I cant add a gmail account #978
Comments
|
Note that I am using the docker version of cypht. |
|
Thanks @marclaporte I have now tried following the OAUTH2-over-IMAP. In my gmail account I created keys: GMAIL_CLIENT_ID=(redacted).apps.googleusercontent.com I set them in env vars and restarted cypht. I can tell its using the vars I set since I can see their values in the query params of the calls to accounts.google.com/signin/oauth But then I end up at a google error page that tells me:
Question 1: Question 2: |
|
The GMAIL_CLIENT_URI must be set to http://localhost/?page=home as class Hm_Handler_process_oauth2_authorization handle adding servers after google redirection You must also add http://localhost/?page=home in list of authorized redirect URLs in google developers. You can use multiple gmail accounts. |
Thanks! To the wiki that '?page=home' part should be added. Also it should be added that you need to 'publish' your oauth2 app in google to production. Setting the credentials is not enough.
How? Today I tried like this.
Once I approve it in google, I am sent back to the cypht login screen instead of the servers page. |
|
You can add several gmail accounts with only one oauth2 app ids
If your oauth2 app is not in production you can add test users who will have to it I also noticed that Cypht redirects to the login page instead of the execution handlers at /page=home. I will try to debug |
Ok, perhaps I dont know how oauth works. But lets say I log into my jono1@gmail.com account in google and create oauth2 keys. Would I be able to use the same keys for my jono2@gmail.com account? I would not need to create keys for jono2? How would that work? |
The keys you create are not tied to a specific account, they are used to connect your app to g-mail server. |
That it: jono1@gmail.com and jono2@gmail.com and many other gmail accounts will use the same keys. You just need to go to cypht ?/page=servers and add another gmail email. |
|
@jonocodes Merge request to solve redirection to /servers has been merged. Can you confirm it is working please ? |
|
Ok just checked out master and tried it. Once I logged into google, it brought me back to the cypht login form. This url: |
If you had a logged in session you should log out your Cypht user to clear browser cookies and log in again. To debug after logging in You can inspect browser and ensure that hm_session and hm_id cookies are set to Lax for SameSite option. Thanks. |
|
Ok that got it to work. Both hm_session and hm_id are set to strict when I log in.
|
|
But the issue of Lax vs Strict has been fixed here https://github.com/cypht-org/cypht/pull/1021/files. Just make sure you have the very latest code. |
Points 2 and 3 are fixed here #1036 |
Ah you are right. I thought I had synced the branch, but did not. My bad. |
Cool. I'll use point 3 once it gets released. Concerning the instructions I was referring to the wiki: https://github.com/cypht-org/cypht/wiki/OAUTH2-over-IMAP |
|
Made updates to https://github.com/cypht-org/cypht/wiki/OAUTH2-over-IMAP as well |
Great. One comment. But that's not the case. I got a single Auth token from Google. Then I was able to sign into multiple Gmail accounts with it. Also I don't think there is an hm3.ini file anymore. |
|
@jonocodes It is correct First you create an app, let suppose a gmail app which will allow other gmail users to add their accounts. Gmail gives you client_id and client_secret for this step Next step users add their gmail accounts, they authorize the app you created to use their data and set some permissions. For that purpose gmail generates a token whenever you authorize the app to use data. That token will be used to get data, post data and other actions to gmail. That it why I said "Each token corresponds to a specific user's permissions and account data." Let's say you have a gmail account abc@gmail.com
Gmail will generate 2 tokens the first with all permissions and the second with specific permissions you chose. Sorry for my english, hope I was clear. |
|
The confusing part here is how to add two Gmail accounts to cypht. You only need a single client ID and secret from Google. And it is not tied to you Gmail address. The tokens are just a way of talking to Google, right? The token just has to be from Google and does not have to come from your Google account for that email address. |
|
I am not sure if I am suppose to post a reply here or open a new issue. Please tell me if I'm wrong. I am also using the docker image from https://hub.docker.com/r/jonocodes/cypht. I followed the instructions above. I click "enable" in Cypht, Google asks me to select an account and warns me that the app is not verified. When I click "continue", I receive a "Something went wrong. Sorry, something went wrong there. Please try again." error (https://accounts.google.com/info/unknownerror). I don't know how to troubleshoot. The redirect URI is https://my.domain.tld/?page=home. It is added to the authorized redirect URLs in google developers. |
Did you 'publish' your oauth app? I had to do something like that to make it live in google before I could use it.
Ok, it sounds like you set up your keys as described here: Could you perhaps include a screenshot of the error? Sometimes there is more detail, like a 400 code or something. |
I tried both the error does not look the same the effect is the same.
The error does not show many details. This is with a testing (unpublished) app: When the app is published, the screen is different but when I show Advanced and click Go to mydomain, something is wrong again. |
|
@VVincentt can you confirm that this is only an issue with the docker image and does not happen when running cypht locally instead. |
I have not tried to run it locally. I run all my services with Docker. |
I believe that should be ok, considering I use http://localhost/?page=home in my setup. This sounds like the issue is on the google side, not the cypht side. So for now I am going to presume this is not docker related. In which case @josaphatim may be of more help. |
|
All these tests were done with Firefox, with a full suite of privacy extentions. I just tried with a naked Edge and I moved further. Google allows me to give some permissions. It then sends me back to Cypht where I need to login again but I receive an error |
|
I have tried many times and I managed to make it work with Edge. When going back from Google to Cypht, I need to refresh the page. With a second tab with Cypht open and logged in, it is easier. I can add my accounts in Edge, save and they appear in Firefox. I suppose all these extensions break some stuff sometimes. Many thanks for your help and your prompt replies. I remain at your disposal, should you want to troubleshoot what happened into more details. |
|
Refreshing the page was making it to working in all browsers. But I'm not sure if this fix https://github.com/cypht-org/cypht/pull/1021/files is included in @jonocodes Docker image |
Yes I believe it is in the docker image, since I can see 'Lax' set here. |
💬 Question
I have tried adding several of my gmail accounts. Whenever I do, I just get a popup saying "AUTHENTICATION FAILED".
I cant find any more detail. The run log in docker shows nothing and neither does the javascript console.
Could this be because I have multifactor auth enabled on the gmail accounts, or that I am running cypht on port 81 instead of using https?
The text was updated successfully, but these errors were encountered: