Znuny OAuth2 No Refresh token

Moderator: crythias

Locked
hotkimchee
Znuny newbie
Posts: 11
Joined: 21 Aug 2024, 10:37
Znuny Version: 6.5
Real Name: Dan Chang

Znuny OAuth2 No Refresh token

Post by hotkimchee »

Hello,

I am having issues getting gmail to connect for fetching mail. I have setup IMAPS with OAuth2 authentication but it does not work and gives me the following error:

Code: Select all

 	Znuny-znuny.Console.pl-Maint::PostMaster::MailAccountFetch-96 	
 	CommunicationLog(ID:244102,AccountType:-,AccountID:-,Direction:Incoming,Transport:Email,ObjectLogType:Connection,ObjectLogID:247844)::Kernel::System::MailAccount::IMAPS => IMAPS: Can't connect to imap.gmail.com: Unable to connect to imap.gmail.com: IO::Socket::IP configuration failed
And when I look in the httpd logs I see this:

Code: Select all


 RemoteAddress: 169.235.30.154
 RequestURI: /znuny/index.pl?Action=AdminMailAccount;Subaction=Run;ID=4;ChallengeToken=AvOxDCegDSJ3CH6FiTGDNjQBABlgQ1s6;

 Traceback (78329): 
   Module: Kernel::Modules::AdminMailAccount::Run Line: 66
   Module: Kernel::System::Web::InterfaceAgent::Run Line: 1091
   Module: ModPerl::ROOT::ModPerl::Registry::opt_znuny_bin_cgi_2dbin_index_2epl::handler Line: 39
   Module: (eval) (v1.99) Line: 207
   Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
   Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
   Module: ModPerl::Registry::handler (v1.99) Line: 32

When I look at the OAuth2 token configurations I do see the Token status as "vaild" but there is no Refresh Token status

Code: Select all

gmail-test2 	Token is valid until 09/25/2024 11:25 (America/Los_Angeles). 	No refresh token was requested yet. 	valid
Would appreciate your help with this matter. Thank you.
Top
hotkimchee
Znuny newbie
Posts: 11
Joined: 21 Aug 2024, 10:37
Znuny Version: 6.5
Real Name: Dan Chang

Re: Znuny OAuth2 No Refresh token

Post by hotkimchee »

I have turned on IMAP settings on the Gmail account and 2-step verification is turned on
Top
root
Administrator
Posts: 4243
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:
Contact root

Re: Znuny OAuth2 No Refresh token

Post by root »

Hi,

Let's start with the first thing. Any outbound restrictions from the Znuny system? "Can't connect" sounds like. Have you verified with telnet or openssl s_client that the target server is reachable?

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
Top
hotkimchee
Znuny newbie
Posts: 11
Joined: 21 Aug 2024, 10:37
Znuny Version: 6.5
Real Name: Dan Chang

Re: Znuny OAuth2 No Refresh token

Post by hotkimchee »

Hi Roy,

Thank you for the response. I did find there were some FW rules that were blocking the connection. I was able to get IMAPS working properly, however now the issue is when I am using OAUTH2, the "Refresh token status" does not auto-refresh.

Here is what I see in the logs:

Code: Select all

Thu Sep 26 14:06:07 2024 (America/Los_Angeles) 	error 	Znuny-znuny.Console.pl-Maint::PostMaster::MailAccountFetch-96 	Refresh token for token config with ID 3 has expired or is not present. Token must be retrieved manually via authorization code.
Thu Sep 26 14:05:07 2024 (America/Los_Angeles) 	error 	Znuny-znuny.Console.pl-Maint::PostMaster::MailAccountFetch-96 	CommunicationLog(ID:250182,AccountType:-,AccountID:-,Direction:Incoming,Transport:Email,ObjectLogType:Connection,ObjectLogID:254088)::Kernel::System::MailAccount::IMAPS => OAuth2 token could not be retrieved.
I appreciate your help. Thank you.
Top
root
Administrator
Posts: 4243
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:
Contact root

Re: Znuny OAuth2 No Refresh token

Post by root »

Hi,

Outbound http/https is allowed? This is required to refresh the token

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
Top
hotkimchee
Znuny newbie
Posts: 11
Joined: 21 Aug 2024, 10:37
Znuny Version: 6.5
Real Name: Dan Chang

Re: Znuny OAuth2 No Refresh token

Post by hotkimchee »

Hi Roy,

Sorry for the delay. Yes outbound for http/https is allowed. I would assume if that wasn't working properly, the initial access token would not work. The access token is working, but the refresh token does not have anything and the status remains: "No refresh token was requested yet"

Here is what I see in the logs:

Code: Select all

Thu Oct 3 09:38:02 2024 (America/Los_Angeles) 	error 	Znuny-znuny.Console.pl-Maint::PostMaster::MailAccountFetch-96 	Refresh token for token config with ID 3 has expired or is not present. Token must be retrieved manually via authorization code.
Thu Oct 3 09:37:02 2024 (America/Los_Angeles) 	error 	Znuny-znuny.Console.pl-Maint::PostMaster::MailAccountFetch-96 	CommunicationLog(ID:290162,AccountType:-,AccountID:-,Direction:Incoming,Transport:Email,ObjectLogType:Connection,ObjectLogID:295038)::Kernel::System::MailAccount::IMAPS => OAuth2 token could not be retrieved.
Thank you for your help
Top
root
Administrator
Posts: 4243
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:
Contact root

Re: Znuny OAuth2 No Refresh token

Post by root »

Hi,

Have you tried to create another token with the same app and secret?

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
Top
hotkimchee
Znuny newbie
Posts: 11
Joined: 21 Aug 2024, 10:37
Znuny Version: 6.5
Real Name: Dan Chang

Re: Znuny OAuth2 No Refresh token

Post by hotkimchee »

Hi Roy,

Yes, I have tried in the past to create another OAuth2 account with the same Google credentials and it did not work. I have just recreated one now and it's still showing similar symptoms.

Thank you for your help
You do not have the required permissions to view the files attached to this post.
Top
root
Administrator
Posts: 4243
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:
Contact root

Re: Znuny OAuth2 No Refresh token

Post by root »

hotkimchee wrote: 03 Oct 2024, 21:53
Yes, I have tried in the past to create another OAuth2 account with the same Google credentials and it did not work. I have just recreated one now and it's still showing similar symptoms.
Hi,

What is you exact version and which URLs from Gmail do you use in the token configuration?

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
Top
hotkimchee
Znuny newbie
Posts: 11
Joined: 21 Aug 2024, 10:37
Znuny Version: 6.5
Real Name: Dan Chang

Re: Znuny OAuth2 No Refresh token

Post by hotkimchee »

Hi Roy,

I have attached a screenshot of the config and the znuny version we are on is znuny-7.0.19-01.
I have also tried the following URL for the token refresh: https://accounts.google.com/o/oauth2/token
However, neither one of them changed anything.
You do not have the required permissions to view the files attached to this post.
Top
Locked

Return to “Help”