[EXT] Re: Reminder Re: Dovecot Gmail OAuth2.0 Setting Question

福田泰葵 taiki.fukuda at justsystems.com
Fri Jan 29 02:59:40 EET 2021


Google is responding to me as Unauthorized.
So I need to send my credentials such as access token in the request
parameter for authentication in google’s Get User API request.
But I don’t know how to configure dovecot to achieve that.
Could you please help me with this?

Best regards,
---------------------------------------------------------------------------------------------------------------------------------
〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
株式会社 ジャストシステム  技術企画室 情報システムグループ  福田泰葵
e-mail: taiki.fukuda at justsystems.com
内線: 5158
TEL: 03-5324-7900
mobile: 080-6198-7328
---------------------------------------------------------------------------------------------------------------------------------


2021年1月29日(金) 3:30 Odhiambo Washington <odhiambo at gmail.com>:

> Your clue is in the log:
>
> 1611654464.207331 "message": "Request is missing required authentication
> credential. Expected OAuth 2 access token, login cookie or other valid
> authentication credential. See
> https://developers.google.com/identity/sign-in/web/devconsole-project.",
> 1611654464.207331 "status": "UNAUTHENTICATED" 1611654464.207331 }
>
>
>
> On Thu, 28 Jan 2021 at 09:25, 福田泰葵 <taiki.fukuda at justsystems.com> wrote:
>
>> Dear Mr. Tuomi
>>
>> Do you have any idea how to solve this problem?
>>
>> Best regards,
>>
>> ---------------------------------------------------------------------------------------------------------------------------------
>> 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
>> 株式会社 ジャストシステム  技術企画室 情報システムグループ  福田泰葵
>> e-mail: taiki.fukuda at justsystems.com
>> 内線: 5158
>> TEL: 03-5324-7900
>> mobile: 080-6198-7328
>>
>> ---------------------------------------------------------------------------------------------------------------------------------
>>
>>
>> 2021年1月26日(火) 18:51 福田泰葵 <taiki.fukuda at justsystems.com>:
>>
>>> Dear Mr. Tuomi
>>>
>>> Thank you for the instruction.
>>> I was able to output rawlogs.
>>> The following is the result.
>>>
>>> 20210126-184744.22221.1.in:
>>>
>>> 1611654464.207331 HTTP/1.1 401 Unauthorized
>>> 1611654464.207331 Cache-Control: no-cache, no-store, max-age=0, must-revalidate
>>> 1611654464.207331 Pragma: no-cache
>>> 1611654464.207331 Expires: Mon, 01 Jan 1990 00:00:00 GMT
>>> 1611654464.207331 Date: Tue, 26 Jan 2021 09:47:44 GMT
>>> 1611654464.207331 Vary: X-Origin
>>> 1611654464.207331 Vary: Referer
>>> 1611654464.207331 Content-Type: application/json; charset=UTF-8
>>> 1611654464.207331 Server: ESF
>>> 1611654464.207331 X-XSS-Protection: 0
>>> 1611654464.207331 X-Frame-Options: SAMEORIGIN
>>> 1611654464.207331 X-Content-Type-Options: nosniff
>>> 1611654464.207331 Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
>>> 1611654464.207331 Accept-Ranges: none
>>> 1611654464.207331 Vary: Origin,Accept-Encoding
>>> 1611654464.207331 Transfer-Encoding: chunked
>>> 1611654464.207331
>>> 1611654464.207331 130
>>> 1611654464.207331 {
>>> 1611654464.207331   "error": {
>>> 1611654464.207331     "code": 401,
>>> 1611654464.207331     "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
>>> 1611654464.207331     "status": "UNAUTHENTICATED"
>>> 1611654464.207331   }
>>> 1611654464.207331 }
>>> 1611654464.207331
>>> 1611654464.207737 0
>>> 1611654464.207737
>>>
>>> 20210126-184744.22221.1.out:
>>>
>>> 1611654464.165704 GET /oauth2/v2/userinfo HTTP/1.1
>>> 1611654464.165704 Host: www.googleapis.com
>>> 1611654464.165704 Date: Tue, 26 Jan 2021 09:47:44 GMT
>>> 1611654464.165704 User-Agent: dovecot-oauth2-passdb/2.3.13
>>> 1611654464.165704 Connection: Keep-Alive
>>> 1611654464.165727 Authorization: Bearer ??????
>>> 1611654464.165730
>>>
>>> Best regards,
>>> ------------------------------
>>>
>>> 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
>>> 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵
>>> e-mail: taiki.fukuda at justsystems.com
>>> 内線: 5158
>>> TEL: 03-5324-7900
>>> mobile: 080-6198-7328
>>> ------------------------------
>>>
>>> 2021年1月26日(火) 18:35 Aki Tuomi aki.tuomi at open-xchange.com
>>> <http://mailto:aki.tuomi@open-xchange.com>:
>>>
>>> No, the directory must exist. I'm sorry I wasn't clear enough when I
>>>> replied last time, but dovecot will not create the directory. You need to
>>>> create it and make it writable.
>>>>
>>>> Aki
>>>>
>>>> > On 26/01/2021 11:09 福田泰葵 <taiki.fukuda at justsystems.com> wrote:
>>>> >
>>>> >
>>>> > Dear Mr. Tuomi
>>>> >
>>>> > Sorry, I have added the setting PrivateTmp=no to
>>>> /etc/systemd/system/dovecot.service.d/override.conf
>>>> > However, /tmp/oauth2 was not created.
>>>> >
>>>> > Best regards,
>>>> >
>>>> >
>>>> ---------------------------------------------------------------------------------------------------------------------------------
>>>> > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
>>>> > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵
>>>> > e-mail: taiki.fukuda at justsystems.com
>>>> > 内線: 5158
>>>> > TEL: 03-5324-7900
>>>> > mobile: 080-6198-7328
>>>> >
>>>> ---------------------------------------------------------------------------------------------------------------------------------
>>>> >
>>>> >
>>>> >
>>>> > 2021年1月26日(火) 18:01 Aki Tuomi <aki.tuomi at open-xchange.com>:
>>>> > > That is because you are using systemd, where the unit file, by
>>>> default, has PrivateTmp=yes.
>>>> > >
>>>> > >  You can look under /tmp for dovecot private tmp directory and
>>>> create the directory there, or you can temporarily disable this security
>>>> measure.
>>>> > >
>>>> > >  systemctl edit dovecot
>>>> > >
>>>> > >  [Service]
>>>> > >  PrivateTmp=no
>>>> > >
>>>> > >  systemctl daemon-reload
>>>> > >  systemctl restart dovecot
>>>> > >
>>>> > >  Aki
>>>> > >
>>>> > >  > On 26/01/2021 10:57 福田泰葵 <taiki.fukuda at justsystems.com> wrote:
>>>> > >  >
>>>> > >  >
>>>> > >  > Dear Mr. Tuomi
>>>> > >  >
>>>> > >  > I have added the setting rawlog_dir = /tmp/oauth2 to
>>>> /etc/dovecot/dovecot-oauth2.conf.ext
>>>> > >  > However, /tmp/oauth2 was not created.
>>>> > >  >
>>>> > >  > Best regards,
>>>> > >  >
>>>> > >  >
>>>> > >  >
>>>> ---------------------------------------------------------------------------------------------------------------------------------
>>>> > >  > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
>>>> > >  > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵
>>>> > >  > e-mail: taiki.fukuda at justsystems.com
>>>> > >  > 内線: 5158
>>>> > >  > TEL: 03-5324-7900
>>>> > >  > mobile: 080-6198-7328
>>>> > >  >
>>>> ---------------------------------------------------------------------------------------------------------------------------------
>>>> > >  >
>>>> > >  >
>>>> > >  >
>>>> > >  > 2021年1月26日(火) 15:45 Aki Tuomi <aki.tuomi at open-xchange.com>:
>>>> > >  > > Yes, however I still cannot see rawlogs.
>>>> > >  > >
>>>> > >  > > Aki
>>>> > >  > >
>>>> > >  > > > On 25/01/2021 10:25 福田泰葵 <taiki.fukuda at justsystems.com>
>>>> wrote:
>>>> > >  > > >
>>>> > >  > > >
>>>> > >  > > > Yes. In my last email, I sent you the log of the result of
>>>> running with oauth debug logging enabled.
>>>> > >  > > > /etc/dovecot/conf.d/10-logging.conf:
>>>> > >  > > > ##
>>>> > >  > > > ## Logging verbosity and debugging.
>>>> > >  > > > ##
>>>> > >  > > >
>>>> > >  > > > # Log filter is a space-separated list conditions. If any of
>>>> the conditions
>>>> > >  > > > # match, the log filter matches (i.e. they're ORed
>>>> together). Parenthesis
>>>> > >  > > > # are supported if multiple conditions need to be matched
>>>> together.
>>>> > >  > > > # Supported conditions are:
>>>> > >  > > > # event:<name wildcard> - Match event name. '*' and '?'
>>>> wildcards supported.
>>>> > >  > > > # source:<filename>[:<line number>] - Match source code
>>>> filename [and line]
>>>> > >  > > > # field:<key>=<value wildcard> - Match field key to a value.
>>>> Can be specified
>>>> > >  > > > # multiple times to match multiple keys.
>>>> > >  > > > # cat[egory]:<value> - Match a category. Can be specified
>>>> multiple times to
>>>> > >  > > > # match multiple categories.
>>>> > >  > > > # For example: event:http_request_* (cat:error cat:storage)
>>>> > >  > > >
>>>> > >  > > > # Filter to specify what debug logging to enable. This will
>>>> eventually replace
>>>> > >  > > > # mail_debug and auth_debug settings.
>>>> > >  > > > log_debug=category=oauth2
>>>> > >  > > >
>>>> > >  > > > ------------------------------
>>>> > >  > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
>>>> > >  > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵
>>>> > >  > > > e-mail: taiki.fukuda at justsystems.com
>>>> > >  > > > 内線: 5158
>>>> > >  > > > TEL: 03-5324-7900
>>>> > >  > > > mobile: 080-6198-7328
>>>> > >  > > > ------------------------------
>>>> > >  > > >
>>>> > >  > > >
>>>> > >  > > > 2021年1月25日(月) 17:24 福田泰葵 <taiki.fukuda at justsystems.com>:
>>>> > >  > > > > Yes. In my last email, I sent you the log of the result of
>>>> running with oauth debug logging enabled.
>>>> > >  > > > >
>>>> > >  > > > > /etc/dovecot/conf.d/10-logging.conf:
>>>> > >  > > > >
>>>> > >  > > > > ```
>>>> > >  > > > > ```
>>>> > >  > > > >
>>>> > >  > > > >
>>>> > >  > > > >
>>>> > >  > > > >
>>>> ---------------------------------------------------------------------------------------------------------------------------------
>>>> > >  > > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
>>>> > >  > > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵
>>>> > >  > > > > e-mail: taiki.fukuda at justsystems.com
>>>> > >  > > > > 内線: 5158
>>>> > >  > > > > TEL: 03-5324-7900
>>>> > >  > > > > mobile: 080-6198-7328
>>>> > >  > > > >
>>>> ---------------------------------------------------------------------------------------------------------------------------------
>>>> > >  > > > >
>>>> > >  > > > >
>>>> > >  > > > >
>>>> > >  > > > > 2021年1月25日(月) 17:16 Aki Tuomi <aki.tuomi at open-xchange.com
>>>> >:
>>>> > >  > > > > >
>>>> > >  > > > > > > On 25/01/2021 10:12 福田泰葵 <taiki.fukuda at justsystems.com>
>>>> wrote:
>>>> > >  > > > > > >
>>>> > >  > > > > > >
>>>> > >  > > > > > > Dear Mr. Tuomi
>>>> > >  > > > > > > Google is responding to me as Unauthorized.
>>>> > >  > > > > > > So I need to send my credentials such as access token
>>>> in the request parameter for authentication in google’s Get User API
>>>> request.
>>>> > >  > > > > > > But I don’t know how to configure dovecot to achieve
>>>> that.
>>>> > >  > > > > > > Could you please help me with this?
>>>> > >  > > > > > > Best regards,
>>>> > >  > > > > > >
>>>> > >  > > > > > > ------------------------------
>>>> > >  > > > > > > 〒163-6017 東京都新宿区西新宿6-8-1 住友不動産新宿オークタワー
>>>> > >  > > > > > > 株式会社 ジャストシステム 技術企画室 情報システムグループ 福田泰葵
>>>> > >  > > > > > > e-mail: taiki.fukuda at justsystems.com
>>>> > >  > > > > > > 内線: 5158
>>>> > >  > > > > > > TEL: 03-5324-7900
>>>> > >  > > > > > >
>>>> > >  > > > > > > mobile: 080-6198-7328
>>>> > >  > > > > >
>>>> > >  > > > > >
>>>> > >  > > > > > Did you try the debugging things I mentioned? Your logs
>>>> do not indicate that you did.
>>>> > >  > > > > >
>>>> > >  > > > > > So,
>>>> > >  > > > > >
>>>> > >  > > > > > - Try turning on rawlogs for the oauth2 requests and see
>>>> what google is sending you?
>>>> > >  > > > > > - You can also try log_debug=category=oauth2 (2.3.13) to
>>>> get more debug logs from oauth2.
>>>> > >  > > > > >
>>>> > >  > > > > > Aki
>>>> > >  > > > > >
>>>> > >  > >
>>>> > >
>>>>
>>>
>
> --
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254 7 3200 0004/+254 7 2274 3223
> "Oh, the cruft.", grep ^[^#] :-)
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20210129/e2ac2e87/attachment-0001.html>


More information about the dovecot mailing list