Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug - Default Google Mail OAuth2 template contains an error #340

Closed
apathyzen opened this issue Feb 22, 2023 · 6 comments
Closed

Bug - Default Google Mail OAuth2 template contains an error #340

apathyzen opened this issue Feb 22, 2023 · 6 comments
Assignees
@rkaldung
Labels
4 - wontfix This will not be worked on.

Comments

@apathyzen
Copy link

apathyzen commented Feb 22, 2023
edited

Environment

  • OS: Any
  • Browser: Any
  • Znuny version: 6.4.4

Expected behaviour

To add Gmail OAuth2 client ID and secret, then to authorize through Google's consent screen, then have no token expiration or/and refresh errors

Actual behaviour

Described here:
https://community.znuny.org/viewtopic.php?f=62&t=43505

How to reproduce

Steps to reproduce the behavior:

  1. Go to otrs/index.pl?Action=AdminOAuth2TokenManagement
  2. Click on Add OAuth2 token configuration field
  3. Select Google Mail
  4. Save token configuration
  5. Use Request new token button, authorize Znuny via Goolge Account consent screen, and see No refresh token was requested yet due to incorrect refresh token URL configuration

Additional information

URL for token by refresh token provided by the template is: https://oauth2.googleapis.com/token
URL for token by refresh token should be: https://accounts.google.com/o/oauth2/token

Screenshots
@rkaldung rkaldung self-assigned this Feb 22, 2023
@rkaldung rkaldung added the 4 - clarification The issue or pull requests needs more information. label Feb 22, 2023
@rkaldung
Copy link
Contributor

@apathyzen From where do you get the refresh token URL? I checked the Google documentation and it is still the one provided from the template. See https://developers.google.com/identity/protocols/oauth2/web-server#exchange-authorization-code (switch to HTTP/REST to see the URL)

@apathyzen
Copy link
Author

apathyzen commented Feb 23, 2023
edited

@rkaldung
I've found https://accounts.google.com/o/oauth2/token in this article:
https://csdcorp.com/blog/coding/oauth2-get-a-token-via-rest-google-sign-in/
image
image
We've found that it's valid by trial and error. :) Works with two test app credential entries in two different Google Cloud accounts.
And there were some more broken OAuth2 entries in Znuny that we already deleted.

@rkaldung
Copy link
Contributor

@apathyzen I set up a vanilla 6.4.5 test system with an OAuth2 configuration to fetch from a Google Workspace/GSuit account, using the template's URLs. Does it always require a week before failure, or does it sometimes happens earlier?

@apathyzen
Copy link
Author

@rkaldung I didn't time how long exactly does it take to break. "A week" is more of a guess.
What's your current Refresh token status?
Does Refresh token for token config has expired or is not present show in otrs.log?

@rkaldung
Copy link
Contributor

That's my (access) token status:
image
The refresh token is still valid and without an expiration date, not changed tha last 28 hrs.

@rkaldung rkaldung added 4 - wontfix This will not be worked on. and removed 4 - clarification The issue or pull requests needs more information. labels Feb 28, 2023
@rkaldung
Copy link
Contributor

@apathyzen I will close this issue and mark it with 'won't fix'. There are two reasons for this:

1.) The Google documentation clearly states that the URLs in our template are correct.
2.) I configured freshly installed Znuny 6.4.5 with the data of a newly created GMail App. Over 680 emails were fetched during the last five days with different schedules, including one where the access token expired. Renew of the token was done automatically, as expected.

We used a GSuite domain and mail account. If your setup differs, please let me know.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rkaldung rkaldung

Labels
4 - wontfix This will not be worked on.
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rkaldung @apathyzen