[Users] Gmail OAuth2 Authorization Errors

Dustin Miller dustbiz at gmail.com
Sat Apr 9 03:27:47 UTC 2022 

I have been using multiple Gmail accounts with POP and OAuth2. Recently
I switched three of these accounts from 'Testing' status to 'In
Production' status in order to avoid needing to get a new auth code
every seven days. I did this switch while my Claws (on a Linux system)
was at v4.0.0 and have since upgraded to v4.1.0. These accounts have all
been working as expected for at least a few days with this current
configuration.

Today when trying to get mail from one of these accounts with Claws, it
failed and the network log indicated that it hadn't been able to get
the access and/or refresh token it needed. (One of the other accounts
with the same configuration worked fine at the same time to get mail.)
When I tried to get a new authorization code it gave an authorization
error in the browser including the following info:

* “Error 400: invalid_request”
* “You can't sign in to this app because it doesn't comply with
  Google's OAuth 2.0 policy for keeping apps secure.”
* “If you’re the app developer, make sure that these request details
  comply with Google policies.
	redirect_uri: urn:ietf:wg:oauth:2.0:oob”

I tried deleting the app's entry in 'Credentials' and creating a new
one (i.e. to use a new client id and client secret), but this gave the
same result. If I revert to 'Testing' status, it works as expected.
I've checked in my Google account online and there doesn't seem to be
any security-related settings there that would be blocking this.

My best guess is that Google doesn't like how Claws Mail in 'In
Production' status is trying to access this account, but it seems
account-specific, so a bit ambiguous / fluid.

Based on the error above, am I right in thinking that this might be
something that Claws Mail developers would need to 'fix' within Claws
itself? Or would there be a way for me to 'fix' this via the Claws
settings or Google Cloud Platform?

I have a vague memory of someone else on this list encountering this
(or something like it), but I can't remember the details.

Thanks,
Dustin

More information about the Users mailing list