Dear Sir or Madam

Unable to build OAuth2.0 authentication to Gmail using dovecot as proxy.
I have a question about how to use dovecot as a proxy to perform OAuth 2.0 authentication to Gmail using a mail client.

1. Is the following all I need to do to authenticate to Gmail using dovecot as a proxy?

   • passdb

     passdb {
     driver = oauth2
     mechanisms = oauthbearer xoauth2
     args = /etc/dovecot/dovecot-oauth2.token.conf.ext
     }  
     passdb {
     driver = oauth2
     mechanisms = plain login
     args = /etc/dovecot/dovecot-oauth2.plain.conf.ext
     }
     

   • create dovecot-oauth2.token.conf.ext and dovecot-oauth2.plain.conf.ext

   • create gmail service account api

2. grant_url in dovecot-oauth2.token.conf.ext and dovecot-oauth2.plain.conf.ext is URL for obtaining a Google access token for a web server that I have built myself?

3. I use a Gmail service account, so I don’t need a client ID and secret ID, right?

4. Do I set introspection_url to the URL of my own web server with the access token used for authentication to Google as the response?

5. The documentation says “pass_attrs = host=127.0.0.1”, but if you are authenticating to Gmail, I should use
   “pass_attrs = proxy=y host=%{if;%s;eq;imap;imap.gmail.com;%{if;%s;eq;pop3;smtp .gmail.com;pop.gmail.com}} port=%{if;%s;eq;imap;993;%{if;%s;eq;pop3;587;465}} proxy_mech=xoauth2 pass=%{oauth2:access_token} user=%{oauth2:email oauth2:email}”?

6. What is the difference between dovecot-oauth2.token.conf.ext and dovecot-oauth2.plain.conf.ext ? Do I need to configure both?

I used https://doc.dovecot.org/configuration_manual/authentication/oauth2/#proxy as a reference.
I would appreciate your reply.

Yours faithfully,

---

e-mail: taiki.fukuda@justsystems.com
TEL: 03-5324-7900
mobile: 080-6198-7328

---