[Users] OAuth2 refresh token not obtained

Dustin Miller dustbiz at gmail.com
Mon May 16 06:45:08 CEST 2022 

On Sun, 15 May 2022 21:13:25 -0700
Geoffrey Leach <geoffleach.gl at gmail.com> wrote:

> As it happens, today was my 7-day re-authorize, and the same problem
> occurred. Rather than just re-authorize, I created a new claws-mail
> client Id. Authorization was successful.
> 
DM: Not sure what the problem was, but glad you got it working now.
---Dustin
> 
> In answer to your other question, I'm as sure as I can be that nothing
> germane was changed either on either system or on the API pages
> 
> FWIW, here's the --debug output from the unsuccessful re-authorize
> 
> oauth2.c:195:Auth response:
> 4/1AX4XfWgHPq-QttFqR_vwouj8KmMdvx3uRoJALfB4C24sBPUoWKDGigqFAb837:Auth
> token:
> 4/1AX4XfWgHPq-QttFqR_vwouj8KmMdvx3uRoJALfB4C24sBPUoWKDGigqFAb804:Setting
> GnuTLS priority to NORMAL:!VERS-SSL3.0:!VERS-TLS1.0:!VERS-TLS1.1,
> status = 0GnuTLS session server name indication to
> accounts.google.com, status = 0451:setting certificate callback
> function ssl.c:311:waiting for SSL_connect thread...
> ssl.c:329:SSL_connect thread returned 0 ssl_certificate.c:266:got 131
> certs in crt_list! 0x7ffd78a526e8 ssl_certificate.c:445:got
> /home/geoff/.claws-mail/certs/accounts.google.com.443.cert first try
> ssl_certificate.c:266:got 1 certs in crt_list! 0x7ffd78a52528
> ssl_certificate.c:455:got cert 0x5616f35a8000
> ssl_certificate.c:182:writing 1671 bytes ssl_certificate.c:182:writing
> 1996 bytes ssl_certificate.c:182:writing 1927 bytes
> file-utils.c:58:TIMING safe_fclose : 0s102ms socket.c:1279:Unexpected
> TLS read result -110 ** Message: 20:53:46.509: OAuth2 access token not
> obtained
> 
> oauth2.c:349:OAuth2 - request: POST /o/oauth2/token HTTP/1.1
> Content-Type: application/x-www-form-urlencoded
> Accept: text/html,application/json
> Content-Length: 281
> Host: accounts.google.com
> Connection: close
> User-Agent: ClawsMail
> 
> client_id=302054593163-ffimbnapkbrnql0p3gs402grl8a3je96.apps.googleusercontent.com&code=4%2F1AX4XfWgHPq-QttFqR_vwouj8KmMdvx3uRoJALfB4C24sBPUoWKDGigqFAb8&client_secret=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&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&grant_type=authorization_code
>  Response: 0
> 
> 1.1 400 Bad Request
> 
> On Mon, 16 May 2022 06:03:21 +0600
> Dustin Miller <dustbiz at gmail.com> wrote:
> 
> > On Sat, 14 May 2022 17:41:57 -0700
> > Geoffrey Leach <geoffleach.gl at gmail.com> wrote:
> >   
> > > I've checked everything without any changes. Here's the log.
> > >     
> > DM: Thanks for the extra detail, Geoffrey. This increases the
> > chances of someone on the list being able to help you.  
> > > 
> > > o Beginning with the Google API Dashboard
> > > 
> > > o On the OAuth consent screen
> > >     status testing (previous attempt to use publishing status
> > > resulted in rejection of authorization request)
> > >     user type external
> > >     test users 1
> > >     email addresses verified (user support and developer contact)
> > >     app is claws-mail
> > >     verify info on claws-mail page
> > >     scopes verified
> > >   
> > > o on Credentials screen, verify client id name,
> > >     copy Client ID and Client Secret, copy/paste to claws-mail
> > > OAuth2 page
> > > 
> > > o On claws-mail OAuth2 page click on 'Open default browser with
> > > request' Google pages as expected, resulting in an authorization
> > > code Copy code to OAuth2 page Authorization Code field.
> > >    
> > > o Click on Authorize button
> > >     Network log
> > > * OAuth2 access token not obtained
> > > * OAuth2 refresh token not obtained
> > >     The password fields in the Basic and Send pages remain empty
> > >     
> > DM: This is the point at which I would focus. I'm pretty sure that
> > if you click the 'Authorize' button and those two password fields
> > are not auto-populated as a result, then you will not be able to
> > successfully connect. But I'm not sure why these are not being
> > auto-populated. (A developer who knows how the code works might be
> > able to give more insight as to the possible problem.) It also
> > seems a bit strange to me if this exact setup used to work, but
> > doesn't anymore.
> > 
> > DM: Have you confirmed that your Claws OAuth2 settings on other
> > pages are correct? (See the top section of the FAQ page for
> > reference.)
> > 
> > DM: Have you confirmed that all of your Claws non-OAuth2 settings
> > are correct? (I'm not sure if any of these would interfere with the
> > expected result from clicking the 'Authorize' button or not.)
> > 
> > DM: You could also try running Claws from the commandline using the
> > option '--debug', then going through the authorization process
> > again, and see if any helpful output shows up in the terminal.
> > 
> > DM: I guess there's a chance that one or more changes on your system
> > unrelated to Claws is somehow keeping Claws from being able to 'act'
> > when the 'Authorize' button is clicked (write permissions?), but I'm
> > not sure what the likelihood of that is.
> > 
> > DM: Those are all the ideas I can think of, but I'm reasonably
> > certain that this is the main symptom and/or problem in the process
> > and thus, where you should be focusing your energies in
> > trouble-shooting and research. Perhaps someone else on the list who
> > is more advanced in their knowledge and understanding will be able
> > to provide more ideas / suggestions for how to sort this out. HTH,
> > ---Dustin  
> > > 
> > >     This behavior is reproducable.
> > > 
> > > Claws-mail version 4.1.0.
> > > Browser is Firefox
> > > Fedora 35 environment is up-to-date.
> > > 
> > > Suggestions appreciated.
> > > 
> > > On Wed, 11 May 2022 11:06:26 +0600
> > > Dustin Miller <dustbiz at gmail.com> wrote:
> > >     
> > > > On Tue, 10 May 2022 21:11:46 -0700
> > > > Geoffrey Leach <geoffleach.gl at gmail.com> wrote:
> > > >     
> > > > > o Two accounts, two laptops, 2 users. 
> > > > >       
> > > > DM: Okay, the thing to watch for here is to make sure that the
> > > > account you are getting the authorization code for from Google
> > > > via your web browser is the same account whose settings you are
> > > > pasting the code into in Claws.
> > > > 
> > > > DM: Am I right in assuming that the account you are working with
> > > > is using the publishing status of 'Testing' in the API console?
> > > >    
> > > > > 
> > > > > o What I normally do is just to punch the Authorize button on
> > > > > the OAuth2 page.
> > > > >       
> > > > DM: From what I understand of the process, this should never
> > > > work if you are using an account with 'Testing' status and the
> > > > authorization code has expired, since only doing that would mean
> > > > you were still using the old authorization code.    
> > > > > 
> > > > > When that did not work, I re-requested an authorization code,
> > > > > which worked (new code) but Authorize did not work. I then
> > > > > went back to the API Console and verified that nothing has
> > > > > changed. 
> > > > DM: Is this based on your memory of what you did before, or did
> > > > you actually go through the process again and record each step?
> > > > Here is the process that worked for me:
> > > > 
> > > > * 1. On the Claws OAuth2 page, click on the 'Open default
> > > > browser with request' button. (This will take you to your
> > > > browser. Make sure you sign in to the correct Gmail account.)
> > > > 
> > > > * 2. Assuming you've clicked through whatever screens you've
> > > > needed to and no errors have shown up in your browser, you
> > > > should eventually see a screen that gives you an authorization
> > > > code to use.
> > > > 
> > > > * 3. Copy this code from the browser screen to the Claws OAuth2
> > > > page's 'Authorization code' field. (Note that this needs to
> > > > completely replace the old code.)
> > > > 
> > > > * 4. Click on 'Authorize', then on 'OK' and 'Close' to complete
> > > > the process and exit the account settings. (If you want to make
> > > > sure that clicking the 'Authorize' button is doing what it's
> > > > supposed to, then first go to both the 'Basic' and 'Send' pages
> > > > and completely clear the contents of the 'Password' fields.
> > > > After you've clicked 'Authorize', you can check these pages
> > > > again and the 'Password' fields should have been automatically
> > > > filled again. This normally isn't necessary to do, but can be
> > > > helpful if you want to make sure that you actually activated
> > > > the 'Authorize' button when you tried to click it.)
> > > > 
> > > > DM: My understanding is that the above process should work,
> > > > assuming you were successfully using OAuth2 before and you
> > > > haven't changed any settings anywhere, unless of course
> > > > something changed on Google's end.
> > > > 
> > > > DM: When you do try this again, I would strongly recommend that
> > > > you take 'very detailed' notes in regards to each step that you
> > > > do. If it works, great -- you can then keep the notes on hand
> > > > for future reference, as needed. If it doesn't work, then you
> > > > can post those notes here, in case I or others can use them to
> > > > give you more ideas of what to try. Would probably also be
> > > > helpful to provide copy/paste or word-for-word quotes of any
> > > > relevant error messages. Hope that helps, ---Dustin    
> > > > > 
> > > > > On Wed, 11 May 2022 06:51:20 +0600
> > > > > Dustin Miller <dustbiz at gmail.com> wrote:
> > > > >       
> > > > > > On Tue, 10 May 2022 13:32:23 -0700
> > > > > > Geoffrey Leach <geoffleach.gl at gmail.com> wrote:
> > > > > >         
> > > > > > > Performing the weekly re-authorization for the Google
> > > > > > > account, Google does not give authorization. 
> > > > > > >           
> > > > > > DM: Hi, Geoffrey. Presumably this is with a Gmail account
> > > > > > that was working with OAuth2 previously and you haven't
> > > > > > changed anything in Claws since then? Please mention
> > > > > > whether either of these two assumptions is incorrect.
> > > > > > 
> > > > > > DM: Do you use more than one Gmail account? If so, have you
> > > > > > double-checked that, when you go to your web browser to get
> > > > > > the authorization code you need, you are signed / signing in
> > > > > > to the correct account?
> > > > > > 
> > > > > > DM: Could you work through the process again of trying to do
> > > > > > the authorization, and post here the detailed steps of what
> > > > > > you did? This could help to determine if there is a problem
> > > > > > in your process. If there are any areas of the process you
> > > > > > are unsure of, you can refer to the FAQ page here:
> > > > > > https://www.claws-mail.org/faq/index.php/Oauth2 . ---Dustin
> > > > > >      
> > > > > > > 
> > > > > > > Details on the API Dashboard have not changed. CM version
> > > > > > > 4.1.0     
> > > > > > _______________________________________________
> > > > > > Users mailing list
> > > > > > Users at lists.claws-mail.org
> > > > > > https://lists.claws-mail.org/cgi-bin/mailman/listinfo/users
> > > > > >      
> > > > > 
> > > > > _______________________________________________
> > > > > Users mailing list
> > > > > Users at lists.claws-mail.org
> > > > > https://lists.claws-mail.org/cgi-bin/mailman/listinfo/users
> > > > >    
> > > > 
> > > > _______________________________________________
> > > > Users mailing list
> > > > Users at lists.claws-mail.org
> > > > https://lists.claws-mail.org/cgi-bin/mailman/listinfo/users    
> > >     
> >   
>

More information about the Users mailing list