Changed Password in google account leads to XOAUTH Error

Infos:

  • Used Zammad version: 3.4
  • Used Zammad installation source: (source, package, …) source
  • Operating system: Debian 10
  • Browser + version:

Expected behavior:

If the password of the Google account is changed, I can generate a new token in Zammad.

Actual behavior:

If the password of the Google Account is changed and I want to go to “Channels - Google” in the settings, I get the following error message:

StatusCode: 500

{“error”: “Failed to refresh XOAUTH2 access_token of provider ‘google’! #\u003cRuntimeError: Request failed! ERROR: invalid_grant (Token has been expired or revoked.)\u003e”}

This is a modal dialog, I can’t do anything in zammad after getting this message.

Steps to reproduce the behavior:

  • Have google as a channel and change the password of the google account.

The current status is that agents can answer tickets even though their answers are not sent by mail. In the database in the table “channels” in the entry for the google connection I see the field “status_in” on “error”, that is correct. But the field “status_out” is set to “ok”.

I deleted the entry for google in the database (table “channels”) and recreated the google account in zammad. Now it looks like its working, but actually it doesn’t fetches new emails. I restarted zammad, restarted the whole server, but still mails doesn’t get fetched and I have no error message or anything that tells me what’s wrong.

OK. I get mails now. I had to go to Settings -> Monitoring and at “Current Status” click on “recheck” or something. Apparently the mail fetch job didn’t fetch any more mails because it failed 10 times before I set up the google account in zammad.

Just a small follow up on this topic.
As you’re using mail.google.com permission scope and Google considers this scope as very sensitive, Google will remove all authorised apps upon password changes. You can’t overcome this.

Currently re-adding the account is the only option is to remove and add back that affected account.
We have a very small mention on that here: https://admin-docs.zammad.org/en/latest/channels/google/accounts/register-app.html#troubleshooting This might not be the best place though.

We do have a internal enhancement on our map that will allow re-authorization later on.
That being said, the big question is when. =X