Google OAuth2 Login not redirecting properly during login flow

[githubbbie]

Describe the bug

When trying a google workspace email with OAuth2 credentials setup according to Snappymail instructions, using my own custom nextcloud domain

To Reproduce Steps to reproduce the behavior:

0. Setup my google workspace OAuth2 credentials
1. Go to https://MYNEXTCLOUD.DOMAIN/apps/snappymail/
2. Enter my google workspace email and no password
3. Click on "Gmail" button
4. Get error

Expected behavior

Google should offer its consent screen where I would normally enter my password for the requested email, then upon confirmation on Google side, get a redirect back to my authorized redirect URI.

Screenshots

From the google side, oauth2 authorized URI, NOTE there is only bare domain for serving nextcloud.

Please complete the following information:

• Browser: Version 129.0.6668.58 (Official Build, ungoogled-chromium) (64-bit)
• PHP version: 8.2.22
• SnappyMail Version: 2.38.0
• Mode: nextcloud
• Nextcloud version: 29.0.5

Debug/logging information

• From Google:

Additional context Add any other context about the problem here.

[githubbbie]

BTW, just setup this same gmail account with k9 android app and there is another flow there that safari and k9 used to authorize gmail accounts, that did not require all that oauth2 setup.

[githubbbie]

The documentation for setting up gmail accounts is a bit sparse: https://github.com/the-djmaze/snappymail/wiki/FAQ#gmail

What is the appropriate redirect URI ?

Clearly not snappymail.eu for either authorized URI, but one's own custom URI.

Help?

[githubbbie]

Related to #1663 #1580

On Issue #1520 there might be issue with bare gmail account (NOT google workspace gmail account) and 2auth being enabled. First, want to get to the bottom of working Google Workspace Gmail OAuth2 account + snappymail in nextcloud, then will move onto the next one.

[the-djmaze]

Plugin does not support flowname. It uses the basic OAuth2. Check which permissions you've setup.

[githubbbie]

Strange, looking at the error in the code: Request details:

redirect_uri=https://MY_NEXTCLOUD_DOMAIN/apps/snappymail/?LoginGMail flowName=GeneralOAuthFlow 

[githubbbie]

Hmmm, not sure. Looks like google migrating to Out-Of-Band flows: https://developers.google.com/identity/protocols/oauth2/resources/oob-migration

By "permissions" are you referring to Google's consent screen "Scopes" ? I enabled ALL Gmail API scopes (14 of them).

Or, are you referring to the app OAuth consent screen publishing status:

I had set to Internal before and turned to External for testing and am getting same results on attempting to login to my google workspace account from logged out snappymail by clicking the gmail button.

Looking for howto setup debugging with nextcloud and snappymail as nextcloud app: https://github.com/the-djmaze/snappymail/wiki/FAQ#how-do-i-enable-logging (consider adding this to this FAQ item for howto enable logging: https://github.com/the-djmaze/snappymail/blob/master/integrations/nextcloud/snappymail/README.md#how-to-activate-snappymail-logging-and-then-find-logs)

Ok, I confirmed my nextcloud/snappymail logging is turned on.

And next, there is nothing in the logs pertaining to this, as when I click from snappymail the Gmail button, the next screen comes from google and nothing in my nextcloud/snappymail logs.

Help?

What google apis are needed to make this work?

Thanks and I hope that going thru this will help others and improve documentation.