[Users] Setting up OAuth2 for GMail (To CM List)

Dustin Miller dustbiz at gmail.com
Thu May 5 06:31:45 UTC 2022 

On 5/5/22, Pierre Fortin <pf at pfortin.com> wrote:
>>Follow the instructions here:
>>https://support.google.com/googleapi/answer/6158849
>
> Leave it to Google to put out instructions that barely match the
> screens...  ;p
> 
DM: Hi, Pierre. Ah, yes, fun, fun. Thanks for sharing your process. But
perhaps Google has already changed something that will make it
different next time... ;) From what I can tell, looks like you set
things up right in Google Cloud Platform (GCP) for the 'In Production'
publishing status.
>
> Go to the API Console
> APIs & Services
>   Scopes
>     (ignored all; returned here later)
>     SAVE AND CONTINUE
>   Test users
>     (ignored all)
>     SAVE AND CONTINUE
>     Your Client Secret:  (copied to CM)  -- never saw a "pencil
> icon"... Apply (in CM)
> 
DM: Regarding "pencil icon", these types of details can be helpful for
some people, but then confusing if/when Google changes things up. For
some information, you can also access it at multiple places and the
related details can be different for each one.
>
> CM: Open default browser with request
> Google response:
> Authorization Error
> Error 400: invalid_request
>
> You can't sign in to this app because it doesn't comply with Google's
> OAuth 2.0 policy for keeping apps secure.
>
> You can let the app developer know that this app doesn't comply with
> one or more Google validation rules. The content in this section has
> been provided by the app developer. This content has not been
> reviewed or verified by Google. If you’re the app developer, make
> sure that these request details comply with Google policies.
>
>     redirect_uri: urn:ietf:wg:oauth:2.0:oob
>
DM: In line with your experience as shown by the above output, even in
the latest releases of Claws Mail (v3.19.0 and v4.1.0) using the 'In
Production' publishing status currently will not work or may initially
work but only for a limited number of days, due to some changes Google
has recently made in their authorization requirements. Solutions /
workarounds include:

a) The development team is working on implementing a fix for this,
which will likely be eventually included in git and then a future
release.

b) If you are willing and able to compile Claws Mail from the source
code, then you can go to this link
(https://lists.claws-mail.org/pipermail/users/2022-April/029933.html)
for instructions on implementing the fix yourself.

c) You can switch back to 'Testing' status on the same 'OAuth Consent
Screen' page you used before. (See Note 3 on the FAQ page
[https://www.claws-mail.org/faq/index.php/Oauth2] for important
details.)
>>
>>Scopes settings:
>>
> Added "https://mail.google.com/" and ADD TO TABLE, UPDATE -- I get:
>
>    Verification required
>
>    A restricted scope was added. To verify your app, it will need to
> go through the verification process. ...
> 
DM: My understanding is that this is similar to the message(s) that pop
up when you click on 'Publish App' and 'Confirm' in order to get the
'In Production' publishing status. Assuming you trust the app, you can
ignore this.
>
>>Troubleshooting:
>>
> ... net log gives: * OAuth2 access token not obtained
>
> Now what? 
> 
DM: See above for the solutions / workarounds that I'm aware of. HTH,
---Dustin

More information about the Users mailing list