Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

IMAP "Invalid Credentials" via GMail XOAUTH

I'm trying to get into the IMAP server with OAuth, using the PHP Sample Code provided by Google which uses the Zend Imap class but I am failing to authenticate. Zend is giving me the error:

Zend_Mail_Storage_Exception [ Error ]: cannot select INBOX, is this a valid transport?

Annoyingly this is a rather confusing error message, for what is essentially "Invalid Credentials". How did I know that? By debugging the actual commands being send to the IMAP socket I see this:

string(44) "NO Invalid credentials ey9if1544983wid.142
"

I have tried with telnet and a Ruby gmail_xoauth gem which suggests it is not a code issue, but something else.

Looking at the most basic level of all this, I am getting commands like this:

TAG1 AUTHENTICATE XOAUTH R0VUIGh0dHBzOi8vbWFpbC5nb29nbGUuY29tL21h......etc

This is where I get NO Invalid credentials then:

TAG2 SELECT "INBOX"

This returns BAD Unknown command and kicks me out.

I have tried searching around for people having the same problem but I find only questions and no answers. There are a few similar StackOverflow questions:

One post shows somebody having the exact same problem in Python.

This post shows somebody trying to be awkward and do it with OAuth 2, with no report of success.

There is a thread on the GMail Google Group that suggests an "Invalid Credentials" error can be resolved by going to https://accounts.google.com/DisplayUnlockCaptcha for GMail accounts and https://www.google.com/a/[YOURDOMAIN.COM]/UnlockCaptcha if you are using Google Apps, but the latter just said that my username and password were wrong when they clearly were not. Using this https://accounts.google.com/DisplayUnlockCaptcha worked fine - even though my account is a hosted App, not plain old GMail - however I still get the same errors when trying to log back in with the PHP sample code provided by Google.

I've tried with various hosted Google App accounts and a plain GMail account. I've tried switching the IMAP server from imap.gmail.com to imap.googlemail.com, nothing makes any difference.

      /**
       * Make the IMAP connection and send the auth request
       */
      $imap = new Zend_Mail_Protocol_Imap('imap.googlemail.com', '993', true);
      $authenticateParams = array('XOAUTH', $initClientRequestEncoded);
      $imap->requestAndResponse('AUTHENTICATE', $authenticateParams);

      /**
       * Print the INBOX message count and the subject of all messages
       * in the INBOX
       */
      $storage = new Zend_Mail_Storage_Imap($imap);

      echo '<h1>Total messages: ' . $storage->countMessages() . "</h1>\n";

For those with an interest, this is the specific PHP code that sets up the connection, all XOauth is handled by Google's PHP in the same file but I skipped it.

like image 773
Phil Sturgeon Avatar asked Nov 11 '11 11:11

Phil Sturgeon


3 Answers

I had this exact same error, and eventually realised I was using the wrong scope when requesting the OAuth permissions.

You need to have...

  • scope=https://mail.google.com/
  • access_type=offline

And also IMAP enabled in your Gmail account obviously. All seems good now.

like image 104
rodnaph Avatar answered Nov 10 '22 07:11

rodnaph


One problem you may have is that the third parameter of Zend_Mail_Protocol_Imap('imap.googlemail.com', '993', true); should not be true. It should be a string, as either "SSL" or "TLS". I believe you want "SSL" if going over port 993. It's only a boolean when it is FALSE.

Try replacing that first line with this:

$imap = new Zend_Mail_Protocol_Imap('imap.googlemail.com', '993', 'SSL');
like image 44
Joel Kallman Avatar answered Nov 10 '22 09:11

Joel Kallman


When i had this same error message, it was because

$options['consumerSecret'] = $THREE_LEGGED_CONSUMER_SECRET_HMAC;

I was doing that in a function and variable $THREE_LEGGED... wasn't in the scope. Pretty stupid and i'm sure that you'd have spotted that but just in case somebody new is reading that.

like image 1
Jasmo Avatar answered Nov 10 '22 07:11

Jasmo