Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xoauth2 apparently stopped workin #2865

Closed
djmanueli opened this issue Jan 22, 2023 · 8 comments
Closed

xoauth2 apparently stopped workin #2865

djmanueli opened this issue Jan 22, 2023 · 8 comments

Comments

@djmanueli
Copy link

djmanueli commented Jan 22, 2023
edited by Synchro
Loading

hi everyone,
good news and bad news. last week finally i got the refresh token from google and phpmailer started working perfectly.
today for apparently no reason, it stopped. no mail can be sent.
that's the error reported in apache log:

PHP Fatal error:  Uncaught League\\OAuth2\\Client\\Provider\\Exception\\IdentityProviderException: invalid_grant in /var/www/html/mailer/vendor/league/oauth2-google/src/Provider/Google.php:118
Stack trace:
#0 /var/www/html/mailer/vendor/league/oauth2-client/src/Provider/AbstractProvider.php(628): League\\OAuth2\\Client\\Provider\\Google->checkResponse()
#1 /var/www/html/mailer/vendor/league/oauth2-client/src/Provider/AbstractProvider.php(537): League\\OAuth2\\Client\\Provider\\AbstractProvider->getParsedResponse()
#2 /var/www/html/mailer/vendor/phpmailer/phpmailer/src/OAuth.php(115): League\\OAuth2\\Client\\Provider\\AbstractProvider->getAccessToken()
#3 /var/www/html/mailer/vendor/phpmailer/phpmailer/src/OAuth.php(128): PHPMailer\\PHPMailer\\OAuth->getToken()
#4 /var/www/html/mailer/vendor/phpmailer/phpmailer/src/SMTP.php(598): PHPMailer\\PHPMailer\\OAuth->getOauth64()
#5 /var/www/html/mailer/vendor/phpmailer/phpmailer/src/PHPMailer.php(2209): PHPMailer\\PHPMailer\\SMTP->authenticate()
#6 /var/www/html/mailer/vendor/phpmailer/phpmailer/src/PHPMaile in /var/www/html/mailer/vendor/league/oauth2-google/src/Provider/Google.php on line 118

and that's the debug:

2023-01-22 20:38:01 SERVER -> CLIENT: 220 smtp.gmail.com ESMTP v10-20020a170906292a00b00782fbb7f5f7sm21215734ejd.113 - gsmtp
2023-01-22 20:38:01 CLIENT -> SERVER: EHLO 192.168.1.29
2023-01-22 20:38:01 SERVER -> CLIENT: 250-smtp.gmail.com at your service, [x.x.x.x.x]250-SIZE 35882577250-8BITMIME250-STARTTLS250-ENHANCEDSTATUSCODES250-PIPELINING250-CHUNKING250 SMTPUTF8
2023-01-22 20:38:01 CLIENT -> SERVER: STARTTLS
2023-01-22 20:38:01 SERVER -> CLIENT: 220 2.0.0 Ready to start TLS
2023-01-22 20:38:01 CLIENT -> SERVER: EHLO 192.168.1.29
2023-01-22 20:38:01 SERVER -> CLIENT: 250-smtp.gmail.com at your service, [x.x.x.x]250-SIZE 35882577250-8BITMIME250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH250-ENHANCEDSTATUSCODES250-PIPELINING250-CHUNKING250 SMTPUTF8
2023-01-22 20:38:01 CLIENT -> SERVER: QUIT
2023-01-22 20:38:01 SERVER -> CLIENT: 221 2.0.0 closing connection v10-20020a170906292a00b00782fbb7f5f7sm21215734ejd.113 - gsmtp

i changed nothing about the core script that worked until today, i cannot see the reason of the crash.
can anybody please help me?
@Synchro
Copy link
Member

Synchro commented Jan 23, 2023

Have you tried replacing the token?

@misterbobr
Copy link

I was having the same problem. It's been resolved after changing credentials to new ones.
Also, I had troubles with getting a new refresh token, because guzzle http client wasn't able to verify ssl certificate. This check can be ignored by setting client's 'verify' parameter to false: go to 'guzzlehttp/guzzle/src/Client.php', search 'verify' (it should be just under 'configureDefaults' function) and change its value from true to false, save the file.
P. S. After you've done, it's probably better to switch back to true.

@Synchro
Copy link
Member

Synchro commented Jan 24, 2023

I'd recommend not disabling verification as it undermines much of the point of using certificates at all. Instead, look into why verification is failing and try to fix the cause rather than the symptom.

@infinityhost
Copy link

Problem with Azure, when using microsoft api works , when using phpmailer
CLIENT -> SERVER: AUTH XOAUTH2 dXNlcj1pbmZpbml0eWhvc3RAaW50ZXJpYS5wbAFhdXRoPUJlYXJlciBFd0JJQStsM0JBQVVzaG5sS1VhY3lRZFFLT3FjVUdSMDBlR0xkbndBQVlMUTRMVnhNTVdPbVU0YUhicytNNlljSVRYU3JtR2ZOditsUXZPdWM5T2ZtVlRFWUcrd1pJa0p1b2wvcW9oV0txRTIxTG5SRzhCL3hwbGR5OHdhOEFqS1dDZmtZVmFRK1h4dDJjNFU5Q2FVb1ljTTA3MUI1TDVYY3FpRHBDYUtNYVNVSWJnYTZhS3JNcHppRDlpa25DaFp5S3dlQURMNEJNREdST2l6dHgzMGpjZVhGcGdUMlh6a3JSYkJKeVlGYVA0c0oxb1NqZnlQTHVrTXFHOHZhT0cxV1J2djhQMlNyVTlKSndkWmFOSzRxTkxtWXpVdFFLeit2NDVRcjNsbkpDYUhKRzQ0N1V1U1pYeFNRQzM2TWtZRERmUnM4cFd2UEdwMFF6MW8wcnFKdlMwQ3FxUWpCdkhMQkxyOCtrbTg4SEdvQmRDQ1o0enphWHhGZS9TdUNEQURaZ0FBQ0FEN1lzNUl1QTdNR0FJZEZQQThFVlRtRENReGx0bVIwOGk2clRxWC9Bc0JidnlFQUVPOStQQ05yR2E0YlJPSVF3M2Ftc1NYOFBpbkJrT2s1SEM1V1ozb0FOUjRPaDJJVkZiU0VCMklFOWlZb0J3c2EzdUgzZWEyQVVqMy9BclJsSWFlTGt1MVJjVUxKTDlnU0h2Zk9CeUg2SHcrYi96Z0NzaGpIRWlRRzNySVBuT1JOelQ0REtUWlR3R2NlYVVaNGQyOHVIc05Db05yMVl0VzBJTnFITjNuaTZWSllpVUY3TnZTd2V2dE9JQ1o1WFhEYytlMm9WQWhqbDJGYW5mN1JQaTJnR1U0OWE5WkRlb0YyTzZQL3FWWEZ4WEN0SDZVVDBwMTNLQ2l3bHRsemozdmlxQm8xYVlsbnZOcDBHVzh4M1hLRE40TnBTWUxCTDFOak84UHM3MjB2MFVKNW5reFBNVnl4OVRmMGlXKzQrN29zeGN1K1pXWDJrQm45WmpBVHdTK0IzSXp2ZTVMNEFjUmJMOTBxM045UzBRdURyQUkzL0w0MkhZWGQxRWRHZ08zaFFGTEpjMTFkNTdnQ0F4TFZTdmxpbERyOUVxQnh4WFh0aTVubnpQc2JVK1JoUzBwaUE2ODRRWDc3VmZKMk1XNE1KV1BDTWxQRVhoSUt0Q1hYSzV1bjkvZ2lLR3lpR1ZESzByZHlueEhia01kQm5SRmhHZVJnckhxQ010N2F4MFducXVlZlpQcytNY3RaelRzMG1QcGpONGsvNFhpZzVGcHlnKzlXVzZOWmUzekhYRElRRUtaZkQ4SmUrNlBHN2VnZ1VCRFRaWTAxRWpqOE16NHhrSFg1azBXR3d0aDJ4QjNNUWkrU21mSUQyem9JclNLdkUzcGw4d1ptaThtTXR2S05mMzdZLzFlcHF6ZmwvZjVIdC83MC9TeUpJaXlFczYyMktlZFl4RmxRMDRDAQE=
2023-08-16 04:07:26 SERVER -> CLIENT: 535 5.7.3 Authentication unsuccessful [BE1P281CA0266.DEUP281.PROD.OUTLOOK.COM 2023-08-16T04:05:16.141Z 08DB9DB935238DA2]

@decomplexity
Copy link
Contributor

Apart from the "user= auth=bearer" prefix and having a verifiable signature, the token looks corrupt: for example the '.' (full-stop) dividers that should separate the header, payload and signature are (apparently) not present.

@infinityhost
Copy link

infinityhost commented Aug 16, 2023
edited
Loading

You mean JWT. Yes, tried to create it (well me and AI) with firebase and had beautiful something like this eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

but didn't work also.

now I can tell, that access token (not JWT format, just plain text) and curl can do the job perfectly.

@decomplexity
Copy link
Contributor

Sorry, but don't fully understand your reply.
Your 'me + AI + firebase' token is a valid token but won't authenticate because apart from sub, name and iat it has none of the usual claims needed, such as aud (the target) and scope. There are over 100 possible claims

@infinityhost
Copy link

"Apart from the "user= auth=bearer" prefix and having a verifiable signature, the token looks corrupt: for example the '.' (full-stop) dividers that should separate the header, payload and signature are (apparently) not present."

  • when You can't see it , it doesn't mean that it doesn't exists, because it works (my first post - just realized an hour ago).

What You see
-- "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
has dots " '.' (full-stop)" but doesn't work.

@Synchro Synchro closed this as completed Apr 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Synchro @misterbobr @decomplexity @infinityhost @djmanueli