Your clue is in the log:
1611654464.207331 "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.", 1611654464.207331 "status": "UNAUTHENTICATED" 1611654464.207331 }
On Thu, 28 Jan 2021 at 09:25, 福田泰葵 <taiki.fukuda@justsystems.com> wrote:
Dear Mr. Tuomi
Do you have any idea how to solve this problem?
Best regards,
〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 e-mail: taiki.fukuda@justsystems.com 内線: 5158 TEL: 03-5324-7900 mobile: 080-6198-7328
2021年1月26日(火) 18:51 福田泰葵 <taiki.fukuda@justsystems.com>:
Dear Mr. Tuomi
Thank you for the instruction. I was able to output rawlogs. The following is the result.
20210126-184744.22221.1.in:
1611654464.207331 HTTP/1.1 401 Unauthorized 1611654464.207331 Cache-Control: no-cache, no-store, max-age=0, must-revalidate 1611654464.207331 Pragma: no-cache 1611654464.207331 Expires: Mon, 01 Jan 1990 00:00:00 GMT 1611654464.207331 Date: Tue, 26 Jan 2021 09:47:44 GMT 1611654464.207331 Vary: X-Origin 1611654464.207331 Vary: Referer 1611654464.207331 Content-Type: application/json; charset=UTF-8 1611654464.207331 Server: ESF 1611654464.207331 X-XSS-Protection: 0 1611654464.207331 X-Frame-Options: SAMEORIGIN 1611654464.207331 X-Content-Type-Options: nosniff 1611654464.207331 Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" 1611654464.207331 Accept-Ranges: none 1611654464.207331 Vary: Origin,Accept-Encoding 1611654464.207331 Transfer-Encoding: chunked 1611654464.207331 1611654464.207331 130 1611654464.207331 { 1611654464.207331 "error": { 1611654464.207331 "code": 401, 1611654464.207331 "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.", 1611654464.207331 "status": "UNAUTHENTICATED" 1611654464.207331 } 1611654464.207331 } 1611654464.207331 1611654464.207737 0 1611654464.207737
20210126-184744.22221.1.out:
1611654464.165704 GET /oauth2/v2/userinfo HTTP/1.1 1611654464.165704 Host: www.googleapis.com 1611654464.165704 Date: Tue, 26 Jan 2021 09:47:44 GMT 1611654464.165704 User-Agent: dovecot-oauth2-passdb/2.3.13 1611654464.165704 Connection: Keep-Alive 1611654464.165727 Authorization: Bearer ?????? 1611654464.165730
Best regards,
〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 e-mail: taiki.fukuda@justsystems.com 内線: 5158 TEL: 03-5324-7900 mobile: 080-6198-7328
2021年1月26日(火) 18:35 Aki Tuomi aki.tuomi@open-xchange.com <http://mailto:aki.tuomi@open-xchange.com>:
No, the directory must exist. I'm sorry I wasn't clear enough when I
replied last time, but dovecot will not create the directory. You need to create it and make it writable.
Aki
On 26/01/2021 11:09 福田泰葵 <taiki.fukuda@justsystems.com> wrote:
Dear Mr. Tuomi
Sorry, I have added the setting PrivateTmp=no to /etc/systemd/system/dovecot.service.d/override.conf However, /tmp/oauth2 was not created.
Best regards,
〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 e-mail: taiki.fukuda@justsystems.com 内線: 5158 TEL: 03-5324-7900 mobile: 080-6198-7328
2021年1月26日(火) 18:01 Aki Tuomi <aki.tuomi@open-xchange.com>:
That is because you are using systemd, where the unit file, by
default, has PrivateTmp=yes.
You can look under /tmp for dovecot private tmp directory and
create the directory there, or you can temporarily disable this security measure.
systemctl edit dovecot
[Service] PrivateTmp=no
systemctl daemon-reload systemctl restart dovecot
Aki
On 26/01/2021 10:57 福田泰葵 <taiki.fukuda@justsystems.com> wrote:
Dear Mr. Tuomi
I have added the setting rawlog_dir = /tmp/oauth2 to
/etc/dovecot/dovecot-oauth2.conf.ext
However, /tmp/oauth2 was not created.
Best regards,
〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 e-mail: taiki.fukuda@justsystems.com 内線: 5158 TEL: 03-5324-7900 mobile: 080-6198-7328
2021年1月26日(火) 15:45 Aki Tuomi <aki.tuomi@open-xchange.com>: > Yes, however I still cannot see rawlogs. > > Aki > > > On 25/01/2021 10:25 福田泰葵 <taiki.fukuda@justsystems.com>
> > > > > > Yes. In my last email, I sent you the log of the result of running with oauth debug logging enabled. > > /etc/dovecot/conf.d/10-logging.conf: > > ## > > ## Logging verbosity and debugging. > > ## > > > > # Log filter is a space-separated list conditions. If any of
wrote: the conditions
> > # match, the log filter matches (i.e. they're ORed together). Parenthesis > > # are supported if multiple conditions need to be matched together. > > # Supported conditions are: > > # event:<name wildcard> - Match event name. '*' and '?' wildcards supported. > > # source:<filename>[:<line number>] - Match source code filename [and line] > > # field:<key>=<value wildcard> - Match field key to a value. Can be specified > > # multiple times to match multiple keys. > > # cat[egory]:<value> - Match a category. Can be specified multiple times to > > # match multiple categories. > > # For example: event:http_request_* (cat:error cat:storage) > > > > # Filter to specify what debug logging to enable. This will eventually replace > > # mail_debug and auth_debug settings. > > log_debug=category=oauth2 > > > > ------------------------------ > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > > e-mail: taiki.fukuda@justsystems.com > > 内線: 5158 > > TEL: 03-5324-7900 > > mobile: 080-6198-7328 > > ------------------------------ > > > > > > 2021年1月25日(月) 17:24 福田泰葵 <taiki.fukuda@justsystems.com>: > > > Yes. In my last email, I sent you the log of the result of running with oauth debug logging enabled. > > > > > > /etc/dovecot/conf.d/10-logging.conf: > > > > > >
> > >
> > > > > > > > > > > >
> > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > > > e-mail: taiki.fukuda@justsystems.com > > > 内線: 5158 > > > TEL: 03-5324-7900 > > > mobile: 080-6198-7328 > > >
> > > > > > > > > > > > 2021年1月25日(月) 17:16 Aki Tuomi <aki.tuomi@open-xchange.com>: > > > > > > > > > On 25/01/2021 10:12 福田泰葵 <taiki.fukuda@justsystems.com> wrote: > > > > > > > > > > > > > > > Dear Mr. Tuomi > > > > > Google is responding to me as Unauthorized. > > > > > So I need to send my credentials such as access token in the request parameter for authentication in google’s Get User API request. > > > > > But I don’t know how to configure dovecot to achieve that. > > > > > Could you please help me with this? > > > > > Best regards, > > > > > > > > > > ------------------------------ > > > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー > > > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵 > > > > > e-mail: taiki.fukuda@justsystems.com > > > > > 内線: 5158 > > > > > TEL: 03-5324-7900 > > > > > > > > > > mobile: 080-6198-7328 > > > > > > > > > > > > Did you try the debugging things I mentioned? Your logs do not indicate that you did. > > > > > > > > So, > > > > > > > > - Try turning on rawlogs for the oauth2 requests and see what google is sending you? > > > > - You can also try log_debug=category=oauth2 (2.3.13) to get more debug logs from oauth2. > > > > > > > > Aki > > > > >
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-)