GNU bug report logs - #78366
30.1; auth-source-xoauth2-plugin conflicts with multiple Google accounts

Previous Next

Package: emacs;

Reported by: Anush V <j <at> gnu.org>

Date: Sun, 11 May 2025 02:46:02 UTC

Severity: normal

Tags: fixed

Found in version 30.1

Fixed in version 31.1

Done: Robert Pluim <rpluim <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Xiyue Deng <manphiz <at> gmail.com>
To: Robert Pluim <rpluim <at> gmail.com>
Cc: 78366 <at> debbugs.gnu.org, Anush V <j <at> gnu.org>
Subject: bug#78366: 30.1; auth-source-xoauth2-plugin conflicts with multiple Google accounts
Date: Thu, 15 May 2025 00:17:02 -0700

[Message part 1 (text/plain, inline)]
Hi Robert,

Robert Pluim <rpluim <at> gmail.com> writes:

>>>>>> On Tue, 13 May 2025 09:55:24 -0700, Xiyue Deng <manphiz <at> gmail.com> said:
>     >> 
>     >> 
>     >> I did some debugging.  According to comment “;; A string result is an
>     >> error.” in the function smtpmail-try-auth-methods, the function call
>     >> (smtpmail-try-auth-method process 'xoauth2 "user" "password") should
>     >> return a string when authentication fails.  However, it currently
>     >> returns a list instead, which prevents other authentication methods
>     >> from being tried.
>     >> 
>     >> [...]
>
>     Xiyue> Thanks for the investigation! If the try-method don't fallback to the
>     Xiyue> other supported auth methods then it will break.  I tried to read the
>     Xiyue> code of `smtpmail-try-auth-method' for xoauth2[1], and besides lacking
>     Xiyue> encoding user and password into utf-8, I don't see anything obviously
>     Xiyue> different from plain[2] and not sure why it would return a list.
>
> utf-8 encoding is not necessary for xoauth2, see commit
> 745847ba8eca27e981a50ad91b628bbce35bb0f3
>
>     Xiyue> Would be great if any Emacs developer can shed some light here.
>
> `smtpmail-try-auth-method' will call `smtpmail-command-or-throw
> process', which will return a list upon success, and string upon
> failure. That decision is made by `smtpmail-ok-p', so thatʼs the
> function you should check. Setting `smtpmail-debug-info' to t will get
> you a trace buffer of the SMTP commands, that should help.
>
> Robert
> -- 

Thanks for the insights! I managed to reproduce the issue, and during
debugging I got the list from the reply as Anush mentioned.  Turned out
that the return code was 334 server challenge[1], so it was waiting for
the correct user and password.  Sometimes this was directly considered
authentication unsuccessful for Gmail[2].  `smtpmail-ok-p' considers a
return code less than 400 as successful, and only has challenge handling
implemented in cram-md5.  As we should be providing the correct
credentials directly in xoauth2, 334 is effectively a failure.

Maybe in `smtpmail-try-auth-method' for xoauth2, if we see return code
334, we should change the return value to "535 5.7.8 Authentication
credentials invalid".  Would like to see whether the Emacs maintainers
this is a good idea.

Meanwhile, a workaround for auth-source-xoauth2-plugin is to put xoauth2
as the last entry in `smtpmail-auth-supported'.  Anush, can you try
enable auth-source-xoauth2-plugin and eval `(setq smtp-auth-supported
'(cram-md5 plain login xoauth2))' and see if this helps?

[1] https://en.wikipedia.org/wiki/List_of_SMTP_server_return_codes#%E2%80%94_3yz_Positive_intermediate
[2] https://support.google.com/mail/thread/204884242/334-authentication-unsuccessful?hl=en 
[3] https://git.savannah.gnu.org/cgit/emacs.git/tree/lisp/mail/smtpmail.el#n662

-- 
Regards,
Xiyue Deng

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 39 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.