"Gmail access expires periodically unless renewed by users"

Greg Marks gtmarks at gmail.com
Sat May 18 01:45:25 UTC 2024


Dear Mutt Developers:

Will we experience difficulties using Mutt to obtain IMAP access to
G-Mail accounts, having configured the Mutt OAuth2 token management
script provided here:

   https://gitlab.com/muttmua/mutt/-/raw/master/contrib/mutt_oauth2.py

once Google changes their access policies governing their so-called
"apps" on June 3, 2024?  I have received a notification from Google
stating:

   You have indicated that your app has features related to "email
   reporting and monitoring," as defined in the Gmail user data
   and developer policy.  This is specified in the Google Cloud
   Platform Console under the Scopes section of the OAuth consent
   screen page.  We would like to remind you that starting June
   3, 2024, apps that use information from emails to provide
   reporting or monitoring services will require periodic Gmail
   access renewals.... After June 3, 2024, newly granted Gmail
   access for consumer Google accounts to reporting and monitoring
   apps will automatically expire after six months.  Users must
   renew permissions for continued access.  Any existing Gmail
   access granted to these apps will expire on July 15, 2024 unless
   renewed by the user.  Users will be able to renew or revoke this
   access at any time through the "Third-party apps & services"
   page on My Account.... Test your application(s) to ensure that
   they are able to handle an invalid_grant response from the OAuth
   2.0 servers.  Such handling may include re-authenticating the
   user and requesting user consent to obtain new tokens.... If
   you take no action, and your application is not able to handle
   user re-authorization after a token expires, you may begin
   to see OAuth errors and your application's functionality may
   be affected.

I more or less followed the instructions here:

   https://gitlab.com/muttmua/mutt/-/blob/master/contrib/mutt_oauth2.py.README

under the section "How to create a Google registration" to create my
"app," which as I understand it is a fictitious piece of software whose
registration is used to obtain OAuth2 tokens for Mutt to access one's
own G-Mail account.  This has worked fine to date.  But I don't know how
to test my "application" to ensure that it can handle an invalid_grant
response from the OAuth 2.0 servers.  I'd like to avert any problems
in advance.

Will this be handled automatically by the mutt_oauth2.py script?
Or will a patch to the script be issued?  Or will we have to log in to
console.developers.google.com with our account and somehow tinker with
the "Application" we've created to obtain client_id and client_secret
credentials to paste into the mutt_oauth2.py script?

Best regards,
Greg Marks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-users/attachments/20240517/c418f180/attachment.asc>


More information about the Mutt-users mailing list