[Users] OAUTH2 Authorisation Status

Dustin Miller dustbiz at gmail.com
Sun Apr 3 15:26:39 UTC 2022 

On Sat, 02 Apr 2022 12:01:24 +0000
"David Fletcher" <David at megapico.co.uk> wrote:

> >Bernard Moreton <bernard.moreton at gmail.com> wrote:
> >
> >> Has anyone managed to get a successful (ie. stable) Production
> >> publishing status? ...
> >>
> >You have misunderstod the problem here. You do not need to change
> >your password every 7 or 30 days. What you are required to do is
> >make a new login at the identity provider to get a new token. The
> >token is the one that needs to be changed and not the password. How
> >often you need to change the token is solely up to the identity
> >provider.
> >
> 
> I'm not getting this re-authorisation every 7 days thing with Google.
> They are still giving the refresh tokens. The access tokens only last
> 1 hour, so to get to 7 days there must be a refresh token. Are you
> seeing things like this in the Network Log:
> 
> * OAUTH2 obtaining access token using refresh token
> * OAUTH2 access token obtained
> 
DM: Yes, I'm getting those, but then after the '7-day' limit it just
says something along the lines of 'unable to get the refresh token'.
But easily 'fixed' by just getting another authorization code and
authorizing. (I haven't tried the latest Claws Mail release, so am not
sure if those OAuth2 changes would have any bearing on the
practicalities of how this works, or whether it's solely a Google
thing.)
> 
> I've attached 3 screenshots showing how my Claws Mail ClientID is
> registered at Google - maybe there's some differences here from how
> others have done this? ...
> 
> Mine is set to "Production" status - but retains the not-verified
> warnings.
> 
DM: Thanks, David, for the screenshots and the info. My best guess is
that the difference is between the 'Testing' and 'In Production'
statuses, and this is likely why the FAQ page originally said to choose
'In Production'. However, I wasn't able to figure out how to do this,
since I was under the impression it was just a simple settings change.
But my understanding from the Google documentation was that to get 'In
Production' status, you have to 'Publish' the app/project. When I
attempted to do that, it brought up all these requirements that you had
to fulfill in order to do it, things that seemed to make sense for a
developer of an app, but not for an ordinary user. So I thought I was at
a dead-end with that. But based on your screenshots and comments, as
well as others' comments on the past, it looks like you can somehow get
an 'In Production' status without having to follow through with all the
verification steps. So perhaps 'In Production' is a status between
'Testing' and 'Verified'? In any case, I'd be interested in you or
anyone else providing the detailed steps of how you actually got the
app to the status of 'In Production'. Since I now know it's likely
possible, I could probably figure it out myself, but if someone would
provide this, it might save me and others a bit of time. :) Thanks,
---Dustin

More information about the Users mailing list