search

the-djmaze / snappymail

Simple, modern & fast web-based email client
https://snappymail.eu
GNU Affero General Public License v3.0
994 stars 119 forks source link

Google OAuth2 Login not redirecting properly during login flow #1779

Open githubbbie opened 3 days ago

githubbbie commented 3 days ago

Describe the bug

When trying a google workspace email with OAuth2 credentials setup according to Snappymail instructions, using my own custom nextcloud domain

To Reproduce Steps to reproduce the behavior:

  1. Setup my google workspace OAuth2 credentials
  2. Go to https://MYNEXTCLOUD.DOMAIN/apps/snappymail/
  3. Enter my google workspace email and no password
  4. Click on "Gmail" button
  5. Get error

Expected behavior

Google should offer its consent screen where I would normally enter my password for the requested email, then upon confirmation on Google side, get a redirect back to my authorized redirect URI.

Screenshots

2024-09-25_12-46-google-workspace-domain-not-working-main-login

From the google side, oauth2 authorized URI, NOTE there is only bare domain for serving nextcloud.

2024-09-25_13-26-google-side

Please complete the following information:

Debug/logging information

2024-09-25_12-46-google-workspace-domain-not-working-main-login-error

Additional context Add any other context about the problem here.

githubbbie commented 3 days ago

BTW, just setup this same gmail account with k9 android app and there is another flow there that safari and k9 used to authorize gmail accounts, that did not require all that oauth2 setup.

githubbbie commented 3 days ago

The documentation for setting up gmail accounts is a bit sparse: https://github.com/the-djmaze/snappymail/wiki/FAQ#gmail

What is the appropriate redirect URI ?

Clearly not snappymail.eu for either authorized URI, but one's own custom URI.

Help?

githubbbie commented 3 days ago

Related to #1663 #1580

On Issue #1520 there might be issue with bare gmail account (NOT google workspace gmail account) and 2auth being enabled. First, want to get to the bottom of working Google Workspace Gmail OAuth2 account + snappymail in nextcloud, then will move onto the next one.

the-djmaze commented 3 days ago

Plugin does not support flowname. It uses the basic OAuth2. Check which permissions you've setup.

githubbbie commented 2 days ago

Strange, looking at the error in the code: Request details:

redirect_uri=https://MY_NEXTCLOUD_DOMAIN/apps/snappymail/?LoginGMail flowName=GeneralOAuthFlow
githubbbie commented 2 days ago

Hmmm, not sure. Looks like google migrating to Out-Of-Band flows: https://developers.google.com/identity/protocols/oauth2/resources/oob-migration

By "permissions" are you referring to Google's consent screen "Scopes" ? I enabled ALL Gmail API scopes (14 of them).

Or, are you referring to the app OAuth consent screen publishing status:

image

I had set to Internal before and turned to External for testing and am getting same results on attempting to login to my google workspace account from logged out snappymail by clicking the gmail button.

Looking for howto setup debugging with nextcloud and snappymail as nextcloud app: https://github.com/the-djmaze/snappymail/wiki/FAQ#how-do-i-enable-logging (consider adding this to this FAQ item for howto enable logging: https://github.com/the-djmaze/snappymail/blob/master/integrations/nextcloud/snappymail/README.md#how-to-activate-snappymail-logging-and-then-find-logs)

Ok, I confirmed my nextcloud/snappymail logging is turned on.

And next, there is nothing in the logs pertaining to this, as when I click from snappymail the Gmail button, the next screen comes from google and nothing in my nextcloud/snappymail logs.

Help?

What google apis are needed to make this work?

Thanks and I hope that going thru this will help others and improve documentation.