[Users] OAuth2 refresh token not obtained

Geoffrey Leach geoffleach.gl at gmail.com
Mon May 16 06:13:25 CEST 2022 

As it happens, today was my 7-day re-authorize, and the same problem
occurred. Rather than just re-authorize, I created a new claws-mail
client Id. Authorization was successful.

In answer to your other question, I'm as sure as I can be that nothing
germane was changed either on either system or on the API pages

FWIW, here's the --debug output from the unsuccessful re-authorize

oauth2.c:195:Auth response:
4/1AX4XfWgHPq-QttFqR_vwouj8KmMdvx3uRoJALfB4C24sBPUoWKDGigqFAb837:Auth
token:
4/1AX4XfWgHPq-QttFqR_vwouj8KmMdvx3uRoJALfB4C24sBPUoWKDGigqFAb804:Setting
GnuTLS priority to NORMAL:!VERS-SSL3.0:!VERS-TLS1.0:!VERS-TLS1.1,
status = 0GnuTLS session server name indication to accounts.google.com,
status = 0451:setting certificate callback function ssl.c:311:waiting
for SSL_connect thread... ssl.c:329:SSL_connect thread returned 0
ssl_certificate.c:266:got 131 certs in crt_list! 0x7ffd78a526e8
ssl_certificate.c:445:got
/home/geoff/.claws-mail/certs/accounts.google.com.443.cert first try
ssl_certificate.c:266:got 1 certs in crt_list! 0x7ffd78a52528
ssl_certificate.c:455:got cert 0x5616f35a8000
ssl_certificate.c:182:writing 1671 bytes ssl_certificate.c:182:writing
1996 bytes ssl_certificate.c:182:writing 1927 bytes
file-utils.c:58:TIMING safe_fclose : 0s102ms socket.c:1279:Unexpected
TLS read result -110 ** Message: 20:53:46.509: OAuth2 access token not
obtained

oauth2.c:349:OAuth2 - request: POST /o/oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/json
Content-Length: 281
Host: accounts.google.com
Connection: close
User-Agent: ClawsMail

client_id=302054593163-ffimbnapkbrnql0p3gs402grl8a3je96.apps.googleusercontent.com&code=4%2F1AX4XfWgHPq-QttFqR_vwouj8KmMdvx3uRoJALfB4C24sBPUoWKDGigqFAb8&client_secret=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&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&grant_type=authorization_code
 Response: 0

1.1 400 Bad Request

On Mon, 16 May 2022 06:03:21 +0600
Dustin Miller <dustbiz at gmail.com> wrote:

> On Sat, 14 May 2022 17:41:57 -0700
> Geoffrey Leach <geoffleach.gl at gmail.com> wrote:
> 
> > I've checked everything without any changes. Here's the log.
> >   
> DM: Thanks for the extra detail, Geoffrey. This increases the chances
> of someone on the list being able to help you.
> > 
> > o Beginning with the Google API Dashboard
> > 
> > o On the OAuth consent screen
> >     status testing (previous attempt to use publishing status
> > resulted in rejection of authorization request)
> >     user type external
> >     test users 1
> >     email addresses verified (user support and developer contact)
> >     app is claws-mail
> >     verify info on claws-mail page
> >     scopes verified
> >   
> > o on Credentials screen, verify client id name,
> >     copy Client ID and Client Secret, copy/paste to claws-mail
> > OAuth2 page
> > 
> > o On claws-mail OAuth2 page click on 'Open default browser with
> > request' Google pages as expected, resulting in an authorization
> > code Copy code to OAuth2 page Authorization Code field.
> >    
> > o Click on Authorize button
> >     Network log
> > * OAuth2 access token not obtained
> > * OAuth2 refresh token not obtained
> >     The password fields in the Basic and Send pages remain empty
> >   
> DM: This is the point at which I would focus. I'm pretty sure that if
> you click the 'Authorize' button and those two password fields are not
> auto-populated as a result, then you will not be able to successfully
> connect. But I'm not sure why these are not being auto-populated. (A
> developer who knows how the code works might be able to give more
> insight as to the possible problem.) It also seems a bit strange to me
> if this exact setup used to work, but doesn't anymore.
> 
> DM: Have you confirmed that your Claws OAuth2 settings on other pages
> are correct? (See the top section of the FAQ page for reference.)
> 
> DM: Have you confirmed that all of your Claws non-OAuth2 settings are
> correct? (I'm not sure if any of these would interfere with the
> expected result from clicking the 'Authorize' button or not.)
> 
> DM: You could also try running Claws from the commandline using the
> option '--debug', then going through the authorization process again,
> and see if any helpful output shows up in the terminal.
> 
> DM: I guess there's a chance that one or more changes on your system
> unrelated to Claws is somehow keeping Claws from being able to 'act'
> when the 'Authorize' button is clicked (write permissions?), but I'm
> not sure what the likelihood of that is.
> 
> DM: Those are all the ideas I can think of, but I'm reasonably certain
> that this is the main symptom and/or problem in the process and thus,
> where you should be focusing your energies in trouble-shooting and
> research. Perhaps someone else on the list who is more advanced in
> their knowledge and understanding will be able to provide more ideas /
> suggestions for how to sort this out. HTH, ---Dustin
> > 
> >     This behavior is reproducable.
> > 
> > Claws-mail version 4.1.0.
> > Browser is Firefox
> > Fedora 35 environment is up-to-date.
> > 
> > Suggestions appreciated.
> > 
> > On Wed, 11 May 2022 11:06:26 +0600
> > Dustin Miller <dustbiz at gmail.com> wrote:
> >   
> > > On Tue, 10 May 2022 21:11:46 -0700
> > > Geoffrey Leach <geoffleach.gl at gmail.com> wrote:
> > >   
> > > > o Two accounts, two laptops, 2 users. 
> > > >     
> > > DM: Okay, the thing to watch for here is to make sure that the
> > > account you are getting the authorization code for from Google via
> > > your web browser is the same account whose settings you are
> > > pasting the code into in Claws.
> > > 
> > > DM: Am I right in assuming that the account you are working with
> > > is using the publishing status of 'Testing' in the API console?  
> > > > 
> > > > o What I normally do is just to punch the Authorize button on
> > > > the OAuth2 page.
> > > >     
> > > DM: From what I understand of the process, this should never work
> > > if you are using an account with 'Testing' status and the
> > > authorization code has expired, since only doing that would mean
> > > you were still using the old authorization code.  
> > > > 
> > > > When that did not work, I re-requested an authorization code,
> > > > which worked (new code) but Authorize did not work. I then went
> > > > back to the API Console and verified that nothing has changed.
> > > >     
> > > DM: Is this based on your memory of what you did before, or did
> > > you actually go through the process again and record each step?
> > > Here is the process that worked for me:
> > > 
> > > * 1. On the Claws OAuth2 page, click on the 'Open default browser
> > > with request' button. (This will take you to your browser. Make
> > > sure you sign in to the correct Gmail account.)
> > > 
> > > * 2. Assuming you've clicked through whatever screens you've
> > > needed to and no errors have shown up in your browser, you should
> > > eventually see a screen that gives you an authorization code to
> > > use.
> > > 
> > > * 3. Copy this code from the browser screen to the Claws OAuth2
> > > page's 'Authorization code' field. (Note that this needs to
> > > completely replace the old code.)
> > > 
> > > * 4. Click on 'Authorize', then on 'OK' and 'Close' to complete
> > > the process and exit the account settings. (If you want to make
> > > sure that clicking the 'Authorize' button is doing what it's
> > > supposed to, then first go to both the 'Basic' and 'Send' pages
> > > and completely clear the contents of the 'Password' fields. After
> > > you've clicked 'Authorize', you can check these pages again and
> > > the 'Password' fields should have been automatically filled
> > > again. This normally isn't necessary to do, but can be helpful if
> > > you want to make sure that you actually activated the 'Authorize'
> > > button when you tried to click it.)
> > > 
> > > DM: My understanding is that the above process should work,
> > > assuming you were successfully using OAuth2 before and you
> > > haven't changed any settings anywhere, unless of course something
> > > changed on Google's end.
> > > 
> > > DM: When you do try this again, I would strongly recommend that
> > > you take 'very detailed' notes in regards to each step that you
> > > do. If it works, great -- you can then keep the notes on hand for
> > > future reference, as needed. If it doesn't work, then you can
> > > post those notes here, in case I or others can use them to give
> > > you more ideas of what to try. Would probably also be helpful to
> > > provide copy/paste or word-for-word quotes of any relevant error
> > > messages. Hope that helps, ---Dustin  
> > > > 
> > > > On Wed, 11 May 2022 06:51:20 +0600
> > > > Dustin Miller <dustbiz at gmail.com> wrote:
> > > >     
> > > > > On Tue, 10 May 2022 13:32:23 -0700
> > > > > Geoffrey Leach <geoffleach.gl at gmail.com> wrote:
> > > > >       
> > > > > > Performing the weekly re-authorization for the Google
> > > > > > account, Google does not give authorization. 
> > > > > >         
> > > > > DM: Hi, Geoffrey. Presumably this is with a Gmail account that
> > > > > was working with OAuth2 previously and you haven't changed
> > > > > anything in Claws since then? Please mention whether either of
> > > > > these two assumptions is incorrect.
> > > > > 
> > > > > DM: Do you use more than one Gmail account? If so, have you
> > > > > double-checked that, when you go to your web browser to get
> > > > > the authorization code you need, you are signed / signing in
> > > > > to the correct account?
> > > > > 
> > > > > DM: Could you work through the process again of trying to do
> > > > > the authorization, and post here the detailed steps of what
> > > > > you did? This could help to determine if there is a problem
> > > > > in your process. If there are any areas of the process you
> > > > > are unsure of, you can refer to the FAQ page here:
> > > > > https://www.claws-mail.org/faq/index.php/Oauth2 . ---Dustin
> > > > >    
> > > > > > 
> > > > > > Details on the API Dashboard have not changed. CM version
> > > > > > 4.1.0   
> > > > > _______________________________________________
> > > > > Users mailing list
> > > > > Users at lists.claws-mail.org
> > > > > https://lists.claws-mail.org/cgi-bin/mailman/listinfo/users
> > > > >    
> > > > 
> > > > _______________________________________________
> > > > Users mailing list
> > > > Users at lists.claws-mail.org
> > > > https://lists.claws-mail.org/cgi-bin/mailman/listinfo/users    
> > > 
> > > _______________________________________________
> > > Users mailing list
> > > Users at lists.claws-mail.org
> > > https://lists.claws-mail.org/cgi-bin/mailman/listinfo/users  
> >   
>

More information about the Users mailing list