Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XOAUTH2 authentication failed #536

Open
DamienRobert opened this issue Mar 16, 2018 · 6 comments
Open

XOAUTH2 authentication failed #536

DamienRobert opened this issue Mar 16, 2018 · 6 comments
Labels
enhancement need contributor!

Comments

@DamienRobert
Copy link

Using offlineimap 7.1.5, I fetch gmail emails via oauth2 token:

oauth2_client_id_eval = get_id_token_fromdict("gmail")
oauth2_client_secret_eval = get_secret_token_fromdict("gmail")
oauth2_refresh_token_eval = get_refresh_token_fromdict("gmail")

This work well at first, but after a while I get the following error messages:
XOAUTH2 authentication failed: [AUTHENTICATIONFAILED] Invalid credentials

Restarting offlineimap the authentification works again.

Just before it starts failing, I see
Attempting NOOP on dropped connection imap.gmail.com
(typically because I am resuming from suspend to ram).

So it would seems like somehow xoauth2 token are not correctly refreshed when restarting a dropped connection?
@chris001
Copy link
Member

Yep, the connection is no longer authenticated on gmail server side, due to the fact your computer suspended to RAM which caused it to drop the TCP network connection from your side to the Gmail imap server. The software needs a contributor to add code to detect this dropped network connection, and re-authenticate login.

@nicolas33
Copy link
Member

Linked to #56 .

@chris001
Copy link
Member

chris001 commented Mar 17, 2018
edited
Loading

@DamienRobert
Try adding this setting socktimeout into your .offlineimaprc config file [general] section:

[general]
socktimeout = 10

@kucharskim
Copy link

offlineimap fails for me after 1 hour of successful syncing with autorefresh=5, which I guess is related to:

$ offlineimap -d ALL -c gmail.rc
...
[imap]: xoauth2handler: response "{u'access_token': u'xxxxxxxxxxxx', u'token_type': u'Bearer', u'expires_in': 3600}"
...

@chris001
Copy link
Member

chris001 commented Mar 21, 2018
edited
Loading

Yep, the Gmail XOAUTH2 login expires after one hour @kucharskim .
We should probably upgrade the code so that it will detect the error that the login token has expired, get a new token, and continue.

@DamienRobert
Copy link
Author

@chris001: I already had 'socktimeout=90'. I'll try with socktimeout=10, but this is not a real fix, this just means we hope that the timeout will occur before the connection is resumed after a suspend so that offlineimap will reset the connection properly. (I understand this is hard to fix).

Thanks you all for your help.

frodeaa added a commit to frodeaa/offlineimap that referenced this issue Nov 18, 2018
@frodeaa
fix XOAUTH2 authentication failed
540d980 
reset the oauth2_access_token before
it expires

use `expires_in` from oauth2 response
to set when the access_token should be
cleared

divides the `expires_in` by 2 to ensure
the access_token is cleared before it
expires

ref: OfflineIMAP#536
frodeaa added a commit to frodeaa/offlineimap that referenced this issue Nov 18, 2018
@frodeaa
fix XOAUTH2 authentication failed
b99f166 
reset the oauth2_access_token before
it expires

use `expires_in` from oauth2 response
to set when the access_token should be
cleared

divides the `expires_in` by 2 to ensure
the access_token is cleared before it
expires

ref: OfflineIMAP#536
frodeaa added a commit to frodeaa/offlineimap that referenced this issue Nov 18, 2018
@frodeaa
Fix expired oauth2_access_token
890ca19 
Use `expires_in` from the oauth2 response
to reset the oauth2_access_token before
it expires

divides the `expires_in` by 2 to ensure
the access_token is cleared before it
expires

ref: OfflineIMAP#536

Signed-off-by: Frode Aannevik <frode.aa@gmail.com>
@frodeaa frodeaa mentioned this issue Nov 18, 2018
Closed
5 tasks
nicolas33 pushed a commit that referenced this issue Nov 18, 2018
@frodeaa @nicolas33
Fix expired oauth2_access_token
8692799 
Use `expires_in` from the oauth2 response
to reset the oauth2_access_token before
it expires

divides the `expires_in` by 2 to ensure
the access_token is cleared before it
expires

ref: #536

Signed-off-by: Frode Aannevik <frode.aa@gmail.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement need contributor!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nicolas33 @chris001 @DamienRobert @kucharskim