[Users] OAuth2 authorization expires? (ToCM-list)

Geoffrey Leach geoffleach.gl at gmail.com
Sun May 1 19:18:59 UTC 2022


DM. Thanks for the new insight.

On Sun, 1 May 2022 11:23:00 +0600
Dustin Miller <dustbiz at gmail.com> wrote:

> On 5/1/22, Geoffrey Leach <geoffleach.gl at gmail.com> wrote:
> > After a week or so, I noticed that my OAuth2 connection to gmail was
> > no longer operational. After re-creating the authorization, I
> > noticed this in the log: * OAuth2 access token expiry stored. Is
> > renewal of the authorization something that is required on a
> > regular basis? 
> DM: Yes, as mentioned on the OAuth2 FAQ page
> (https://www.claws-mail.org/faq/index.php/Oauth2), when your Claws
> Mail 'project' is set up with a publishing status of 'Testing', the
> authorization will only last for seven days. Following is my proposed
> edit for the relevant Note 3, which is currently awaiting moderation:
> 
> "3. Regarding "Publishing status", the initial default is 'Testing'.
> To change this to 'In Production' click on the 'Publish App' button
> in the 'Publishing status' section of the 'OAuth Consent Screen', and
> then click on 'Confirm'. This results in the status changing to ‘In
> Production’ and a new section ‘Verification Status’ showing with a
> ‘Needs verification’ status, which can be safely ignored. In Claws
> Mail v3.19.0 and v4.1.0 this currently will not work or may initially
> work but only for a limited number of days, due to some changes
> Google has recently made in their authorization requirements. If it
> is not working, you will see an authorization error in the network
> log and not be able to connect for sending / receiving email. If you
> go to the 'OAuth2' page of the Claws Mail settings and try to obtain
> a new Authorization Code, you will see an authorization error in your
> browser that includes something like the following: “Error 400:
> invalid_request”  //  “You can't sign in to this app because it
> doesn't comply with Google's OAuth 2.0 policy for keeping apps
> secure.”  // “If you’re the app developer, make sure that these
> request details comply with Google policies."  //  "redirect_uri:
> <nowiki>urn:ietf:wg:oauth:2.0:oob</nowiki>”. Solutions / workarounds
> include:
> 
> a) The development team is working on implementing a fix for this,
> which will likely be eventually included in git and then a future
> release.
> 
> b) If you are willing and able to compile Claws Mail from the source
> code, then you can go to this link
> (https://lists.claws-mail.org/pipermail/users/2022-April/029933.html)
> for instructions on implementing the fix yourself.
> 
> c) You can switch back to 'Testing' status on the same 'OAuth Consent
> Screen' page you used before. For this to work you need to make sure
> you've added the desired email address to the 'Test Users' list on the
> 'Edit App Registration' - 'Test Users' page of the 'OAuth Consent
> Screen' setup process (or on the main 'OAuth Consent Screen' page).
> Note that with this status each authorization code will only last for
> seven days, after which you will be unable to connect and will see
> authorization errors in the network log. To get a new authorization
> code, go to the 'OAuth2' page of the Claws Mail settings and repeat
> the steps for getting an authorization code and completing
> authorization. (Note that there is no need to get a new client ID or
> client secret.) (Information in this Note 3 is current as of 17 Apr
> 2022.)
> 
> DM: I think you will find the above edit more helpful, depending how
> you decide to move forward in managing your accounts. Cheers,
> ---Dustin _______________________________________________
> Users mailing list
> Users at lists.claws-mail.org
> https://lists.claws-mail.org/cgi-bin/mailman/listinfo/users



More information about the Users mailing list