How to fix XOAuth authorization error on Android

[flordagirl]

How do I fix this?

"XOAuth authorization error. Please make sure you enabled IMAP in your Gmail account settings."

Expected behaviour : automatic SMS backup

Actual behaviour: XOAuth authorization error

Please specify the following:

• Android version: 9
• Phone model / brand: LG K40
• SMS Backup+ version installed: 1.5.11

[kurahaupo]

@flordagirl

Can you confirm that IMAP is already enabled on your Gmail account? (Use the "settings" cogwheel icon.)

As per #970.

[flordagirl]

@flordagirl

Can you confirm that IMAP is already enabled on your Gmail account? (Use the "settings" cogwheel icon.)

As per #970.

Yes, it's been enabled. Now what?

[flordagirl]

Why did you close it? IMAP has always been enabled. The same error is still there and the app is unusable.

---

From: Martin Kealey notifications@github.com Sent: Wednesday, July 15, 2020 9:05 AM To: jberkel/sms-backup-plus sms-backup-plus@noreply.github.com Cc: flordagirl brainychick79@hotmail.com; Mention mention@noreply.github.com Subject: Re: [jberkel/sms-backup-plus] How to fix XOAuth authorization error on Android (#1028)

Closed #1028https://github.com/jberkel/sms-backup-plus/issues/1028.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/jberkel/sms-backup-plus/issues/1028#event-3548467766, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AM3M7JO7W4PSQM2ML4AVRODR3WSRBANCNFSM4OZ3DBQA.

[kurahaupo]

Sorry my previous response was too terse. This issue is a duplicate of issue #970, where there is extensive discussion and explanation of how to correct the issue.

[kurahaupo]

The app can no longer user XOAUTH to get access to Gmail, so as an alternative, the user has to configure both the app and their Gmail account to use IMAP instead.

Last year Google introduced what they call "sensitive scope" access, meaning that for apps to get access to sensitive user data, they would need to be manually vetted by a Google employee. This took effect from the middle of last year for "free" (@gmail.com) users, and from the middle of this year for paying Gmail users (using their own domains). If you've only recently started having trouble, I expect you're in the latter category.

A preliminary part of that vetting is a "purpose" check, and (to cut a long story short) "backup into email" is not a valid purpose for getting access to email, so they didn't even start the in-depth code check.

I have proposed changing the name of the app to remove any implication of "backup", as many users find being able to search and read SMS and Email together within Gmail to be its key purpose, and that would pass the initial "purpose" test. And if by coincidence that also makes it useful for backing up, well that's just a bonus.

Unfortunately I no longer work for Google myself, so I don't have as much leverage as I once did.

[flordagirl]

I actually didn't just start having issues with the Google thing and this app. It did start at least 1-2 years ago and I was able to find a work around. But this time none of the work arounds are working.

---

From: Martin Kealey notifications@github.com Sent: Saturday, August 22, 2020 10:20 PM To: jberkel/sms-backup-plus sms-backup-plus@noreply.github.com Cc: flordagirl brainychick79@hotmail.com; Mention mention@noreply.github.com Subject: Re: [jberkel/sms-backup-plus] How to fix XOAuth authorization error on Android (#1028)

The app can no longer user XOAUTH to get access to Gmail, so as an alternative, the user has to configure both the app and their Gmail account to use IMAP instead.

Last year Google introduced what they call "sensitive scope" access, meaning that for apps to get access to sensitive user data, they would need to be manually vetted by a Google employee. This took effect from the middle of last year for "free" (@gmail.com) users, and from the middle of this year for paying Gmail users (using their own domains). If you've only recently started having trouble, I expect you're in the latter category.

A preliminary part of that vetting is a "purpose" check, and (to cut a long story short) "backup into email" is not a valid purpose for getting access to email, so they didn't even start the in-depth code check.

I have proposed changing the name of the app to remove any implication of "backup", as many users find being able to search and read SMS and Email together within Gmail to be its key purpose, and that would pass the initial "purpose" test. And if by coincidence that also makes it useful for backing up, well that's just a bonus.

Unfortunately I no longer work for Google myself, so I don't have as much leverage as I once did.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/jberkel/sms-backup-plus/issues/1028#issuecomment-678720202, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AM3M7JNPR6DLQC6HHYXEZLLSCB4H5ANCNFSM4OZ3DBQA.

[kurahaupo]

When exactly do you see "XOAuth authorization error"? I ask because if SMS Backup+ is correctly configured, it won't even try to use XOAUTH to access Gmail.

Please go through your gmail settings and create an app password for IMAP (if you have not already done so), and then go through the app settings and check that it is configured to use IMAP with that app password, as explained in issue #970 .

If you initially configured SMS Backup+ a long time ago, you may need to ensure that XOAUTH is not being used, by going into Settings → Advanced settings → Legacy settings and disable Connect.

Note: SMS Backup+ does still use XOAUTH to access calendars, if you've configured it to save your call log as calendar records, and if that's when the error appears, that's an entirely different debugging problem.

[cauerego]

renaming and repurposing the app would be a great idea. indeed, being able to search messages is more important and relevant than "just" being a (good and real) backup...

but here's to an even better one, for me:

get away from google! there are very good technical reasons why: https://cregox.net/delete

by all means, keep it working with it if you can... but focus on more open things like disroot or delta chat.

[kurahaupo]

@flordagirl note that the browser work-around no longer works; you will need to use the IMAP method instead.

(My apologies, I assumed, based on the error message, that you had already configured SMS Backup+ to use IMAP.)

[kurahaupo]

@flordagirl if you upgrade to version 1.6β then the new configuration screen makes it much clearer that the old XOAUTH method is deprecated, and unlikely to work until such time as Google can be convinced to approve this app for sensitive scope access.

[flordagirl]

@flordagirl if you upgrade to version 1.6β then the new configuration screen makes it much clearer that the old XOAUTH method is deprecated, and unlikely to work until such time as Google can be convinced to approve this app for sensitive scope access.

I've already tried that. My reply is late because I was unable to reply until now. If you are currently still using SMS Backup+ on an android device along with the feature where it automatically backs up your texts to gmail, could you please send me the steps on how you got it to work? Like I've mentioned previously I've already spent hours looking through all the posts here and trying the steps mentioned by others. None of the work arounds are working for me anymore.

[kurahaupo]

Yes I'm still using it, and the last time I set it up was January 2020 when I bought this phone.

I have 2-factor authentication enabled on my Gmail account, with the authenticator app and SMS as options. I've enabled IMAP access into Gmail.

I generated an app password, then told SMS Backup+ to use it. (You should do that separately for each device where you install it, otherwise Google may object to you using the same login from multiple sources, and invalidate the app password.

That's all. No other magic required.

-Martin

[flordagirl]

I have 2-factor authentication enabled on my Gmail account, I already have that on. It's been on since 2019;

with the authenticator app and SMS as options.

I've enabled IMAP access into Gmail.

So have I. I generated an app password, then told SMS Backup+ to use it. (You should do that separately for each device where you install it, otherwise Google may object to you using the same login from multiple sources, and invalidate the app password. Already did that too.

NEXT!!!