SUMMARY The Oauth2 process fails trying to access a Google Workspace account STEPS TO REPRODUCE 1. Go to akonadiconsole 2. On the Agents tab, click "+ Add" 3. Select "Google Groupware" in the presented dialog, and click "OK" 4. Account is "not configured". Click "Configure" 5. A browser tab opens, requesting a Google Account Sign in (in my case, in firefox). 6. Choose the account 7. A permissions request page appears, choose "Allow" OBSERVED RESULT A new web page appears, with the text "Something went wrong Sorry, something went wrong there. Please try again." Clicking "Next" results in the same page appearing. EXPECTED RESULT The auth token is returned to Akonadi googleresource. SOFTWARE/OS VERSIONS Linux/KDE Plasma: Gentoo Linux KDE Plasma Version: 5.25.4 KDE Frameworks Version: 5.98.0 Qt Version: 5.15.5 Kernel version 5.19.9 (64 bit) ADDITIONAL INFORMATION Note that my gmail imap resource for this google account continues to work, and Google drive for this account will open in Dolphin (WITHOUT any oauth dialogs)
I am facing the issue in the KMail account creation process. This is a Debian system with newly installed KDE instance from https://download.opensuse.org/repositories/home:/npreining:/debian-kde build. STEPS TO REPRODUCE 1. Launch KMail, and open "Configure KMail..." through the menu. 2. Go to "Account", then check the incoming accounts. Add an IMAP account through "Add..." >> "Custom accounts...". 3. Input account information and click OK. 4. A browser tab opens, requesting a Google Account Sign in. I am using Brave browser incognito by default, but I have also tested normal mode of Brave browser as well. 5. Choose the account, and choose "Allow". OBSERVED RESULT A new web page appears, with the text "Something went wrong Sorry, something went wrong there. Please try again." Clicking "Next" results in the same page appearing. EXPECTED RESULT The auth token is returned to KMail. SOFTWARE/OS VERSIONS Debian Bullseye (stable) + KDE from https://download.opensuse.org/repositories/home:/npreining:/debian-kde Linux I-P0.enneamer.is 5.10.0-18-amd64 #1 SMP Debian 5.10.140-1 (2022-09-02) x86_64 GNU/Linux KDE Plasma 5.4.26 KDE Frameworks 5.98.0 Qt 5.15.2 KMail 5.21.1 (22.08.1) ADDITIONAL INFORMATION Ocassionally, if I refresh the web page, I can get through the process and see a vanilla page at 127.0.0.1:random_port suggesting the authentication is finished. However, it is not true and Akonadi will soon complain that the resource is broken and no secrecy is available. For me it is adding a new account so, unlike Mike, nothing works. SOFTWARE/OS VERSIONS Linux/KDE Plasma: Gentoo Linux KDE Plasma Version: 5.25.4 KDE Frameworks Version: 5.98.0 Qt Version: 5.15.5 Kernel version 5.19.9 (64 bit) ADDITIONAL INFORMATION Note that my gmail imap resource for this google account continues to work, and Google drive for this account will open in Dolphin (WITHOUT any oauth dialogs)
(In reply to Enneamer from comment #1) > I am facing the issue in the KMail account creation process. This is a > Debian system with newly installed KDE instance from > https://download.opensuse.org/repositories/home:/npreining:/debian-kde build. > > STEPS TO REPRODUCE > 1. Launch KMail, and open "Configure KMail..." through the menu. > 2. Go to "Account", then check the incoming accounts. Add an IMAP account > through "Add..." >> "Custom accounts...". > 3. Input account information and click OK. > 4. A browser tab opens, requesting a Google Account Sign in. I am using > Brave browser incognito by default, but I have also tested normal mode of > Brave browser as well. > 5. Choose the account, and choose "Allow". > > OBSERVED RESULT > A new web page appears, with the text "Something went wrong > Sorry, something went wrong there. Please try again." > Clicking "Next" results in the same page appearing. > > EXPECTED RESULT > The auth token is returned to KMail. > > SOFTWARE/OS VERSIONS > Debian Bullseye (stable) + KDE from > https://download.opensuse.org/repositories/home:/npreining:/debian-kde > Linux I-P0.enneamer.is 5.10.0-18-amd64 #1 SMP Debian 5.10.140-1 (2022-09-02) > x86_64 GNU/Linux > KDE Plasma 5.4.26 > KDE Frameworks 5.98.0 > Qt 5.15.2 > KMail 5.21.1 (22.08.1) > > ADDITIONAL INFORMATION > Ocassionally, if I refresh the web page, I can get through the process and > see a vanilla page at 127.0.0.1:random_port suggesting the authentication is > finished. However, it is not true and Akonadi will soon complain that the > resource is broken and no secrecy is available. > > For me it is adding a new account so, unlike Mike, nothing works. Sorry. I forgot to remove the content below, which are copied from Mike. > > SOFTWARE/OS VERSIONS > Linux/KDE Plasma: Gentoo Linux > KDE Plasma Version: 5.25.4 > KDE Frameworks Version: 5.98.0 > Qt Version: 5.15.5 > Kernel version 5.19.9 (64 bit) > > ADDITIONAL INFORMATION > > Note that my gmail imap resource for this google account continues to work, > and Google drive for this account will open in Dolphin (WITHOUT any oauth > dialogs)
Some investigation here: During the authorization process, there is one request failed that triggered the error message: "https://accounts.google.com/signin/oauth/consent/approval?hl=en-GB&_reqid=77030&rt=j", which received 401 response. The response content is exactly the same as the one reported in https://forum.rclone.org/t/unable-to-complete-gdrive-oauth-flow/31850 Is it because Oob workflow deprecation as suggested in the rclone page?
In Arch and Manjaro, it is impossible to configure google groupware if Chrome or Firefox is not set as the default browser. The message that akonadi console or korganizer prints is total confusion. There is a case with some images where the settings do not accept .png or .jpg format.
(In reply to Enneamer from comment #3) > Is it because Oob workflow deprecation as suggested in the rclone page? Possibly, but I don't think it likely. The rclone bug referred to seems to me to be trying to do a silent sign in to Gdrive. Akonadi is kicking off a normal interactive Oauth authentication session, using the default browser (in my case, Firefox). I do have 2FA enabled on my Google Accounts. I have tried deleting the permissions assigned to the Akonadi google resource in my google account, and also tried creating an app password (which google will not let me use during the login). No success. My understanding is @dvratil has taken a sabbatical from KDE/Akonadi projects, so I'm not expecting any feedback from him. How do we approach debugging this?
(In reply to Mike Benson from comment #5) > (In reply to Enneamer from comment #3) > Akonadi is kicking off a normal interactive Oauth authentication session, using the default browser > (in my case, Firefox). I do have 2FA enabled on my Google Accounts. I have a workaround. As other people have suggested, I changed my default browser to chromium, and was able to configure my google groupware agent to access my Google workspace account. So I seem to be looking at a firefox issue.
Any chance you might have some browser extensions that might block a particular request to Google, causing the auth flow to fail?
(In reply to Daniel Vrátil from comment #7) > Any chance you might have some browser extensions that might block a > particular request to Google, causing the auth flow to fail? That's entirely possible - Firefox has uBlock Origin installed, my Chromium instance doesn't. I seem to remember uBlock playing merry hell with Microsoft logins until I got all the whitelisting right.... I will do some testing.
I can confirm that the problem occurs with Firefox. Using Brave the process completed satisfactorily.