GNU bug report logs -
#78366
30.1; auth-source-xoauth2-plugin conflicts with multiple Google accounts
Previous Next
Reported by: Anush V <j <at> gnu.org>
Date: Sun, 11 May 2025 02:46:02 UTC
Severity: normal
Tags: fixed
Found in version 30.1
Fixed in version 31.1
Done: Robert Pluim <rpluim <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
Message #20 received at 78366 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi Robert,
Robert Pluim <rpluim <at> gmail.com> writes:
>>>>>> On Tue, 13 May 2025 09:55:24 -0700, Xiyue Deng <manphiz <at> gmail.com> said:
> >>
> >>
> >> I did some debugging. According to comment “;; A string result is an
> >> error.” in the function smtpmail-try-auth-methods, the function call
> >> (smtpmail-try-auth-method process 'xoauth2 "user" "password") should
> >> return a string when authentication fails. However, it currently
> >> returns a list instead, which prevents other authentication methods
> >> from being tried.
> >>
> >> [...]
>
> Xiyue> Thanks for the investigation! If the try-method don't fallback to the
> Xiyue> other supported auth methods then it will break. I tried to read the
> Xiyue> code of `smtpmail-try-auth-method' for xoauth2[1], and besides lacking
> Xiyue> encoding user and password into utf-8, I don't see anything obviously
> Xiyue> different from plain[2] and not sure why it would return a list.
>
> utf-8 encoding is not necessary for xoauth2, see commit
> 745847ba8eca27e981a50ad91b628bbce35bb0f3
>
> Xiyue> Would be great if any Emacs developer can shed some light here.
>
> `smtpmail-try-auth-method' will call `smtpmail-command-or-throw
> process', which will return a list upon success, and string upon
> failure. That decision is made by `smtpmail-ok-p', so thatʼs the
> function you should check. Setting `smtpmail-debug-info' to t will get
> you a trace buffer of the SMTP commands, that should help.
>
> Robert
> --
Thanks for the insights! I managed to reproduce the issue, and during
debugging I got the list from the reply as Anush mentioned. Turned out
that the return code was 334 server challenge[1], so it was waiting for
the correct user and password. Sometimes this was directly considered
authentication unsuccessful for Gmail[2]. `smtpmail-ok-p' considers a
return code less than 400 as successful, and only has challenge handling
implemented in cram-md5. As we should be providing the correct
credentials directly in xoauth2, 334 is effectively a failure.
Maybe in `smtpmail-try-auth-method' for xoauth2, if we see return code
334, we should change the return value to "535 5.7.8 Authentication
credentials invalid". Would like to see whether the Emacs maintainers
this is a good idea.
Meanwhile, a workaround for auth-source-xoauth2-plugin is to put xoauth2
as the last entry in `smtpmail-auth-supported'. Anush, can you try
enable auth-source-xoauth2-plugin and eval `(setq smtp-auth-supported
'(cram-md5 plain login xoauth2))' and see if this helps?
[1] https://en.wikipedia.org/wiki/List_of_SMTP_server_return_codes#%E2%80%94_3yz_Positive_intermediate
[2] https://support.google.com/mail/thread/204884242/334-authentication-unsuccessful?hl=en
[3] https://git.savannah.gnu.org/cgit/emacs.git/tree/lisp/mail/smtpmail.el#n662
--
Regards,
Xiyue Deng
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 39 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.