Google requiring re-authentication every week


  • Used Zammad version: 3.6.0-1613047982.332fdca8.focal
  • Used Zammad installation source: package
  • Operating system: ubuntu 20.04.2 LTS
  • Browser + version: Google Chrome Version 89.0.4389.90 (Official Build) (64-bit)

Expected behavior:

  • Authenticating for Google Channel does not require re-authenticating every week

Actual behavior:

  • Authenticating for Google Channel requires re-authenticating every week

Steps to reproduce the behavior:

  • Authenticate with Google
  • Wait a week
  • Check Google channel to see it failing authentification

Error received via monitoring:

“Channel: Google::Account in Can’t use Channel::Driver::Imap: #<Net::IMAP::NoResponseError: Invalid credentials (Failure)>”, “Channel: Google::Account out Can’t use Channel::Driver::Smtp: #<Net::SMTPAuthenticationError: 535-5.7.8 Username and Password not accepted. Learn more at\n>”, “Failed to run background job #1 ‘TicketArticleCommunicateEmailJob’ 1 time(s) with 2 attempt(s).”

Is this expected behaviour or is there something we can do to prevent it requiring manual intervention every week?

Hi @Stubenhocker - this is very odd. We run the Google Channel integration tests for weeks on our CI now without any issues. However, this sounds very similar to an issue we had with the Microsoft365 Channel just a few weeks ago: Fixes #3411 - Microsoft 365: The refresh token has expired due to ina… · zammad/zammad@a86b288 · GitHub

What confuses me a bit it the error message that states that “Username and Password not accepted”. Zammad does not use Username and Password but XOAUTH2 authentication for some time now…

@MrGeneration do you know about similar experiences regarding the Google Channel?

If I would have to guess I’d say someones changing account passwords regulary.
I’m not aware of this kind of behavior out of the box.

Might also be a test app which is technically not the way to do it in our terms.
Can’t tell with the provided information.

I am quite certain that noone is changing our password this regularly. :smile:

We set up our Google oauth app as per the instructions at

Looking at the Google console, we are indeed using the app in Testing. The instructions didn’t say that it needs to be published, and we didn’t find any other obvious downsides to it, since this is an internal use case anyway.

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.