Horde Gmail OAuth2 Authentication Failed

Question

Issue:

I am using Horde and googles OAuth2 to login to the users IMAP, when using the below parameters for the Horde_Imap_Client_Socket class.

"username" : "example@gmail.com"
"password" : "XOAUTH2"
"hostspec" : "imap.gmail.com"
"port" : 993
"secure" : "ssl"
"timeout" : 20
"context" :
    "ssl" :
    "verify_peer" : true
    "verify_peer_name" : true
"xoauth2_token" : "{INSERT GOOGLE ACCESS TOKEN HERE}"

I get this error back.

Authentication failed.

Adding "debug" => "php://output" gave the output below.

------------------------------ >> Fri, 19 Feb 2021 19:30:27 +0000 >> Connection to: imap://imap.gmail.com:993/ >> Server connection took 0.1738 seconds. 
S: * OK Gimap ready for requests from 24.231.213.106 t22mb47308959jai 
C: 1 CAPABILITY 
S: * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 XYZZY SASL-IR AUTH=XOAUTH2 AUTH=PLAIN AUTH=PLAIN-CLIENTTOKEN AUTH=OAUTHBEARER AUTH=XOAUTH 
S: 1 OK Thats all she wrote! t22mb47308959jai >> Command 1 took 0.0652 seconds. 
C: 2 AUTHENTICATE XOAUTH2 {REDACTED (TOKEN)} 
C: S: 2 NO [AUTHENTICATIONFAILED] Invalid credentials (Failure) >> Command 2 took 0.2507 seconds. 
C: 3 AUTHENTICATE PLAIN [INITIAL CLIENT RESPONSE (username: {REDACTED})] 
S: 3 NO [AUTHENTICATIONFAILED] Invalid credentials (Failure) >> Command 3 took 0.2358 seconds.

I assume I am doing something wrong in the code below as I am not that experienced with Horde.

Code:

$credentials = json_decode($provider['credentials'], true);
$params = [
    'username' => $user,
    'password' => "XOAUTH2",
    'hostspec' => $host,
    'port' => $port,
    'secure' => $ssl_mode,
    'timeout' => (int) $this->config->getSystemValue('app.mail.imap.timeout', 20),
    'context' => [
        'ssl' => [
            'verify_peer' => $this->config->getSystemValueBool('app.mail.verify-tls-peer', true),
            'verify_peer_name' => $this->config->getSystemValueBool('app.mail.verify-tls-peer', true),
        ],
    ],
    'xoauth2_token' => new \Horde_Imap_Client_Password_Xoauth2($user, $credentials['access_token'])->getPassword()
];
$this->client = new \Horde_Imap_Client_Socket($params);
try {
    $this->client->login();
} catch (Horde_Imap_Client_Exception $e) {
    throw new ServiceException(
        "Could not connect to IMAP host $host:$port: " . $e->getMessage(),
        (int) $e->getCode(),
        $e
    );
}

Are you actually refreshing the token? An xoatuh2 access token is only valid for an hour. You need to use the HTTP API to periodically exchange your Refresh Token for an access token (unless Horde is doing that for you?) — Max, Feb 19 '21 at 21:27
Yes I am refreshing it, I am also verifying it is still valid by getting the users profile. So the credentials are right but it just wont authenticate. — Andrew Gosselin, Feb 21 '21 at 07:57

score 1 · Accepted Answer · answered Feb 23 '21 at 05:56

1

This ended up being an issue with having the scopes on the actual authorization url, rather than just in the API Client settings on Google Cloud Console.

answered Feb 23 '21 at 05:56

Andrew Gosselin

153
1
16

Horde Gmail OAuth2 Authentication Failed

Issue:

Code:

1 Answers1