Xiyue Deng writes: > Xiyue Deng writes: > >> Hi Robert, >> >> Robert Pluim writes: >> >>>>>>>> On Thu, 15 May 2025 00:17:02 -0700, Xiyue Deng said: >>> >>> Xiyue> Thanks for the insights! I managed to reproduce the issue, and during >>> Xiyue> debugging I got the list from the reply as Anush mentioned. Turned out >>> Xiyue> that the return code was 334 server challenge[1], so it was waiting for >>> Xiyue> the correct user and password. Sometimes this was directly considered >>> Xiyue> authentication unsuccessful for Gmail[2]. `smtpmail-ok-p' considers a >>> Xiyue> return code less than 400 as successful, and only has challenge handling >>> Xiyue> implemented in cram-md5. As we should be providing the correct >>> Xiyue> credentials directly in xoauth2, 334 is effectively a failure. >>> >>> Xiyue> Maybe in `smtpmail-try-auth-method' for xoauth2, if we see return code >>> Xiyue> 334, we should change the return value to "535 5.7.8 Authentication >>> Xiyue> credentials invalid". Would like to see whether the Emacs maintainers >>> Xiyue> this is a good idea. >>> >>> Itʼs either that, or change `smtpmail-ok-p' to accept a second >>> optional parameter for which codes to accept for success, which seems >>> like overkill here. >>> >> >> In this case it's more like which codes not to accept (334), but I agree >> `smtpmail-ok-p' is probably the wrong place to handle that. >> >> I'll work on a patch for `smtpmail-try-auth-method' later. >> > > A draft patch is attached, please take a look. > Friendly ping. Does the patch look acceptable for smtpmail.el? P.S. I have auth-source-xoauth2-plugin 0.2.1 released with the workaround. Please check it out. > -- > Regards, > Xiyue Deng > From 8de2535105c1fac14ab6c5fef792435b21a0861f Mon Sep 17 00:00:00 2001 > From: Xiyue Deng > Date: Fri, 16 May 2025 02:48:52 -0700 > Subject: [PATCH] Make xoauth2 auth fail when a smtp server replies 334 > (bug#78366) > > * lisp/mail/smtpmail.el (smtpmail-try-auth-method): Throws error 535 > when receiving a "334 server challenge" reply. > --- > lisp/mail/smtpmail.el | 20 +++++++++++++++----- > 1 file changed, 15 insertions(+), 5 deletions(-) > > diff --git a/lisp/mail/smtpmail.el b/lisp/mail/smtpmail.el > index 9337ee9401a..eda91793d17 100644 > --- a/lisp/mail/smtpmail.el > +++ b/lisp/mail/smtpmail.el > @@ -642,11 +642,21 @@ smtpmail-try-auth-method > > (cl-defmethod smtpmail-try-auth-method > (process (_mech (eql 'xoauth2)) user password) > - (smtpmail-command-or-throw > - process > - (concat "AUTH XOAUTH2 " > - (base64-encode-string > - (concat "user=" user "\1auth=Bearer " password "\1\1") t)))) > + (let ((ret (smtpmail-command-or-throw > + process > + (concat "AUTH XOAUTH2 " > + (base64-encode-string > + (concat "user=" user "\1auth=Bearer " password "\1\1") > + t))))) > + (if (eq (car ret) 334) > + ;; When a server returns 334 server challenge, it usually means > + ;; the credentials it received was wrong (e.g. was an actual > + ;; password instead of an access token). In such case, we > + ;; should return a string with 535 to indicate a failure so that > + ;; smtpmail will try other authentication mechanisms. See also > + ;; https://debbugs.gnu.org/78366. > + (throw 'done "535 5.7.8 Authentication credentials invalid") > + ret))) > > (defun smtpmail-response-code (string) > (when string > -- > 2.47.2 > -- Regards, Xiyue Deng