Google XOAUTH2 authentication fails

[PrincessOfSecret]

I try to use PHPMailer to send mails through a Gmail account, but somehow I have no success for days now and I have no idea how to make it work.

• I have PHPMailer 5.2.13.
• PHP 5.4.45 is installed on the server where I try to make it work.
• I used composer to load the files.
• I have set up everything by this tutorial: https://github.com/PHPMailer/PHPMailer/wiki/Using-Gmail-with-XOAUTH2
• I have the client ID, client secret and I got the refresh token, too.
• "Allow less secure apps" is enabled (it's done days before, so already active).

But when I try to send a mail:

2015-10-26 16:53:41 SERVER -> CLIENT: 220 smtp.gmail.com ESMTP b12sm2181782wma.6 - gsmtp
2015-10-26 16:53:41 CLIENT -> SERVER: EHLO test.com
2015-10-26 16:53:41 SERVER -> CLIENT: 250-smtp.gmail.com at your service, [85.25.210.226]
                                      250-SIZE 35882577
                                      250-8BITMIME
                                      250-STARTTLS
                                      250-ENHANCEDSTATUSCODES
                                      250-PIPELINING
                                      250-CHUNKING
                                      250 SMTPUTF8
2015-10-26 16:53:41 CLIENT -> SERVER: STARTTLS
2015-10-26 16:53:41 SERVER -> CLIENT: 220 2.0.0 Ready to start TLS
2015-10-26 16:53:41 CLIENT -> SERVER: EHLO test.com
2015-10-26 16:53:41 SERVER -> CLIENT: 250-smtp.gmail.com at your service, [85.25.210.226]
                                      250-SIZE 35882577
                                      250-8BITMIME
                                      250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
                                      250-ENHANCEDSTATUSCODES
                                      250-PIPELINING
                                      250-CHUNKING
                                      250 SMTPUTF8
2015-10-26 16:53:42 CLIENT -> SERVER: AUTH XOAUTH2 ******
2015-10-26 16:53:42 SERVER -> CLIENT: 334 ******
2015-10-26 16:53:42 SMTP ERROR: AUTH command failed: 334 ******
2015-10-26 16:53:42 SMTP Error: Could not authenticate.
2015-10-26 16:53:42 CLIENT -> SERVER: QUIT
2015-10-26 16:53:42 SERVER -> CLIENT: 535-5.7.8 Username and Password not accepted. Learn more at
                                      535 5.7.8  https://support.google.com/mail/answer/14257 b12sm2181782wma.6 - gsmtp
2015-10-26 16:53:42 SMTP ERROR: QUIT command failed: 535-5.7.8 Username and Password not accepted. Learn more at
                                      535 5.7.8  https://support.google.com/mail/answer/14257 b12sm2181782wma.6 - gsmtp
2015-10-26 16:53:42 SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting
SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting

It goes well for a while, but then the authentication fails.

My PHP code:

date_default_timezone_set('Europe/Belgrade');

require 'vendor/phpmailer/phpmailer/PHPMailerAutoload.php';
require 'vendor/autoload.php';

$from = "test@gmail.com";
if (isset($_REQUEST['to']) && $_REQUEST['to'] != ''){
    $to = $_REQUEST['to'];
    $name = $_REQUEST['to_name'];
} else {
    $to = "test@gmail.com";
    $name = "Admin";
}
$message = $_REQUEST['message'];
$subject = $_REQUEST['subject'];

$mail = new PHPMailerOAuth;
$mail->isSMTP();
$mail->SMTPDebug = 2;
$mail->Host = 'smtp.gmail.com';
$mail->Port = 587;
$mail->SMTPSecure = 'tls';
$mail->SMTPAuth = true;
$mail->AuthType = 'XOAUTH2';
$mail->oauthUserEmail = $from;
$mail->oauthClientId = "myclientID";
$mail->oauthClientSecret = "myclientsecret";
$mail->oauthRefreshToken = "myrefreshtoken";
$mail->setFrom($from, 'Test');
$mail->addAddress($to, $name);
$mail->Subject = $subject;
$mail->msgHTML($message);

if (!$mail->send()) {
    echo $mail->ErrorInfo;
} else {
    echo "1";
}

The only strange thing that happend during the setup was that when I tried to fetch the token, I didn't get that option which is in the tutorial ("PHPMailer would like to: View and manage your mail") but
"PHPMailer would like to:
Know who you are on Google
View your email address
View your basic profile info"

I don't know if it causes the failures or something else, but I have no idea what more I can do...

Thanks in advance.

[Synchro]

This might be related to #539, so try what's in the master branch at the moment. It seems that the league OAuth library changed its implementation and broke stuff.

[Synchro]

Incidentally you don't need to allow "less secure apps" if you're using XOAUTH2. If you have it enabled you can use regular ID and password auth, which should do as a workaround until this issue is sorted out.

[PrincessOfSecret]

I have also experienced those broken stuff that people reported there, but I think I could fix them, while I finally got the token. Or it can be wrong this way?

[PrincessOfSecret]

First I had tried just that simple way without XOAUTH2 and with username and password, but got the same error. I have also tried it again after I enabled less secure apps, but same error. But god, I will try it again just to be sure.

[PrincessOfSecret]

Not much success again.

2015-10-26 17:55:10 SERVER -> CLIENT: 220 smtp.gmail.com ESMTP p18sm14759216wik.21 - gsmtp
2015-10-26 17:55:10 CLIENT -> SERVER: EHLO test.com
2015-10-26 17:55:10 SERVER -> CLIENT: 250-smtp.gmail.com at your service, [85.25.210.226]
                                      250-SIZE 35882577
                                      250-8BITMIME
                                      250-STARTTLS
                                      250-ENHANCEDSTATUSCODES
                                      250-PIPELINING
                                      250-CHUNKING
                                      250 SMTPUTF8
2015-10-26 17:55:10 CLIENT -> SERVER: STARTTLS
2015-10-26 17:55:10 SERVER -> CLIENT: 220 2.0.0 Ready to start TLS
2015-10-26 17:55:10 CLIENT -> SERVER: EHLO test.com
2015-10-26 17:55:10 SERVER -> CLIENT: 250-smtp.gmail.com at your service, [85.25.210.226]
                                      250-SIZE 35882577
                                      250-8BITMIME
                                      250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
                                      250-ENHANCEDSTATUSCODES
                                      250-PIPELINING
                                      250-CHUNKING
                                      250 SMTPUTF8
2015-10-26 17:55:10 CLIENT -> SERVER: AUTH LOGIN
2015-10-26 17:55:10 SERVER -> CLIENT: 334 ******
2015-10-26 17:55:10 CLIENT -> SERVER: ******
2015-10-26 17:55:10 SERVER -> CLIENT: 334 ******
2015-10-26 17:55:10 CLIENT -> SERVER: ******
2015-10-26 17:55:10 SERVER -> CLIENT: 534-5.7.14 <https://accounts.google.com/ContinueSignIn?sarp=1&scc=1&plt=******
                                      534-5.7.14 ******
                                      534-5.7.14 ******
                                      534-5.7.14 ******
                                      534-5.7.14 ******> Please log in via your web browser and
                                      534-5.7.14 then try again.
                                      534-5.7.14  Learn more at
                                      534 5.7.14  https://support.google.com/mail/answer/78754 p18sm14759216wik.21 - gsmtp
2015-10-26 17:55:10 SMTP ERROR: Password command failed: 534-5.7.14 <https://accounts.google.com/ContinueSignIn?sarp=1&scc=1&plt=******
                                      534-5.7.14 ******
                                      534-5.7.14 ******
                                      534-5.7.14 ******
                                      534-5.7.14 ******> Please log in via your web browser and
                                      534-5.7.14 then try again.
                                      534-5.7.14  Learn more at
                                      534 5.7.14  https://support.google.com/mail/answer/78754 p18sm14759216wik.21 - gsmtp
2015-10-26 17:55:10 SMTP Error: Could not authenticate.
2015-10-26 17:55:10 CLIENT -> SERVER: QUIT
2015-10-26 17:55:10 SERVER -> CLIENT: 221 2.0.0 closing connection p18sm14759216wik.21 - gsmtp
2015-10-26 17:55:10 SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting
SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting

[quindo]

Have you tried setting $mail->SMTPDebug = 4;

I did that to get more verbose output I linked before.

SERVER -> CLIENT: 220-go.example.com ESMTP Exim 4.86 #2 Mon, 26 Oct 2015 14:54:55 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
CLIENT -> SERVER: EHLO example.com
SERVER -> CLIENT: 250-go.example.com Hello example.com [107.6.149.106]250-SIZE 52428800250-8BITMIME250-PIPELINING250-AUTH PLAIN LOGIN250-STARTTLS250 HELP
CLIENT -> SERVER: STARTTLS
SERVER -> CLIENT: 220 TLS go ahead
CLIENT -> SERVER: EHLO example.com
SERVER -> CLIENT: 250-go.example.com Hello example.com [107.6.149.106]250-SIZE 52428800250-8BITMIME250-PIPELINING250-AUTH PLAIN LOGIN250 HELP
SMTP Error: Could not authenticate.
CLIENT -> SERVER: QUIT
SERVER -> CLIENT: 221 go.example.com closing connection
SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting
Mailer Error: SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting

My issue might be related to my webserver using Exim as the Message Transfer Agent. I contacted my ServerHost and they said "We do not redirect any traffic nor prevent any outbound connections from our network."

You seem to at least by attempting to authenticate and getting the correct responses from google. Are you sure you got a refresh token and not a normal token?

I have gone through all the troubleshooting on my side and as far as I can tell I am connecting to 'a google server'. I have no idea why oauth2 is not available. I am in random RnD mode trying to troubleshoot it. If I get any progress on it I will update you all in this ticket.

[PrincessOfSecret]

Yeah, my webserver has no problem, I get to authentication every time, but it always fails. Login data is right, I can log in via browser. And yes, I've got both refresh and normal token, but I don't know how can I check if they are right or usable.

I tried with SMTPDebug = 4 as you adviced and here what I get (before this everything works well):

2015-10-27 11:56:34 Auth method requested: XOAUTH2
2015-10-27 11:56:34 Auth methods available on the server: LOGIN,PLAIN,XOAUTH2,PLAIN-CLIENTTOKEN,OAUTHBEARER,XOAUTH
2015-10-27 11:56:36 CLIENT -> SERVER: AUTH XOAUTH2 ******
2015-10-27 11:56:37 SMTP -> get_lines(): $data is ""
2015-10-27 11:56:37 SMTP -> get_lines(): $str is  "334 ******"
2015-10-27 11:56:37 SERVER -> CLIENT: 334 ******
2015-10-27 11:56:37 SMTP ERROR: AUTH command failed: 334 ******
2015-10-27 11:56:37 SMTP Error: Could not authenticate.
2015-10-27 11:56:37 CLIENT -> SERVER: QUIT
2015-10-27 11:56:37 SMTP -> get_lines(): $data is ""
2015-10-27 11:56:37 SMTP -> get_lines(): $str is  "535-5.7.8 Username and Password not accepted. Learn more at
                                      "
2015-10-27 11:56:37 SMTP -> get_lines(): $data is "535-5.7.8 Username and Password not accepted. Learn more at
                                      "
2015-10-27 11:56:37 SMTP -> get_lines(): $str is  "535 5.7.8  https://support.google.com/mail/answer/14257 e79sm2655985wmd.16 - gsmtp
                                      "
2015-10-27 11:56:37 SERVER -> CLIENT: 535-5.7.8 Username and Password not accepted. Learn more at
                                      535 5.7.8  https://support.google.com/mail/answer/14257 e79sm2655985wmd.16 - gsmtp
2015-10-27 11:56:37 SMTP ERROR: QUIT command failed: 535-5.7.8 Username and Password not accepted. Learn more at
                                      535 5.7.8  https://support.google.com/mail/answer/14257 e79sm2655985wmd.16 - gsmtp
2015-10-27 11:56:37 Connection: closed
2015-10-27 11:56:37 SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting
SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting

When I try do the simple way without OAUTH2, I get this below. Maybe the auth type is not right for the simple username-pass authentication?

2015-10-27 10:24:10 Auth method requested: PLAIN
2015-10-27 10:24:10 Auth methods available on the server: LOGIN,PLAIN,XOAUTH2,PLAIN-CLIENTTOKEN,OAUTHBEARER,XOAUTH
2015-10-27 10:24:10 CLIENT -> SERVER: AUTH PLAIN
2015-10-27 10:24:10 SMTP -> get_lines(): $data is ""
2015-10-27 10:24:10 SMTP -> get_lines(): $str is  "334 
                                      "
2015-10-27 10:24:10 SERVER -> CLIENT: 334
2015-10-27 10:24:10 CLIENT -> SERVER: ******
2015-10-27 10:24:11 SMTP -> get_lines(): $data is ""
2015-10-27 10:24:11 SMTP -> get_lines(): $str is  "534-5.7.9 Please log in with your web browser and then try again. Learn more at
                                      "
2015-10-27 10:24:11 SMTP -> get_lines(): $data is "534-5.7.9 Please log in with your web browser and then try again. Learn more at
                                      "
2015-10-27 10:24:11 SMTP -> get_lines(): $str is  "534 5.7.9  https://support.google.com/mail/answer/78754 65sm14738282qhf.4 - gsmtp
                                      "
2015-10-27 10:24:11 SERVER -> CLIENT: 534-5.7.9 Please log in with your web browser and then try again. Learn more at
                                      534 5.7.9  https://support.google.com/mail/answer/78754 65sm14738282qhf.4 - gsmtp
2015-10-27 10:24:11 SMTP ERROR: User & Password command failed: 534-5.7.9 Please log in with your web browser and then try again. Learn more at
                                      534 5.7.9  https://support.google.com/mail/answer/78754 65sm14738282qhf.4 - gsmtp
2015-10-27 10:24:11 SMTP Error: Could not authenticate.
2015-10-27 10:24:11 CLIENT -> SERVER: QUIT
2015-10-27 10:24:11 SMTP -> get_lines(): $data is ""
2015-10-27 10:24:11 SMTP -> get_lines(): $str is  "221 2.0.0 closing connection 65sm14738282qhf.4 - gsmtp
                                      "
2015-10-27 10:24:11 SERVER -> CLIENT: 221 2.0.0 closing connection 65sm14738282qhf.4 - gsmtp
2015-10-27 10:24:11 Connection: closed
2015-10-27 10:24:11 SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting
SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting

Google also advices app password. Can it help in my case?

[PrincessOfSecret]

I've just check the Gmail inbox for this account, and I saw that when I had tried to send the message without OAUTH2 and got the result above, a mail delivery notification arrived, that the delivery for that mail is failed. What the hell is going on? I feel quite desperate now...

[Synchro]

Like the troubleshooting docs say, you can enable access for "less secure apps" and use normal id and password auth. Unfortunately OAuth is extremely difficult to debug, just one of its many failings.

[PrincessOfSecret]

It's enabled, as I said still in my first post. That's why I don't understand why it is still not working. As you can see in the last debug, the authentication fails even if I use the normal user-pass way, but it sends mail delivery notification about the failure, while it didn't happen before.

[Synchro]

Have you looked at all the things on that gmail support page? Quite a few of them could cause this behaviour, not just auth.

[PrincessOfSecret]

I've checked every parameter once again then tried to send a message. Now the debugger says this:

2015-10-27 12:19:26 SERVER -> CLIENT: 220 smtp.gmail.com ESMTP v83sm5982905qkv.1 - gsmtp
2015-10-27 12:19:26 CLIENT -> SERVER: EHLO test.com
2015-10-27 12:19:26 SERVER -> CLIENT: 250-smtp.gmail.com at your service, [85.25.210.226]
                                      250-SIZE 35882577
                                      250-8BITMIME
                                      250-STARTTLS
                                      250-ENHANCEDSTATUSCODES
                                      250-PIPELINING
                                      250-CHUNKING
                                      250 SMTPUTF8
2015-10-27 12:19:26 CLIENT -> SERVER: STARTTLS
2015-10-27 12:19:26 SERVER -> CLIENT: 220 2.0.0 Ready to start TLS
2015-10-27 12:19:27 CLIENT -> SERVER: EHLO test.com
2015-10-27 12:19:28 SERVER -> CLIENT: 250-smtp.gmail.com at your service, [85.25.210.226]
                                      250-SIZE 35882577
                                      250-8BITMIME
                                      250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
                                      250-ENHANCEDSTATUSCODES
                                      250-PIPELINING
                                      250-CHUNKING
                                      250 SMTPUTF8
2015-10-27 12:19:28 CLIENT -> SERVER: AUTH PLAIN
2015-10-27 12:19:28 SERVER -> CLIENT: 334
2015-10-27 12:19:28 CLIENT -> SERVER: ******
2015-10-27 12:19:28 SERVER -> CLIENT: 235 2.7.0 Accepted
2015-10-27 12:19:28 CLIENT -> SERVER: MAIL FROM:<test@gmail.com>
2015-10-27 12:19:29 SERVER -> CLIENT: 250 2.1.0 OK v83sm5982905qkv.1 - gsmtp
2015-10-27 12:19:29 CLIENT -> SERVER: RCPT TO:<emese.buza.9@gmail.com>
2015-10-27 12:19:29 SERVER -> CLIENT: 250 2.1.5 OK v83sm5982905qkv.1 - gsmtp
2015-10-27 12:19:29 CLIENT -> SERVER: DATA
2015-10-27 12:19:30 SERVER -> CLIENT: 354  Go ahead v83sm5982905qkv.1 - gsmtp
2015-10-27 12:19:30 CLIENT -> SERVER: Date: Tue, 27 Oct 2015 13:19:25 +0100
2015-10-27 12:19:30 CLIENT -> SERVER: To: test <test2@gmail.com>
2015-10-27 12:19:30 CLIENT -> SERVER: From: Test <test@gmail.com>
2015-10-27 12:19:30 CLIENT -> SERVER: Subject: Poruka od Test.com 2015. 10. 27. - 13:19:20
2015-10-27 12:19:30 CLIENT -> SERVER: Message-ID: <****@test.com>
2015-10-27 12:19:30 CLIENT -> SERVER: X-Mailer: PHPMailer 5.2.13 (https://github.com/PHPMailer/PHPMailer/)
2015-10-27 12:19:30 CLIENT -> SERVER: MIME-Version: 1.0
2015-10-27 12:19:30 CLIENT -> SERVER: Content-Type: multipart/alternative;
2015-10-27 12:19:30 CLIENT -> SERVER:   boundary="***"
2015-10-27 12:19:30 CLIENT -> SERVER: Content-Transfer-Encoding: 8bit
2015-10-27 12:19:30 CLIENT -> SERVER:
2015-10-27 12:19:30 CLIENT -> SERVER: This is a multi-part message in MIME format.
2015-10-27 12:19:30 CLIENT -> SERVER:
2015-10-27 12:19:30 CLIENT -> SERVER: --***
2015-10-27 12:19:30 CLIENT -> SERVER: Content-Type: text/plain; charset=iso-8859-1
2015-10-27 12:19:30 CLIENT -> SERVER: Content-Transfer-Encoding: 8bit
2015-10-27 12:19:30 CLIENT -> SERVER:
2015-10-27 12:19:30 CLIENT -> SERVER: Poštovani,Dobili ste poruku preko Test.com na Vaš oglas Lorem ipsum dolor sit amet, consectetur adipiscing elit.Ime: testE-mail: test@test.comPoruka: "test"Test.com
2015-10-27 12:19:30 CLIENT -> SERVER:
2015-10-27 12:19:30 CLIENT -> SERVER:
2015-10-27 12:19:30 CLIENT -> SERVER: --***
2015-10-27 12:19:30 CLIENT -> SERVER: Content-Type: text/html; charset=iso-8859-1
2015-10-27 12:19:30 CLIENT -> SERVER: Content-Transfer-Encoding: 8bit
2015-10-27 12:19:30 CLIENT -> SERVER:
2015-10-27 12:19:30 CLIENT -> SERVER: <p>Poštovani,</p><p>Dobili ste poruku preko Test.com na Vaš oglas <a href="http://test.com/detalj/1251/lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-sve-ostalo-ostalo-srbija-test"><b>Lorem ipsum dolor sit amet, consectetur adipiscing elit</b></a>.</p><hr /><p><label>Ime:</label> <b>test</b><br /><label>E-mail:</label> <b>test@test.com</b><br /><label>Poruka:</label></p> <p><i>"test"</i></p><hr /><i>Test.com</i>
2015-10-27 12:19:30 CLIENT -> SERVER:
2015-10-27 12:19:30 CLIENT -> SERVER:
2015-10-27 12:19:30 CLIENT -> SERVER:
2015-10-27 12:19:30 CLIENT -> SERVER: --***--
2015-10-27 12:19:30 CLIENT -> SERVER:
2015-10-27 12:19:30 CLIENT -> SERVER: .
2015-10-27 12:19:31 SERVER -> CLIENT: 250 2.0.0 OK 1445948365 v83sm5982905qkv.1 - gsmtp
2015-10-27 12:19:31 CLIENT -> SERVER: QUIT
2015-10-27 12:19:31 SERVER -> CLIENT: 221 2.0.0 closing connection v83sm5982905qkv.1 - gsmtp

So it seems that now it works, but somehow the recipient still doesn't get the mail, only the sender receives a delivery failure notification. Well, at least it works somehow.

I'm still looking forward for a solution to OAUTH2, if there is any.

[Synchro]

So what does the notification say? It should give a reason for the bounce. XOAUTH2 only has an effect on the initial submission, anything after that is nothing to do with the auth scheme (or PHPMailer come to that).

[PrincessOfSecret]

It says:
Delivery to the following recipient failed permanently:
username@gmail.com
Technical details of permanent failure:
Message rejected. See https://support.google.com/mail/answer/69585 for more information.

I think it's because of the e-mail got blacklisted or something like that. I have to check that and contact the owner. So it's no longer a PHPMailer issue, cause it does its job now.

However, I have one more question.

As you could see in my PHP in my first post, I have this at the end:

if (!$mail->send()) {
    echo $mail->ErrorInfo;
} else {
    echo "1";
}

If the mail sending is successful, then why do I see the ErrorInfo posted before? And why it echoes "1" also at the end? It should echo only "1" and go on, right?

[Synchro]

I can't see it echoing '1' at the end in any of your examples, only errors. ErrorInfo is not the same thing as debug output, if that's what you mean.

[PrincessOfSecret]

Yes, I see now, sorry. I forgot to turn off the debugger, that's why I didn't see what I had to. I got blind from this many debugging. :)

So, PHPMailer is working fine now without XOAUTH2 and with the simple username-pass verification. However, recipient still doesn't get the message, it returns to the sender, but it's not the script's fault.

We haven't found solution for the original XOAUTH2 issue, but the workaround works, so you can close this issue if you think. Thanks for the help and replies.

[Synchro]

It may be that you were running into one of the other factors listed on that support page - e.g. trying to auth too often, so you might find that XOAUTH2 works now!