Google requiring re-authentication every week

Stubenhocker · March 13, 2021, 9:17pm

Infos:

Used Zammad version: 3.6.0-1613047982.332fdca8.focal
Used Zammad installation source: package
Operating system: ubuntu 20.04.2 LTS
Browser + version: Google Chrome Version 89.0.4389.90 (Official Build) (64-bit)

Expected behavior:

Authenticating for Google Channel does not require re-authenticating every week

Actual behavior:

Authenticating for Google Channel requires re-authenticating every week

Steps to reproduce the behavior:

Authenticate with Google
Wait a week
Check Google channel to see it failing authentification

Error received via monitoring:

“Channel: Google::Account in Can’t use Channel::Driver::Imap: #<Net::IMAP::NoResponseError: Invalid credentials (Failure)>”, “Channel: Google::Account out Can’t use Channel::Driver::Smtp: #<Net::SMTPAuthenticationError: 535-5.7.8 Username and Password not accepted. Learn more at\n>”, “Failed to run background job #1 ‘TicketArticleCommunicateEmailJob’ 1 time(s) with 2 attempt(s).”

Is this expected behaviour or is there something we can do to prevent it requiring manual intervention every week?

thorsteneckel · March 15, 2021, 8:29am

Hi @Stubenhocker - this is very odd. We run the Google Channel integration tests for weeks on our CI now without any issues. However, this sounds very similar to an issue we had with the Microsoft365 Channel just a few weeks ago: Fixes #3411 - Microsoft 365: The refresh token has expired due to ina… · zammad/zammad@a86b288 · GitHub

What confuses me a bit it the error message that states that “Username and Password not accepted”. Zammad does not use Username and Password but XOAUTH2 authentication for some time now…

@MrGeneration do you know about similar experiences regarding the Google Channel?

MrGeneration · March 15, 2021, 8:32am

If I would have to guess I’d say someones changing account passwords regulary.
I’m not aware of this kind of behavior out of the box.

Might also be a test app which is technically not the way to do it in our terms.
Can’t tell with the provided information.

Stubenhocker · March 16, 2021, 12:12am

I am quite certain that noone is changing our password this regularly.

We set up our Google oauth app as per the instructions at
https://admin-docs.zammad.org/en/latest/channels/google/accounts/register-app.html

Looking at the Google console, we are indeed using the app in Testing. The instructions didn’t say that it needs to be published, and we didn’t find any other obvious downsides to it, since this is an internal use case anyway.

system · July 14, 2021, 12:12am

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.