > > > > > TEL: 03-5324-7900 > > > > > > > > > > mobile: 080-6198-7328 > > > > > > > > > > > > > > > > > --------------------------------------------------------------------------------------------------------------------------------- > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > 2021年1月26日(火) 15:45 Aki Tuomi <aki.tu...@open-xchange.com>: > > > > > > > > > > > Yes, however I still cannot see rawlogs. > > > > > > > > > > > > > > > > > > > > > > Aki > > > > > > > > > > > > > > > > > > > > > > > On 25/01/2021 10:25 福田泰葵 > > > > > > > <taiki.fuk...@justsystems.com> wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Yes. In my last email, I sent you the log of the > > > > > > > result of running with oauth debug logging enabled. > > > > > > > > > > > > /etc/dovecot/conf.d/10-logging.conf: > > > > > > > > > > > > ## > > > > > > > > > > > > ## Logging verbosity and debugging. > > > > > > > > > > > > ## > > > > > > > > > > > > > > > > > > > > > > > > # Log filter is a space-separated list conditions. If > > > > > > > any of the conditions > > > > > > > > > > > > # match, the log filter matches (i.e. they're ORed > > > > > > > together). Parenthesis > > > > > > > > > > > > # are supported if multiple conditions need to be > > > > > > > matched together. > > > > > > > > > > > > # Supported conditions are: > > > > > > > > > > > > # event:<name wildcard> - Match event name. '*' and > > > > > > > '?' wildcards supported. > > > > > > > > > > > > # source:<filename>[:<line number>] - Match source > > > > > > > code filename [and line] > > > > > > > > > > > > # field:<key>=<value wildcard> - Match field key to a > > > > > > > value. Can be specified > > > > > > > > > > > > # multiple times to match multiple keys. > > > > > > > > > > > > # cat[egory]:<value> - Match a category. Can be > > > > > > > specified multiple times to > > > > > > > > > > > > # match multiple categories. > > > > > > > > > > > > # For example: event:http_request_* (cat:error > > > > > > > cat:storage) > > > > > > > > > > > > > > > > > > > > > > > > # Filter to specify what debug logging to enable. This > > > > > > > will eventually replace > > > > > > > > > > > > # mail_debug and auth_debug settings. > > > > > > > > > > > > log_debug=category=oauth2 > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------ > > > > > > > > > > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > > > > > > > > > > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > > > > > > > > > > > > e-mail: taiki.fuk...@justsystems.com > > > > > > > > > > > > 内線: 5158 > > > > > > > > > > > > TEL: 03-5324-7900 > > > > > > > > > > > > mobile: 080-6198-7328 > > > > > > > > > > > > ------------------------------ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > 2021年1月25日(月) 17:24 福田泰葵 > > > > > > > <taiki.fuk...@justsystems.com>: > > > > > > > > > > > > > Yes. In my last email, I sent you the log of the > > > > > > > result of running with oauth debug logging enabled. > > > > > > > > > > > > > > > > > > > > > > > > > > /etc/dovecot/conf.d/10-logging.conf: > > > > > > > > > > > > > > > > > > > > > > > > > > ``` > > > > > > > > > > > > > ``` > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------------------------------------------------------------------- > > > > > > > > > > > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > > > > > > > > > > > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > > > > > > > > > > > > > e-mail: taiki.fuk...@justsystems.com > > > > > > > > > > > > > 内線: 5158 > > > > > > > > > > > > > TEL: 03-5324-7900 > > > > > > > > > > > > > mobile: 080-6198-7328 > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------------------------------------------------------------------- > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > 2021年1月25日(月) 17:16 Aki Tuomi > > > > > > > <aki.tu...@open-xchange.com>: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On 25/01/2021 10:12 福田泰葵 > > > > > > > <taiki.fuk...@justsystems.com> wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Dear Mr. Tuomi > > > > > > > > > > > > > > > Google is responding to me as Unauthorized. > > > > > > > > > > > > > > > So I need to send my credentials such as access > > > > > > > token in the request parameter for authentication in google’s Get > > > > > > > User API request. > > > > > > > > > > > > > > > But I don’t know how to configure dovecot to > > > > > > > achieve that. > > > > > > > > > > > > > > > Could you please help me with this? > > > > > > > > > > > > > > > Best regards, > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------ > > > > > > > > > > > > > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > > > > > > > > > > > > > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > > > > > > > > > > > > > > > e-mail: taiki.fuk...@justsystems.com > > > > > > > > > > > > > > > 内線: 5158 > > > > > > > > > > > > > > > TEL: 03-5324-7900 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > mobile: 080-6198-7328 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Did you try the debugging things I mentioned? Your > > > > > > > logs do not indicate that you did. > > > > > > > > > > > > > > > > > > > > > > > > > > > > So, > > > > > > > > > > > > > > > > > > > > > > > > > > > > - Try turning on rawlogs for the oauth2 requests > > > > > > > and see what google is sending you? > > > > > > > > > > > > > > - You can also try log_debug=category=oauth2 > > > > > > > (2.3.13) to get more debug logs from oauth2. > > > > > > > > > > > > > > > > > > > > > > > > > > > > Aki > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > Best regards, > > > > Odhiambo WASHINGTON, > > > > Nairobi,KE > > > > +254 7 3200 0004/+254 7 2274 3223 > > > > "Oh, the cruft.",grep ^[^#] :-) > > > > > > > > -- > > > > Best regards, > > Odhiambo WASHINGTON, > > Nairobi,KE > > +254 7 3200 0004/+254 7 2274 3223 > > "Oh, the cruft.",grep ^[^#] :-)
