[Users] OAUTH: Figuring out where I went wrong ( step by step )

David Fletcher David at megapico.co.uk
Fri Mar 25 14:48:09 UTC 2022


>The only thing I didn't do was change the API from TESTING to
>PUBLISHED. I wasn't sure if I was supposed to do that or not. That, and
>the message that pops up when you click publish saying that ANYONE would
>be able to use the API once it's published I was like noo.... I don't
>want just anybody being able to connect to my account.
>
>
You almost certainly can't change to Published, or In Production - this
requires the security verification process to be undertaken. But if this
was completed it would not give everyone access to your email! It would
be about the application being recognised as allowed to connect to Gmail
for any user (but to their own email, not yours).

>
>For some reason its like Google API only lets me use the " secret
>password" for x amount of time and then Google sees it as a bad
>password. And I then have to repeat the OAUTH steps again to get my
>account to work for a little while or just switch to using a 2 step
>password which always works without a problem.
>

I think there's two processes interacting here. If you reset your Google
password it effectively logs you out of any existing OAUTH2 connections
and requires you to re-authenticate. When you talk about a secret
password being valid for a limited amount of time, is resetting that
causing your OAUTH2 authentication to also be reset?

My experience is that as long as I don't re-set my Google account
password then the OAUTH2 authentication for Claws lasts indefinitely (or
at least so long that I never think about it - maybe 1 year or more).

Best regards, David.


More information about the Users mailing list