<div dir="ltr"><div class="markdown-here-wrapper" style=""><p style="margin:0px 0px 1.2em!important">Dear Sir or Madam</p>
<p style="margin:0px 0px 1.2em!important">Unable to build OAuth2.0 authentication to Gmail using dovecot as proxy.<br>I have a question about how to use dovecot as a proxy to perform OAuth 2.0 authentication to Gmail using a mail client.</p>
<ol style="margin:1.2em 0px;padding-left:2em">
<li style="margin:0.5em 0px"><p style="margin:0px 0px 1.2em!important;margin:0.5em 0px!important">Is the following all I need to do to authenticate to Gmail using dovecot as a proxy?</p>
<ul style="margin:1.2em 0px;padding-left:2em;margin:0px;padding-left:1em">
<li style="margin:0.5em 0px"><p style="margin:0px 0px 1.2em!important;margin:0.5em 0px!important">passdb</p>
<pre style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;font-size:1em;line-height:1.2em;margin:1.2em 0px"><code style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px 0.15em;padding:0px 0.3em;white-space:pre-wrap;border:1px solid rgb(234,234,234);background-color:rgb(248,248,248);border-radius:3px;display:inline;white-space:pre;overflow:auto;border-radius:3px;border:1px solid rgb(204,204,204);padding:0.5em 0.7em;display:block!important">passdb {
driver = oauth2
mechanisms = oauthbearer xoauth2
args = /etc/dovecot/dovecot-oauth2.token.conf.ext
}  
passdb {
driver = oauth2
mechanisms = plain login
args = /etc/dovecot/dovecot-oauth2.plain.conf.ext
}
</code></pre></li>
<li style="margin:0.5em 0px"><p style="margin:0px 0px 1.2em!important;margin:0.5em 0px!important">create <code style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px 0.15em;padding:0px 0.3em;white-space:pre-wrap;border:1px solid rgb(234,234,234);background-color:rgb(248,248,248);border-radius:3px;display:inline">dovecot-oauth2.token.conf.ext</code> and <code style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px 0.15em;padding:0px 0.3em;white-space:pre-wrap;border:1px solid rgb(234,234,234);background-color:rgb(248,248,248);border-radius:3px;display:inline">dovecot-oauth2.plain.conf.ext</code></p>
</li>
<li style="margin:0.5em 0px">create gmail service account api</li>
</ul>
</li>
<li style="margin:0.5em 0px"><p style="margin:0px 0px 1.2em!important;margin:0.5em 0px!important"><code style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px 0.15em;padding:0px 0.3em;white-space:pre-wrap;border:1px solid rgb(234,234,234);background-color:rgb(248,248,248);border-radius:3px;display:inline">grant_url</code>   in <code style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px 0.15em;padding:0px 0.3em;white-space:pre-wrap;border:1px solid rgb(234,234,234);background-color:rgb(248,248,248);border-radius:3px;display:inline">dovecot-oauth2.token.conf.ext</code> and <code style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px 0.15em;padding:0px 0.3em;white-space:pre-wrap;border:1px solid rgb(234,234,234);background-color:rgb(248,248,248);border-radius:3px;display:inline">dovecot-oauth2.plain.conf.ext</code> is URL for obtaining a Google access token for a web server that I have built myself?</p>
</li>
<li style="margin:0.5em 0px"><p style="margin:0px 0px 1.2em!important;margin:0.5em 0px!important">I use a Gmail service account, so I don’t need a client ID and secret ID, right?</p>
</li>
<li style="margin:0.5em 0px"><p style="margin:0px 0px 1.2em!important;margin:0.5em 0px!important">Do I set <code style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px 0.15em;padding:0px 0.3em;white-space:pre-wrap;border:1px solid rgb(234,234,234);background-color:rgb(248,248,248);border-radius:3px;display:inline">introspection_url</code> to the URL of my own web server with the access token used for authentication to Google as the response?</p>
</li>
<li style="margin:0.5em 0px"><p style="margin:0px 0px 1.2em!important;margin:0.5em 0px!important">The documentation says “pass_attrs = host=127.0.0.1”, but if you are authenticating to Gmail, I should use<br>“pass_attrs = proxy=y host=%{if;%s;eq;imap;<a href="http://imap.gmail.com">imap.gmail.com</a>;%{if;%s;eq;pop3;smtp .<a href="http://gmail.com">gmail.com</a>;<a href="http://pop.gmail.com">pop.gmail.com</a>}} port=%{if;%s;eq;imap;993;%{if;%s;eq;pop3;587;465}} proxy_mech=xoauth2 pass=%{oauth2:access_token} user=%{oauth2:email oauth2:email}”?</p>
</li>
<li style="margin:0.5em 0px"><p style="margin:0px 0px 1.2em!important;margin:0.5em 0px!important">What is the difference between <code style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px 0.15em;padding:0px 0.3em;white-space:pre-wrap;border:1px solid rgb(234,234,234);background-color:rgb(248,248,248);border-radius:3px;display:inline">dovecot-oauth2.token.conf.ext</code> and <code style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px 0.15em;padding:0px 0.3em;white-space:pre-wrap;border:1px solid rgb(234,234,234);background-color:rgb(248,248,248);border-radius:3px;display:inline">dovecot-oauth2.plain.conf.ext</code> ? Do I need to configure both?</p>
</li>
</ol>
<p style="margin:0px 0px 1.2em!important">I used <a href="https://doc.dovecot.org/configuration_manual/authentication/oauth2/#proxy">https://doc.dovecot.org/configuration_manual/authentication/oauth2/#proxy</a> as a reference.<br>I would appreciate your reply.</p>
<p style="margin:0px 0px 1.2em!important">Yours faithfully,</p>
<hr>
<p style="margin:0px 0px 1.2em!important">e-mail: <a href="mailto:taiki.fukuda@justsystems.com">taiki.fukuda@justsystems.com</a><br>TEL: 03-5324-7900<br>mobile: 080-6198-7328</p>
<hr>
<div title="MDH:RGVhciBTaXIgb3IgTWFkYW08ZGl2Pjxicj48L2Rpdj48ZGl2PlVuYWJsZSB0byBidWlsZCBPQXV0
aDIuMCBhdXRoZW50aWNhdGlvbiB0byBHbWFpbCB1c2luZyBkb3ZlY290IGFzIHByb3h5Ljxicj48
L2Rpdj48ZGl2PkkgaGF2ZSBhIHF1ZXN0aW9uIGFib3V0IGhvdyB0byB1c2UgZG92ZWNvdCBhcyBh
IHByb3h5IHRvIHBlcmZvcm0gT0F1dGggMi4wIGF1dGhlbnRpY2F0aW9uIHRvIEdtYWlsIHVzaW5n
IGEgbWFpbCBjbGllbnQuPGJyPjwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+MS4mbmJzcDtJcyB0
aGUgZm9sbG93aW5nIGFsbCBJIG5lZWQgdG8gZG8gdG8gYXV0aGVudGljYXRlIHRvIEdtYWlsIHVz
aW5nIGRvdmVjb3QgYXMgYSBwcm94eT88L2Rpdj48ZGl2PiZuYnNwOyAtJm5ic3A7cGFzc2RiPC9k
aXY+PGRpdj4mbmJzcDsgYGBgPGJyPiZuYnNwOyBwYXNzZGIgezxicj4mbmJzcDsgJm5ic3A7IGRy
aXZlciA9IG9hdXRoMjxicj4mbmJzcDsgJm5ic3A7IG1lY2hhbmlzbXMgPSBvYXV0aGJlYXJlciB4
b2F1dGgyPGJyPiZuYnNwOyAmbmJzcDsgYXJncyA9IC9ldGMvZG92ZWNvdC9kb3ZlY290LW9hdXRo
Mi50b2tlbi5jb25mLmV4dDxicj4mbmJzcDsgfSAmbmJzcDs8YnI+Jm5ic3A7IHBhc3NkYiB7PGJy
PiZuYnNwOyAmbmJzcDsgZHJpdmVyID0gb2F1dGgyPGJyPiZuYnNwOyAmbmJzcDsgbWVjaGFuaXNt
cyA9IHBsYWluIGxvZ2luPGJyPiZuYnNwOyAmbmJzcDsgYXJncyA9IC9ldGMvZG92ZWNvdC9kb3Zl
Y290LW9hdXRoMi5wbGFpbi5jb25mLmV4dDxicj4mbmJzcDsgfTxicj4mbmJzcDsgYGBgPC9kaXY+
PGRpdj48YnI+PC9kaXY+PGRpdj4mbmJzcDsgLSBjcmVhdGUgYGRvdmVjb3Qtb2F1dGgyLnRva2Vu
LmNvbmYuZXh0YCBhbmQgYGRvdmVjb3Qtb2F1dGgyLnBsYWluLmNvbmYuZXh0YDwvZGl2PjxkaXY+
Jm5ic3A7IC0gY3JlYXRlIGdtYWlsIHNlcnZpY2UgYWNjb3VudCBhcGk8L2Rpdj48ZGl2Pjxicj48
L2Rpdj48ZGl2PjIuIGBncmFudF91cmwKCmAKCiBpbiBgZG92ZWNvdC1vYXV0aDIudG9rZW4uY29u
Zi5leHRgIGFuZCBgZG92ZWNvdC1vYXV0aDIucGxhaW4uY29uZi5leHRgIGlzJm5ic3A7VVJMIGZv
ciBvYnRhaW5pbmcgYSBHb29nbGUgYWNjZXNzIHRva2VuIGZvciBhIHdlYiBzZXJ2ZXIgdGhhdCBJ
IGhhdmUgYnVpbHQgbXlzZWxmPzwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+My4mbmJzcDtJIHVz
ZSBhIEdtYWlsIHNlcnZpY2UgYWNjb3VudCwgc28gSSBkb24ndCBuZWVkIGEgY2xpZW50IElEIGFu
ZCBzZWNyZXQgSUQsIHJpZ2h0PzwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+NC4mbmJzcDtEbyBJ
IHNldCBgaW50cm9zcGVjdGlvbl91cmxgIHRvIHRoZSBVUkwgb2YgbXkgb3duIHdlYiBzZXJ2ZXIg
d2l0aCB0aGUgYWNjZXNzIHRva2VuIHVzZWQgZm9yIGF1dGhlbnRpY2F0aW9uIHRvIEdvb2dsZSBh
cyB0aGUgcmVzcG9uc2U/PC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj41LiZuYnNwO1RoZSBkb2N1
bWVudGF0aW9uIHNheXMgInBhc3NfYXR0cnMgPSBob3N0PTEyNy4wLjAuMSIsIGJ1dCBpZiB5b3Ug
YXJlIGF1dGhlbnRpY2F0aW5nIHRvIEdtYWlsLCBJIHNob3VsZCB1c2UmbmJzcDs8L2Rpdj48ZGl2
PiJwYXNzX2F0dHJzID0gcHJveHk9eSBob3N0PSV7aWY7JXM7ZXE7aW1hcDtpbWFwLmdtYWlsLmNv
bTsle2lmOyVzO2VxO3BvcDM7c210cCAuZ21haWwuY29tO3BvcC5nbWFpbC5jb219fSBwb3J0PSV7
aWY7JXM7ZXE7aW1hcDs5OTM7JXtpZjslcztlcTtwb3AzOzU4Nzs0NjV9fSBwcm94eV9tZWNoPXhv
YXV0aDIgcGFzcz0le29hdXRoMjphY2Nlc3NfdG9rZW59IHVzZXI9JXtvYXV0aDI6ZW1haWwgb2F1
dGgyOmVtYWlsfSI/PC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj42LiZuYnNwO1doYXQgaXMgdGhl
IGRpZmZlcmVuY2UgYmV0d2VlbiBgZG92ZWNvdC1vYXV0aDIudG9rZW4uY29uZi5leHRgIGFuZCBg
ZG92ZWNvdC1vYXV0aDIucGxhaW4uY29uZi5leHRgID8gRG8gSSBuZWVkIHRvIGNvbmZpZ3VyZSBi
b3RoPzwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+SSB1c2VkIGh0dHBzOi8vZG9jLmRvdmVjb3Qu
b3JnL2NvbmZpZ3VyYXRpb25fbWFudWFsL2F1dGhlbnRpY2F0aW9uL29hdXRoMi8jcHJveHkgYXMg
YSByZWZlcmVuY2UuPGJyPjwvZGl2PjxkaXY+SSB3b3VsZCBhcHByZWNpYXRlIHlvdXIgcmVwbHku
PC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj5Zb3VycyBmYWl0aGZ1bGx5LDwvZGl2PjxkaXY+PGJy
PjwvZGl2PjxkaXY+PGRpdj48ZGl2IGRpcj0ibHRyIiBjbGFzcz0iZ21haWxfc2lnbmF0dXJlIiBk
YXRhLXNtYXJ0bWFpbD0iZ21haWxfc2lnbmF0dXJlIj48ZGl2IGRpcj0ibHRyIj48ZGl2IGRpcj0i
bHRyIj48ZGl2IGRpcj0ibHRyIj48ZGl2IGRpcj0ibHRyIj48ZGl2IGRpcj0ibHRyIj48ZGl2Pi0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLTwvZGl2PjxkaXY+ZS1tYWlsOiA8YSBocmVmPSJtYWlsdG86dGFpa2kuZnVr
dWRhQGp1c3RzeXN0ZW1zLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPnRhaWtpLmZ1a3VkYUBqdXN0c3lz
dGVtcy5jb208L2E+PC9kaXY+PGRpdj5URUw6IDAzLTUzMjQtNzkwMDwvZGl2PjxkaXY+bW9iaWxl
OiAwODAtNjE5OC03MzI4PC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj4tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08
YnI+PC9kaXY+PC9kaXY+PC9kaXY+PC9kaXY+PC9kaXY+PC9kaXY+PC9kaXY+PC9kaXY+PC9kaXY+" style="height:0;width:0;max-height:0;max-width:0;overflow:hidden;font-size:0em;padding:0;margin:0"></div></div></div>