offlineimap3 icon indicating copy to clipboard operation
offlineimap3 copied to clipboard
verified publisher icon OfflineIMAP

Connecting to Gmail using OAuth2

Open cpbl opened this issue 8 months ago • 4 comments

I've been relying on offlinemap for >20 years. A month ago my offlineimap connection to gmail stopped working with ERROR: All authentication types failed:
PLAIN: b'[AUTHENTICATIONFAILED] Invalid credentials (Failure)'

I cannot find up to date instructions for using gmail via imap in offlineimap, especially since the March 2025 changes for gmail authentication.

To try to set up OAuth2 which it looks like I might not have been using, I have:

  • registered a new application and got OAuth credentials, by:

Log in to the Google Cloud Console, create a new project (if needed), and enable the Gmail API. Navigate to "APIs & Services" -> "Credentials" and create a new OAuth 2.0 client ID. Choose "Web application" as the application type, and enter an application name. Configure the consent screen by adding users and specifying the allowed domains, if applicable.

But putting these into oflfineimap seems not to help. Is there clear documentation / use case written up for this?

cpbl avatar May 11 '25 21:05 cpbl

@cpbl: Sounds to me like you should take this to the free technical support Google offers their customers, not to volunteers working in their freetime on working around things that Google breaks deliberately. If I was forced to use a Gmail address for a job, I'd set up a forwarding filter to get my mail out of their ecosystem as early as possible. I hope this helps you.

mschilli87 avatar May 11 '25 21:05 mschilli87

I'm actually looking for some example set-ups for how to use offlineimap from scratch with modern imap services out there. Gmail is an obvious one, given that it is the largest. That is, I'm asking how to start from scratch, rather than solve a bug. Currently, it is not easy to find such examples on the README or .conf.

cpbl avatar May 11 '25 22:05 cpbl

See https://wiki.archlinux.org/title/OfflineIMAP#OAuth2_access_tokens_via_oama

I personally use mutt_oauth2.py instead of oama, but any OAuth2 manager should be fine.

keithbowes avatar May 15 '25 23:05 keithbowes

Thanks @keithbowes

Under Ubuntu: For the oama route, I had to install oama manually by downloading the binary and placing it somewhere in my path. Running the binary with ./oama ... gave a very confusing error if that location was not also on the path. Then follow instructions to edit the yaml file oama creates, etc.

And I had to install sudo apt install libsecret-tools to avoid another entirely cryptic error from oama, or else the first step of command-line authorization of oama to work.

But some basic syncing is working now!

cpbl avatar May 16 '25 21:05 cpbl