Gmail OAuth issue

[BrainDedd]

Getting various errors and I can't re-authorize because the page that loads is broken.

[mjs]

Hi BrainDedd,

Thank you for posting some of the error information and I see from another screenshot that you do have the most current PPv4.5.3 update that was released in part to fix Gmail OAuth2 issues that had recently been occurring.

The error information you posted however was a screen-shot of the error overview window -- we actually need to see the complete text of the error message as it provides more detailed information to help us determine what the problem might be.

Please post back with this information by following the instructions provided in the linked topic below: PP error messages: How to view them & copy/paste into your post.

When you say you "can't re-authorize because the page that loads is broken"... What is it exactly that occurs when you click on the Oauth2 button?

[BrainDedd]

Hi BrainDedd,

Thank you for posting the error information -- I see you do have the most current PPv4.5.3 update that was released in part to fix Gmail OAuth2 issues that had recently been occurring.

What is it exactly that occurs when you click on the Oauth2 button?

Exactly the second screenshot. When I click refresh it will load a page that says it's not secure and I can close the tab.

[mjs]

Instead of posting a screen-shot of the Error Overview window would you please include the Error Overview data by clicking on the "Copy" button in that interface and then paste that information in your next post in this topic. Steps do do this are provided in this link: PP error messages: How to view them & copy/paste into your post.

[BrainDedd]

Instead of posting a screen-shot of the Error Overview window would you please include the Error Overview data by clicking on the "Copy" button in that interface and then paste that information in your next post in this topic. Steps do do this are provided in this link: PP error messages: How to view them & copy/paste into your post.

--- Version ---
OS: Windows 10 (x64)
POP Peeper: 4.5.3.0
Webmail: 4.5.11.0
SSL: 1.0.2.11
IMAP: 4.5.2.0
RSS: 4.5.0.0 (disabled)
SendMail: 4.5.2.0
Notification Voice: 4.5.0.0 (disabled)
Profile Picture: 4.5.0.0
AntiJunk: 4.5.0.0
Spell Checker: 4.5.0.0
Web of Trust: 4.5.0.0

--- Error ---
GMail [1000: IMAP] ['imap.gmail.com' (993) SSL: 1] [Smtp: 'smtp.gmail.com' (587) SSL: 2] [consec: 1]
- Error ([AUTHENTICATIONFAILED] Invalid credentials Failure)

GMail 2 [1000: IMAP] ['imap.gmail.com' (993) SSL: 1] [Smtp: 'smtp.gmail.com' (587) SSL: 2] [consec: 1]
- Error ([AUTHENTICATIONFAILED] Invalid credentials Failure)

Unfortunately I've already tried to re-authorize both accounts and the original error is now no longer showing

[mjs]

Have you made any recent changes to your computer involving security software that might include security setting changes prior to when these issues started?

Have you done a reboot of your computer (which will restart PP as well) and then tried the PP OAuth2 button again?

[mjs]

Try logging into your Gmail accounts using the same Password you have in PP.

It maybe that you have possibly changed passwords to some of these accounts.

[Jeff]

Most likely, there's something wrong with your Internet Explorer settings. When researching this error, the most common reason this error occurs is because of "security zones", so try this:
- In the windows start menu, type "Internet Options" and open that entry
- Select the 'Security' tab
- Uncheck "Enable Protected Mode"
- Next, select the "advanced" tab
- Scroll to the list to the bottom where you'll find "Use TLS 1.x" and make sure that 1.0, 1.1, 1.2 are all checked (do not enable SSL 3.0 or TLS 1.3)
- Press OK
- You'll probably need to exit and restart POP Peeper and then try re-authorizing OAuth2 again


If that doesn't work, you can try resetting IE:
- Open the Windows Run prompt (WinKey+R)
- type and enter the following:
rundll32.exe inetcpl.cpl,ResetIEtoDefaults
- Assuming you're not using IE for anything, I would recommend ticking the box for "delete personal settings", then press 'Reset'
- This will require you to restart your computer

[BrainDedd]

The only changes I have made are installing the newest Windows build that happens to have the security fix for IE with it (10.0.18362.387)
My internet settings are as described ... though I have the actual IE install removed via Windows Optional Features.
Oddly my OAuth2 is still working with Thunderbird on both accounts and I have made no changes between last night (when it worked) and this morning.

[Jeff]

though I have the actual IE install removed via Windows Optional Features.

Oh, there you go -- POP Peeper uses IE to display HTML, so you'll need to re-install that. There are plans to remove PP's reliance on IE in the future, but it will be after v5.0.

[BrainDedd]

Definitely not that. It still loads and displays as the IE files are still present for app support.

[Jeff]

Ok, you're right -- I tried uninstalling IE and I was still able to use Oauth2 within POP Peeper.

You didn't mention if you had tried resetting IE as per my previous instructions. I did notice that the "enable protected mode" wasn't available when IE was uninstalled, but you should be able to check on the TLS options and reset IE (although, I forgot to check if the latter still existed while IE was uninstalled, but I would assume so since most of the other "internet options" are still available).

A couple other things:

1) Until you get OAuth2 to work, you can edit your gmail settings to allow regular password login using this URL:
Enable the option on this URL: https://www.google.com/settings/security/lesssecureapps
then add your password into your gmail account in POP Peeper and you should be able to run PP with your accounts. You'll still be able to test OAuth2, but once you have that working you can disable the "less secure apps" in your gmail accounts again (and delete your passwords from within POP Peeper).

2) I would suggest temporarily re-installing IE and see if you're able to access gmail's login page using IE:
https://accounts.google.com/AccountChoo ... .com/mail/
This may not be a perfect correlation between PP and IE, but I'm guessing that you won't be able to access this page in IE either, and if you can get IE to work then PP should work, too. And it's going to be easier to troubleshoot IE than PP.

[BrainDedd]

Reset IE, reinstalled IE and nothing. Will have to go the insecure app route or live without the accounts for now

[BrainDedd]

On a hunch I tried disabling my AV (NOD32) and it worked
Seems something in the AV was interfering with the way the pages load in POP Peeper

[mjs]

You can add POP Peeper to the AV exceptions list.

[Jeff]

Good find!

Do you know when this problem started? Specifically, did it occur immediately after you updated to POP Peeper v4.5.3?

I was going to ask if you had any issues viewing HTML messages with POP Peeper. Until you found the problem, I would have expected that you would have problems, but now, I'm guessing not. And I have a theory as to what's happening.

Prior to v4.5.3, POP Peeper used a generic "user-agent" string. Gmail didn't like this and started to block the OAuth2 login process. This didn't affect very many accounts; I suspect it was a trial thing and they quickly reverted that change. However, assuming that Gmail may eventually re-instate that policy was the main reason v4.5.3 was released to fix that issue. So when POP Peeper logs you into Oauth2, it's using a customized user-agent string which includes "POP Peeper." Perhaps NOD32 doesn't like that; and perhaps this issue is why Gmail had to roll the change back, because too many "security" apps were causing grief.

IF that's the reason, it makes no sense. If a program has bad intentions, it's just going to clone a user-agent string that works. Blocking a user-agent because it's not known is inane; and not providing an explanation is even worse.

[BrainDedd]

Good find!

Do you know when this problem started? Specifically, did it occur immediately after you updated to POP Peeper v4.5.3?

I was going to ask if you had any issues viewing HTML messages with POP Peeper. Until you found the problem, I would have expected that you would have problems, but now, I'm guessing not. And I have a theory as to what's happening.

Prior to v4.5.3, POP Peeper used a generic "user-agent" string. Gmail didn't like this and started to block the OAuth2 login process. This didn't affect very many accounts; I suspect it was a trial thing and they quickly reverted that change. However, assuming that Gmail may eventually re-instate that policy was the main reason v4.5.3 was released to fix that issue. So when POP Peeper logs you into Oauth2, it's using a customized user-agent string which includes "POP Peeper." Perhaps NOD32 doesn't like that; and perhaps this issue is why Gmail had to roll the change back, because too many "security" apps were causing grief.

IF that's the reason, it makes no sense. If a program has bad intentions, it's just going to clone a user-agent string that works. Blocking a user-agent because it's not known is inane; and not providing an explanation is even worse.

I suspect you are right. I cannot remember the exact timeline but it definitely started happening after 4.5.3.
I'm not entirely sure why NOD32 would be blocking the page or interfering in this way but it's definitely something I wasn't expecting.