[Users] expired OAuth2 token treated as still fresh, will not update

David Fletcher David at megapico.co.uk
Mon Nov 7 17:50:11 UTC 2022


Dan N <dhn2-linux at stanfordalumni.org> wrote:

>This is the first time I've seen this problem and haven't tracked it down
>yet.
>
>gmail OAuth2 tokens have always expired after 1 hour.  I have "Get Mail"
>pull from 2 different gmail accounts so both have tokens with the same
>expire time.  80 minutes after the last token update, "Get Mail" updated
>one account token normally but the other says "OAuth2 access token still
>fresh" and won't update.  gmail access for that account fails because the
>sent token has expired.
>
>Is there a way to force a token update without repeating the entire
>authorization process?
>
>claws-mail 4.1.1 / GTK 3.24.34 / GLib 2.74.1 / Linux 6.0.6-1
>

Hi Dan,

This is strange. The OAUTH2 tokens are stored in the password database on
a per account basis so there should not be any interaction between the
accounts.

There is a function in the source (oauth2.c) which decides if the tokens
are still fresh:
if (expiry >  (g_get_real_time () / G_USEC_PER_SEC)){

The stored expiry time is actually generated locally on your machine to
avoid time zone issues. So if Google says the token has a life of 3600
seconds (1 hour) that is stored using g_get_real_time () /
G_USEC_PER_SEC) + 3600.

I'm not sure how that is going wrong unless there's something wrong
with your passwordstorerc file? Looking at my system just now changes to
this file are cached in memory until you close Claws. I'm not sure how
that would go wrong.

David.


More information about the Users mailing list