Gmail IMAP 身份验证失败,但不是 POP3
[英]Gmail authentication failure for IMAP but not POP3
问题描述
I've gone through the process of creating an OAuth2 access token for a test application on my Google account (not using GSuite) and whenever I try to use it to authenticate using XOAUTH2 with imap.google.com, it fails and returns {"status":"400","schemes":"Bearer","scope":"https://mail.google.com/"} followed by the IMAP status response NO [AUTHENTICATIONFAILED] Invalid credentials (Failure)
我已经完成了为我的 Google 帐户(不使用 GSuite)上的测试应用程序创建 OAuth2 访问令牌的过程,每当我尝试使用它通过 imap.google.com 使用 XOAUTH2 进行身份验证时,它都会失败并返回 {" status":"400","schemes":"Bearer","scope":"https://mail.google.com/"} 后跟 IMAP 状态响应 NO [AUTHENTICATIONFAILED] 凭据无效(失败)
I've seen some other similar issues raised, and it turns out the problem was because they didn't use the scope https://mail.google.com/ when requesting the token.我已经看到其他一些类似的问题,事实证明问题是因为他们在请求令牌时没有使用 scope https://mail.google.com/ 。 However, I did use that scope and the token validates;但是,我确实使用了 scope 并且令牌验证了; using https://www.googleapis.com/oauth2/v1/tokeninfo it returns:使用https://www.googleapis.com/oauth2/v1/tokeninfo它返回:
{
"issued_to": "xxxxx.apps.googleusercontent.com",
"audience": "xxxxx.apps.googleusercontent.com",
"scope": "https://mail.google.com/",
"expires_in": 2083,
"access_type": "offline"
}
The thing is, the same token works just fine with authenticating using Google's POP3 server, connecting to pop.gmail.com.问题是,相同的令牌在使用 Google 的 POP3 服务器进行身份验证时工作得很好,连接到 pop.gmail.com。 It seems to be an issue specific to IMAP, and I checked, both POP3 and IMAP access are enabled for the Gmail account I'm testing with.这似乎是 IMAP 特有的问题,我检查过,我正在测试的 Gmail 帐户都启用了 POP3 和 IMAP 访问。
In addition, the same IMAP code which performs the XOAUTH2 authentication works just fine with Outlook and their access token.此外,执行 XOAUTH2 身份验证的相同 IMAP 代码与 Outlook 及其访问令牌一起工作得很好。 So I'm at a loss as to why Google is rejecting a valid token when I'm using the broadest scope available.因此,当我使用可用的最广泛的 scope 时,我不知道为什么 Google 会拒绝有效的令牌。
Any suggestions or insights would be welcome.欢迎任何建议或见解。
1 个解决方案
解决方案1
1 2020-08-14 18:15:21
After doing some more testing, I was able to get this to work.在做了更多的测试之后,我能够让它工作。 The solution won't likely be helpful for anyone who isn't rolling their own OAuth2 code, but here was the problem.该解决方案可能对不使用自己的 OAuth2 代码的任何人都没有帮助,但这就是问题所在。 I was encoding the AUTHENTICATE request like this (where ^A is the SOH control character):我正在像这样对 AUTHENTICATE 请求进行编码(其中 ^A 是 SOH 控制字符):
^Auser=username@gmail.com^Aauth=bearer ya29.a0AfH6SMA8fcO_RkV3sH73f.....^A^A
Google's POP3 server was completely fine with this, and so was Outlook's mail servers. Google 的 POP3 服务器对此完全没有问题,Outlook 的邮件服务器也是如此。 However, Google's IMAP server apparently had a real issue with "bearer" not being capitalized.但是,Google 的 IMAP 服务器显然存在“不记名”未大写的真正问题。 After reviewing RFC 7628, and despite this explicitly in the standard:在查看 RFC 7628 之后,尽管在标准中明确指出:
Note to implementers: The SASL OAuth method names are case insensitive.实现者注意:SASL OAuth 方法名称不区分大小写。 One example uses "Bearer" but that could as easily be "bearer", "BEARER", or "BeArEr".一个示例使用“Bearer”,但也可以很容易地使用“bearer”、“BEARER”或“BeArEr”。
Changing the request to use "auth=Bearer" instead of "auth=bearer" allowed the client to authenticate.将请求更改为使用“auth=Bearer”而不是“auth=bearer”允许客户端进行身份验证。 This is clearly a Google issue, but at least it's resolved.这显然是谷歌的问题,但至少已经解决了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.