mirror of
https://github.com/cypht-org/cypht.git
synced 2026-04-25 21:15:56 +03:00
[GH-ISSUE #978] I cant add a gmail account #525
Labels
No labels
2fa
I18N
PGP
Security
Security
account
advanced_search
advanced_search
announcement
api_login
authentication
awaiting feedback
blocker
bug
bug
bug
calendar
config
contacts
core
core
devops
docker
docs
duplicate
dynamic_login
enhancement
epic
feature
feeds
framework
github
github
gmail_contacts
good first issue
help wanted
history
history
imap
imap_folders
inline_message
installation
keyboard_shortcuts
keyboard_shortcuts
ldap_contacts
mobile
need-ssh-access
new module set
nux
pop3
profiles
pull-request
question
refactor
release
research
saved_searches
smtp
strategic
tags
tests
themes
website
wordpress
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/cypht#525
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @jonocodes on GitHub (Apr 26, 2024).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/978
Originally assigned to: @christer77, @Bienvenumoringa on GitHub.
💬 Question
I have tried adding several of my gmail accounts. Whenever I do, I just get a popup saying "AUTHENTICATION FAILED".
I cant find any more detail. The run log in docker shows nothing and neither does the javascript console.
Could this be because I have multifactor auth enabled on the gmail accounts, or that I am running cypht on port 81 instead of using https?
@jonocodes commented on GitHub (Apr 30, 2024):
Note that I am using the docker version of cypht.
@marclaporte commented on GitHub (May 1, 2024):
Perhaps helpful?
@jonocodes commented on GitHub (May 8, 2024):
Thanks @marclaporte
I have now tried following the OAUTH2-over-IMAP. In my gmail account I created keys:
GMAIL_CLIENT_ID=(redacted).apps.googleusercontent.com
GMAIL_CLIENT_SECRET=(redacted)
GMAIL_CLIENT_URI=http://localhost/
I set them in env vars and restarted cypht. I can tell its using the vars I set since I can see their values in the query params of the calls to accounts.google.com/signin/oauth
But then I end up at a google error page that tells me:
Question 1:
Does anyone have gmail succfully working?
Question 2:
Does cypht support only a single gmail account, or is there a way to use multiple gmail accounts?
@josaphatim commented on GitHub (May 9, 2024):
@jonocodes
The GMAIL_CLIENT_URI must be set to http://localhost/?page=home as class Hm_Handler_process_oauth2_authorization handle adding servers after google redirection
You must also add http://localhost/?page=home in list of authorized redirect URLs in google developers.
Thanks.
You can use multiple gmail accounts.
@jonocodes commented on GitHub (May 9, 2024):
Thanks!
With a bit of trickery that allowed me to log into one account.
To the wiki that '?page=home' part should be added. Also it should be added that you need to 'publish' your oauth2 app in google to production. Setting the credentials is not enough.
How? Today I tried like this.
Once I approve it in google, I am sent back to the cypht login screen instead of the servers page.
@josaphatim commented on GitHub (May 9, 2024):
You can add several gmail accounts with only one oauth2 app ids
Just return back here and use a different email.
If your oauth2 app is not in production you can add test users who will have to it
I also noticed that Cypht redirects to the login page instead of the execution handlers at /page=home. I will try to debug
@jonocodes commented on GitHub (May 9, 2024):
Ok, perhaps I dont know how oauth works.
But lets say I log into my jono1@gmail.com account in google and create oauth2 keys. Would I be able to use the same keys for my jono2@gmail.com account? I would not need to create keys for jono2? How would that work?
@christer77 commented on GitHub (May 9, 2024):
The keys you create are not tied to a specific account, they are used to connect your app to g-mail server.
@josaphatim commented on GitHub (May 9, 2024):
That it: jono1@gmail.com and jono2@gmail.com and many other gmail accounts will use the same keys. You just need to go to cypht ?/page=servers and add another gmail email.
@josaphatim commented on GitHub (May 15, 2024):
@jonocodes Merge request to solve redirection to /servers has been merged. Can you confirm it is working please ?
@jonocodes commented on GitHub (May 15, 2024):
Ok just checked out master and tried it.
My env vars are set
GMAIL_CLIENT_URI=http://localhost:8000/?page=home
Once I logged into google, it brought me back to the cypht login form. This url:
http://localhost:8000/?page=home&state=nux_authorization&code=xxxxxx&scope=https://mail.google.com/%20https://www.googleapis.com/auth/contacts
@josaphatim commented on GitHub (May 16, 2024):
If you had a logged in session you should log out your Cypht user to clear browser cookies and log in again. To debug after logging in You can inspect browser and ensure that hm_session and hm_id cookies are set to Lax for SameSite option. Thanks.
@jonocodes commented on GitHub (May 17, 2024):
Ok that got it to work. Both hm_session and hm_id are set to strict when I log in.
So I manually set them to LAX and it worked. So lets check what should happen going forward:
because it seems the page=home part is important?
@josaphatim commented on GitHub (May 18, 2024):
But the issue of Lax vs Strict has been fixed here https://github.com/cypht-org/cypht/pull/1021/files. Just make sure you have the very latest code.
@josaphatim commented on GitHub (May 18, 2024):
Points 2 and 3 are fixed here https://github.com/cypht-org/cypht/pull/1036
@jonocodes commented on GitHub (May 18, 2024):
Ah you are right. I thought I had synced the branch, but did not. My bad.
@jonocodes commented on GitHub (May 18, 2024):
Cool. I'll use point 3 once it gets released.
Concerning the instructions I was referring to the wiki: https://github.com/cypht-org/cypht/wiki/OAUTH2-over-IMAP
because that is where I was directed to get instructions for gmail setup.
@josaphatim commented on GitHub (May 18, 2024):
Made updates to https://github.com/cypht-org/cypht/wiki/OAUTH2-over-IMAP as well
@jonocodes commented on GitHub (May 18, 2024):
Great. One comment.
It says "Each token corresponds to a specific user's permissions and account data."
But that's not the case. I got a single Auth token from Google. Then I was able to sign into multiple Gmail accounts with it.
Also I don't think there is an hm3.ini file anymore.
@josaphatim commented on GitHub (May 18, 2024):
@jonocodes It is correct
There are 2 distinct things:
First you create an app, let suppose a gmail app which will allow other gmail users to add their accounts. Gmail gives you client_id and client_secret for this step
Next step users add their gmail accounts, they authorize the app you created to use their data and set some permissions. For that purpose gmail generates a token whenever you authorize the app to use data. That token will be used to get data, post data and other actions to gmail.
That it why I said "Each token corresponds to a specific user's permissions and account data."
Let's say you have a gmail account abc@gmail.com
Gmail will generate 2 tokens the first with all permissions and the second with specific permissions you chose.
Sorry for my english, hope I was clear.
@jonocodes commented on GitHub (May 18, 2024):
The confusing part here is how to add two Gmail accounts to cypht. You only need a single client ID and secret from Google. And it is not tied to you Gmail address. The tokens are just a way of talking to Google, right? The token just has to be from Google and does not have to come from your Google account for that email address.
@VVincentt commented on GitHub (May 23, 2024):
I am not sure if I am suppose to post a reply here or open a new issue. Please tell me if I'm wrong.
I am also using the docker image from https://hub.docker.com/r/jonocodes/cypht. I followed the instructions above. I click "enable" in Cypht, Google asks me to select an account and warns me that the app is not verified. When I click "continue", I receive a "Something went wrong. Sorry, something went wrong there. Please try again." error (https://accounts.google.com/info/unknownerror).
I don't know how to troubleshoot. The redirect URI is https://my.domain.tld/?page=home. It is added to the authorized redirect URLs in google developers.
@jonocodes commented on GitHub (May 23, 2024):
Did you 'publish' your oauth app? I had to do something like that to make it live in google before I could use it.
Ok, it sounds like you set up your keys as described here:
https://github.com/cypht-org/cypht/wiki/OAUTH2-over-IMAP
Could you perhaps include a screenshot of the error? Sometimes there is more detail, like a 400 code or something.
@VVincentt commented on GitHub (May 23, 2024):
I tried both the error does not look the same the effect is the same.
The error does not show many details. This is with a testing (unpublished) app:
When the app is published, the screen is different but when I show Advanced and click Go to mydomain, something is wrong again.
@jonocodes commented on GitHub (May 23, 2024):
@VVincentt can you confirm that this is only an issue with the docker image and does not happen when running cypht locally instead.
@VVincentt commented on GitHub (May 23, 2024):
I have not tried to run it locally. I run all my services with Docker.
I may be worth mentionning that the address my.domain.tld is resolved by a local DNS server in my network. This address is not accessible from the internet.
@jonocodes commented on GitHub (May 23, 2024):
I believe that should be ok, considering I use http://localhost/?page=home in my setup.
This sounds like the issue is on the google side, not the cypht side. So for now I am going to presume this is not docker related. In which case @josaphatim may be of more help.
@VVincentt commented on GitHub (May 23, 2024):
All these tests were done with Firefox, with a full suite of privacy extentions. I just tried with a naked Edge and I moved further. Google allows me to give some permissions. It then sends me back to Cypht where I need to login again but I receive an error
502 Bad Gatewayfrom nginx at the address https://my.domain.tld/?page=home&state=nux_authorization&code=4/0AdLIrYdTGNb1AbpIRWS2xSJ8aP6-8wTKREN0_swudJGRzNut3e_5GIyGW4Qx7r-QEcE-ig&scope=https://mail.google.com/%20https://www.googleapis.com/auth/contacts@VVincentt commented on GitHub (May 23, 2024):
I have tried many times and I managed to make it work with Edge. When going back from Google to Cypht, I need to refresh the page. With a second tab with Cypht open and logged in, it is easier. I can add my accounts in Edge, save and they appear in Firefox. I suppose all these extensions break some stuff sometimes.
Many thanks for your help and your prompt replies. I remain at your disposal, should you want to troubleshoot what happened into more details.
@josaphatim commented on GitHub (May 23, 2024):
Refreshing the page was making it to working in all browsers. But I'm not sure if this fix https://github.com/cypht-org/cypht/pull/1021/files is included in @jonocodes Docker image
@jonocodes commented on GitHub (May 23, 2024):
Yes I believe it is in the docker image, since I can see 'Lax' set here.
github.com/jonocodes/cypht@53f855dd88/lib/ini_set.php (L27)