Dear Mr. Tuomi
Thank you for the instruction. I was able to output rawlogs. The following is the result.
20210126-184744.22221.1.in:
1611654464.207331 HTTP/1.1 401 Unauthorized 1611654464.207331 Cache-Control: no-cache, no-store, max-age=0, must-revalidate 1611654464.207331 Pragma: no-cache 1611654464.207331 Expires: Mon, 01 Jan 1990 00:00:00 GMT 1611654464.207331 Date: Tue, 26 Jan 2021 09:47:44 GMT 1611654464.207331 Vary: X-Origin 1611654464.207331 Vary: Referer 1611654464.207331 Content-Type: application/json; charset=UTF-8 1611654464.207331 Server: ESF 1611654464.207331 X-XSS-Protection: 0 1611654464.207331 X-Frame-Options: SAMEORIGIN 1611654464.207331 X-Content-Type-Options: nosniff 1611654464.207331 Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" 1611654464.207331 Accept-Ranges: none 1611654464.207331 Vary: Origin,Accept-Encoding 1611654464.207331 Transfer-Encoding: chunked 1611654464.207331 1611654464.207331 130 1611654464.207331 { 1611654464.207331 "error": { 1611654464.207331 "code": 401, 1611654464.207331 "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.", 1611654464.207331 "status": "UNAUTHENTICATED" 1611654464.207331 } 1611654464.207331 } 1611654464.207331 1611654464.207737 0 1611654464.207737
20210126-184744.22221.1.out:
1611654464.165704 GET /oauth2/v2/userinfo HTTP/1.1 1611654464.165704 Host: www.googleapis.com 1611654464.165704 Date: Tue, 26 Jan 2021 09:47:44 GMT 1611654464.165704 User-Agent: dovecot-oauth2-passdb/2.3.13 1611654464.165704 Connection: Keep-Alive 1611654464.165727 Authorization: Bearer ?????? 1611654464.165730
Best regards,
〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 e-mail: taiki.fukuda@justsystems.com 内線: 5158 TEL: 03-5324-7900 mobile: 080-6198-7328
2021年1月26日(火) 18:35 Aki Tuomi aki.tuomi@open-xchange.com <http://mailto:aki.tuomi@open-xchange.com>:
No, the directory must exist. I'm sorry I wasn't clear enough when I
replied last time, but dovecot will not create the directory. You need to create it and make it writable.
Aki
On 26/01/2021 11:09 福田泰葵 <taiki.fukuda@justsystems.com> wrote:
Dear Mr. Tuomi
Sorry, I have added the setting PrivateTmp=no to /etc/systemd/system/dovecot.service.d/override.conf However, /tmp/oauth2 was not created.
Best regards,
〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 e-mail: taiki.fukuda@justsystems.com 内線: 5158 TEL: 03-5324-7900 mobile: 080-6198-7328
2021年1月26日(火) 18:01 Aki Tuomi <aki.tuomi@open-xchange.com>:
That is because you are using systemd, where the unit file, by
default, has PrivateTmp=yes.
You can look under /tmp for dovecot private tmp directory and create
the directory there, or you can temporarily disable this security measure.
systemctl edit dovecot
[Service] PrivateTmp=no
systemctl daemon-reload systemctl restart dovecot
Aki
On 26/01/2021 10:57 福田泰葵 <taiki.fukuda@justsystems.com> wrote:
Dear Mr. Tuomi
I have added the setting rawlog_dir = /tmp/oauth2 to
/etc/dovecot/dovecot-oauth2.conf.ext
However, /tmp/oauth2 was not created.
Best regards,
〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 e-mail: taiki.fukuda@justsystems.com 内線: 5158 TEL: 03-5324-7900 mobile: 080-6198-7328
2021年1月26日(火) 15:45 Aki Tuomi <aki.tuomi@open-xchange.com>:
Yes, however I still cannot see rawlogs.
Aki
On 25/01/2021 10:25 福田泰葵 <taiki.fukuda@justsystems.com> wrote:
Yes. In my last email, I sent you the log of the result of
running with oauth debug logging enabled.
/etc/dovecot/conf.d/10-logging.conf:
Logging verbosity and debugging.
Log filter is a space-separated list conditions. If any of
the conditions
match, the log filter matches (i.e. they're ORed together).
Parenthesis
are supported if multiple conditions need to be matched
together.
Supported conditions are:
event:<name wildcard> - Match event name. '*' and '?'
wildcards supported.
source:<filename>[:<line number>] - Match source code
filename [and line]
field:<key>=<value wildcard> - Match field key to a value.
Can be specified
multiple times to match multiple keys.
cat[egory]:<value> - Match a category. Can be specified
multiple times to
match multiple categories.
For example: event:http_request_* (cat:error cat:storage)
Filter to specify what debug logging to enable. This will
eventually replace
mail_debug and auth_debug settings.
log_debug=category=oauth2
〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 e-mail: taiki.fukuda@justsystems.com 内線: 5158 TEL: 03-5324-7900 mobile: 080-6198-7328
2021年1月25日(月) 17:24 福田泰葵 <taiki.fukuda@justsystems.com>: > Yes. In my last email, I sent you the log of the result of running with oauth debug logging enabled. > > /etc/dovecot/conf.d/10-logging.conf: > >
>> > > >
> 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > e-mail: taiki.fukuda@justsystems.com > 内線: 5158 > TEL: 03-5324-7900 > mobile: 080-6198-7328 >
> > > > 2021年1月25日(月) 17:16 Aki Tuomi <aki.tuomi@open-xchange.com>: > > > > > On 25/01/2021 10:12 福田泰葵 <taiki.fukuda@justsystems.com> wrote: > > > > > > > > > Dear Mr. Tuomi > > > Google is responding to me as Unauthorized. > > > So I need to send my credentials such as access token in the request parameter for authentication in google’s Get User API request. > > > But I don’t know how to configure dovecot to achieve that. > > > Could you please help me with this? > > > Best regards, > > > > > > ------------------------------ > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > > > e-mail: taiki.fukuda@justsystems.com > > > 内線: 5158 > > > TEL: 03-5324-7900 > > > > > > mobile: 080-6198-7328 > > > > > > Did you try the debugging things I mentioned? Your logs do not indicate that you did. > > > > So, > > > > - Try turning on rawlogs for the oauth2 requests and see what google is sending you? > > - You can also try log_debug=category=oauth2 (2.3.13) to get more debug logs from oauth2. > > > > Aki > >