<div dir="ltr"><div class="gmail-adn gmail-ads" style="border-left:none;padding:0px;display:flex;font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:medium"><div class="gmail-gs" style="margin:0px;padding:0px 0px 20px;width:2144px"><div class="gmail-gE gmail-iv gmail-gt" style="padding:20px 0px 0px;font-size:0.875rem"><span style="font-family:Arial,Helvetica,sans-serif;font-size:small">Dear Sir or Madam</span><br></div><div class="gmail-"><div id="gmail-:690" class="gmail-ii gmail-gt" style="font-size:0.875rem;direction:ltr;margin:8px 0px 0px;padding:0px"><div id="gmail-:68z" class="gmail-a3s gmail-aiL" style="overflow:hidden;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:small;line-height:1.5;font-family:Arial,Helvetica,sans-serif"><div dir="ltr"><p style="margin:0px 0px 1.2em">Unable to build OAuth2.0 authentication to Gmail using dovecot as proxy.<br>I have a question about how to use dovecot as a proxy to perform OAuth 2.0 authentication to Gmail using a mail client.</p><ol style="margin:1.2em 0px;padding-left:2em"><li style="margin:0.5em 0px"><p style="margin:0.5em 0px">Is the following all I need to do to authenticate to Gmail using dovecot as a proxy?</p><ul style="margin:0px;padding-left:1em"><li style="margin:0.5em 0px"><p style="margin:0.5em 0px">passdb</p><pre style="white-space:pre-wrap;font-family:Consolas,Inconsolata,Courier,monospace;font-size:1em;line-height:1.2em;margin-top:1.2em;margin-bottom:1.2em"><code style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px 0.15em;background-color:rgb(248,248,248);overflow:auto;border-radius:3px;border:1px solid rgb(204,204,204);padding:0.5em 0.7em;display:block">passdb {
driver = oauth2
mechanisms = oauthbearer xoauth2
args = /etc/dovecot/dovecot-oauth2.token.conf.ext
}  
passdb {
driver = oauth2
mechanisms = plain login
args = /etc/dovecot/dovecot-oauth2.plain.conf.ext
}
</code></pre></li><li style="margin:0.5em 0px"><p style="margin:0.5em 0px">create <code style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px 0.15em;padding:0px 0.3em;white-space:pre-wrap;border:1px solid rgb(234,234,234);background-color:rgb(248,248,248);border-radius:3px;display:inline">dovecot-oauth2.token.conf.ext</code> and <code style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px 0.15em;padding:0px 0.3em;white-space:pre-wrap;border:1px solid rgb(234,234,234);background-color:rgb(248,248,248);border-radius:3px;display:inline">dovecot-oauth2.plain.conf.ext</code></p></li><li style="margin:0.5em 0px">create gmail service account api</li></ul></li><li style="margin:0.5em 0px"><p style="margin:0.5em 0px"><code style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px 0.15em;padding:0px 0.3em;white-space:pre-wrap;border:1px solid rgb(234,234,234);background-color:rgb(248,248,248);border-radius:3px;display:inline">grant_url</code> in <code style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px 0.15em;padding:0px 0.3em;white-space:pre-wrap;border:1px solid rgb(234,234,234);background-color:rgb(248,248,248);border-radius:3px;display:inline">dovecot-oauth2.token.conf.ext</code> and <code style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px 0.15em;padding:0px 0.3em;white-space:pre-wrap;border:1px solid rgb(234,234,234);background-color:rgb(248,248,248);border-radius:3px;display:inline">dovecot-oauth2.plain.conf.ext</code> is URL for obtaining a Google access token for a web server that I have built myself?</p></li><li style="margin:0.5em 0px"><p style="margin:0.5em 0px">I use a Gmail service account, so I don’t need a client ID and secret ID, right?</p></li><li style="margin:0.5em 0px"><p style="margin:0.5em 0px">Do I set <code style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px 0.15em;padding:0px 0.3em;white-space:pre-wrap;border:1px solid rgb(234,234,234);background-color:rgb(248,248,248);border-radius:3px;display:inline">introspection_url</code> to the URL of my own web server with the access token used for authentication to Google as the response?</p></li><li style="margin:0.5em 0px"><p style="margin:0.5em 0px">The documentation says “pass_attrs = host=127.0.0.1”, but if you are authenticating to Gmail, I should use<br>“pass_attrs = proxy=y host=%{if;%s;eq;imap;<a href="http://imap.gmail.com/" target="_blank">imap.gmail.com</a>;%{if;%s;eq;pop3;smtp .<a href="http://gmail.com/" target="_blank">gmail.com</a>;<a href="http://pop.gmail.com/" target="_blank">pop.gmail.com</a>}} port=%{if;%s;eq;imap;993;%{if;%s;eq;pop3;587;465}} proxy_mech=xoauth2 pass=%{oauth2:access_token} user=%{oauth2:email oauth2:email}”?</p></li><li style="margin:0.5em 0px"><p style="margin:0.5em 0px">What is the difference between <code style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px 0.15em;padding:0px 0.3em;white-space:pre-wrap;border:1px solid rgb(234,234,234);background-color:rgb(248,248,248);border-radius:3px;display:inline">dovecot-oauth2.token.conf.ext</code> and <code style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px 0.15em;padding:0px 0.3em;white-space:pre-wrap;border:1px solid rgb(234,234,234);background-color:rgb(248,248,248);border-radius:3px;display:inline">dovecot-oauth2.plain.conf.ext</code> ? Do I need to configure both?</p></li></ol><p style="margin:0px 0px 1.2em">I used <a href="https://doc.dovecot.org/configuration_manual/authentication/oauth2/#proxy" target="_blank">https://doc.dovecot.org/configuration_manual/authentication/oauth2/#proxy</a> as a reference.<br>I would appreciate your reply.</p><p style="margin:0px 0px 1.2em">Yours faithfully,</p><hr><p style="margin:0px 0px 1.2em">e-mail: <a href="mailto:taiki.fukuda@justsystems.com" target="_blank">taiki.fukuda@justsystems.com</a><br>TEL: 03-5324-7900<br>mobile: 080-6198-7328</p><hr><div class="gmail-yj6qo"></div><div class="gmail-adL"></div><div title="MDH:RGVhciBTaXIgb3IgTWFkYW08ZGl2Pjxicj48L2Rpdj48ZGl2PlVuYWJsZSB0byBidWlsZCBPQXV0
aDIuMCBhdXRoZW50aWNhdGlvbiB0byBHbWFpbCB1c2luZyBkb3ZlY290IGFzIHByb3h5Ljxicj48
L2Rpdj48ZGl2PkkgaGF2ZSBhIHF1ZXN0aW9uIGFib3V0IGhvdyB0byB1c2UgZG92ZWNvdCBhcyBh
IHByb3h5IHRvIHBlcmZvcm0gT0F1dGggMi4wIGF1dGhlbnRpY2F0aW9uIHRvIEdtYWlsIHVzaW5n
IGEgbWFpbCBjbGllbnQuPGJyPjwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+MS4mbmJzcDtJcyB0
aGUgZm9sbG93aW5nIGFsbCBJIG5lZWQgdG8gZG8gdG8gYXV0aGVudGljYXRlIHRvIEdtYWlsIHVz
aW5nIGRvdmVjb3QgYXMgYSBwcm94eT88L2Rpdj48ZGl2PiZuYnNwOyAtJm5ic3A7cGFzc2RiPC9k
aXY+PGRpdj4mbmJzcDsgYGBgPGJyPiZuYnNwOyBwYXNzZGIgezxicj4mbmJzcDsgJm5ic3A7IGRy
aXZlciA9IG9hdXRoMjxicj4mbmJzcDsgJm5ic3A7IG1lY2hhbmlzbXMgPSBvYXV0aGJlYXJlciB4
b2F1dGgyPGJyPiZuYnNwOyAmbmJzcDsgYXJncyA9IC9ldGMvZG92ZWNvdC9kb3ZlY290LW9hdXRo
Mi50b2tlbi5jb25mLmV4dDxicj4mbmJzcDsgfSAmbmJzcDs8YnI+Jm5ic3A7IHBhc3NkYiB7PGJy
PiZuYnNwOyAmbmJzcDsgZHJpdmVyID0gb2F1dGgyPGJyPiZuYnNwOyAmbmJzcDsgbWVjaGFuaXNt
cyA9IHBsYWluIGxvZ2luPGJyPiZuYnNwOyAmbmJzcDsgYXJncyA9IC9ldGMvZG92ZWNvdC9kb3Zl
Y290LW9hdXRoMi5wbGFpbi5jb25mLmV4dDxicj4mbmJzcDsgfTxicj4mbmJzcDsgYGBgPC9kaXY+
PGRpdj48YnI+PC9kaXY+PGRpdj4mbmJzcDsgLSBjcmVhdGUgYGRvdmVjb3Qtb2F1dGgyLnRva2Vu
LmNvbmYuZXh0YCBhbmQgYGRvdmVjb3Qtb2F1dGgyLnBsYWluLmNvbmYuZXh0YDwvZGl2PjxkaXY+
Jm5ic3A7IC0gY3JlYXRlIGdtYWlsIHNlcnZpY2UgYWNjb3VudCBhcGk8L2Rpdj48ZGl2Pjxicj48
L2Rpdj48ZGl2PjIuIGBncmFudF91cmwKCmAKCiBpbiBgZG92ZWNvdC1vYXV0aDIudG9rZW4uY29u
Zi5leHRgIGFuZCBgZG92ZWNvdC1vYXV0aDIucGxhaW4uY29uZi5leHRgIGlzJm5ic3A7VVJMIGZv
ciBvYnRhaW5pbmcgYSBHb29nbGUgYWNjZXNzIHRva2VuIGZvciBhIHdlYiBzZXJ2ZXIgdGhhdCBJ
IGhhdmUgYnVpbHQgbXlzZWxmPzwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+My4mbmJzcDtJIHVz
ZSBhIEdtYWlsIHNlcnZpY2UgYWNjb3VudCwgc28gSSBkb24ndCBuZWVkIGEgY2xpZW50IElEIGFu
ZCBzZWNyZXQgSUQsIHJpZ2h0PzwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+NC4mbmJzcDtEbyBJ
IHNldCBgaW50cm9zcGVjdGlvbl91cmxgIHRvIHRoZSBVUkwgb2YgbXkgb3duIHdlYiBzZXJ2ZXIg
d2l0aCB0aGUgYWNjZXNzIHRva2VuIHVzZWQgZm9yIGF1dGhlbnRpY2F0aW9uIHRvIEdvb2dsZSBh
cyB0aGUgcmVzcG9uc2U/PC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj41LiZuYnNwO1RoZSBkb2N1
bWVudGF0aW9uIHNheXMgInBhc3NfYXR0cnMgPSBob3N0PTEyNy4wLjAuMSIsIGJ1dCBpZiB5b3Ug
YXJlIGF1dGhlbnRpY2F0aW5nIHRvIEdtYWlsLCBJIHNob3VsZCB1c2UmbmJzcDs8L2Rpdj48ZGl2
PiJwYXNzX2F0dHJzID0gcHJveHk9eSBob3N0PSV7aWY7JXM7ZXE7aW1hcDtpbWFwLmdtYWlsLmNv
bTsle2lmOyVzO2VxO3BvcDM7c210cCAuZ21haWwuY29tO3BvcC5nbWFpbC5jb219fSBwb3J0PSV7
aWY7JXM7ZXE7aW1hcDs5OTM7JXtpZjslcztlcTtwb3AzOzU4Nzs0NjV9fSBwcm94eV9tZWNoPXhv
YXV0aDIgcGFzcz0le29hdXRoMjphY2Nlc3NfdG9rZW59IHVzZXI9JXtvYXV0aDI6ZW1haWwgb2F1
dGgyOmVtYWlsfSI/PC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj42LiZuYnNwO1doYXQgaXMgdGhl
IGRpZmZlcmVuY2UgYmV0d2VlbiBgZG92ZWNvdC1vYXV0aDIudG9rZW4uY29uZi5leHRgIGFuZCBg
ZG92ZWNvdC1vYXV0aDIucGxhaW4uY29uZi5leHRgID8gRG8gSSBuZWVkIHRvIGNvbmZpZ3VyZSBi
b3RoPzwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+SSB1c2VkIGh0dHBzOi8vZG9jLmRvdmVjb3Qu
b3JnL2NvbmZpZ3VyYXRpb25fbWFudWFsL2F1dGhlbnRpY2F0aW9uL29hdXRoMi8jcHJveHkgYXMg
YSByZWZlcmVuY2UuPGJyPjwvZGl2PjxkaXY+SSB3b3VsZCBhcHByZWNpYXRlIHlvdXIgcmVwbHku
PC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj5Zb3VycyBmYWl0aGZ1bGx5LDwvZGl2PjxkaXY+PGJy
PjwvZGl2PjxkaXY+PGRpdj48ZGl2IGRpcj0ibHRyIiBjbGFzcz0iZ21haWxfc2lnbmF0dXJlIiBk
YXRhLXNtYXJ0bWFpbD0iZ21haWxfc2lnbmF0dXJlIj48ZGl2IGRpcj0ibHRyIj48ZGl2IGRpcj0i
bHRyIj48ZGl2IGRpcj0ibHRyIj48ZGl2IGRpcj0ibHRyIj48ZGl2IGRpcj0ibHRyIj48ZGl2Pi0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLTwvZGl2PjxkaXY+ZS1tYWlsOiA8YSBocmVmPSJtYWlsdG86dGFpa2kuZnVr
dWRhQGp1c3RzeXN0ZW1zLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPnRhaWtpLmZ1a3VkYUBqdXN0c3lz
dGVtcy5jb208L2E+PC9kaXY+PGRpdj5URUw6IDAzLTUzMjQtNzkwMDwvZGl2PjxkaXY+bW9iaWxl
OiAwODAtNjE5OC03MzI4PC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj4tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08
YnI+PC9kaXY+PC9kaXY+PC9kaXY+PC9kaXY+PC9kaXY+PC9kaXY+PC9kaXY+PC9kaXY+PC9kaXY+" class="gmail-adL" style="height:0px;width:0px;max-height:0px;max-width:0px;overflow:hidden;font-size:0em;padding:0px;margin:0px"></div></div><div class="gmail-adL"></div></div></div><div class="gmail-hi" style="border-bottom-left-radius:1px;border-bottom-right-radius:1px;padding:0px;width:auto;background:rgb(242,242,242);margin:0px"></div></div></div><div class="gmail-ajx" style="clear:both"><br><br></div></div></div>