email-oauth2-proxy: Authentication failure after an hour using Google Cloud service account
First off, thank you for the great work on the project.
I was in need of a Google Oauth2 method to use my older applications and found this would work perfectly for my needs. I wanted to have an “auto-auth” method so I created the Service_Account on my Google Workspace and generated the JSON file. Using the JSON file I generated the pre-generated keys for each user and It is working perfectly except after about an hour, it stops working and will no longer accept authentication. It says “Accepting new connections…” but fails… It is happening with all the services I have configured which is IMAP and POP with the same result. The current resolution is to stop the program, remove the cache-store file and restart the program.
I have each service on a different physical box and the command to start the app and configurations are listed below:
Command:
python3 emailproxy.py --no-gui --config-file emailproxy.config --cache-store cache-store --log-file emailproxy.log
PC A
[Server setup]
[IMAP-993]
server_address = imap.gmail.com
server_port = `993`
local_address = <ipaddr>
[Account setup]
[user@domain.aaa]
token_url = https://oauth2.googleapis.com/token
oauth2_scope = https://mail.google.com/
oauth2_flow = service_account
redirect_uri = http://localhost
client_id = file
client_secret_encrypted = <secret>
token_salt = <salt>
token_iterations = 870000
[Advanced proxy configuration]
[emailproxy]
delete_account_token_on_password_error = False
encrypt_client_secret_on_first_use = True
allow_catch_all_accounts = False
PC B
[Server setup]
[POP-995]
server_address = pop.gmail.com
server_port = 995
local_address = <ipaddr>
[Account setup]
[user2@domain.aaa]
token_url = https://oauth2.googleapis.com/token
oauth2_scope = https://mail.google.com/
oauth2_flow = service_account
redirect_uri = http://localhost
client_id = file
client_secret_encrypted = <secret>
token_salt = <salt>
token_iterations = 870000
[Advanced proxy configuration]
[emailproxy]
delete_account_token_on_password_error = False
encrypt_client_secret_on_first_use = True
allow_catch_all_accounts = False
Please let me know if there is something I may be missing, doing wrong, or additional steps that may be required to help understand the issue and help to solve the problem.
Regards, Johspa
_Originally posted by @johspa933 in https://github.com/simonrob/email-oauth2-proxy/issues/212#issuecomment-1907292776_
About this issue
- Original URL
- State: closed
- Created 5 months ago
- Comments: 15 (7 by maintainers)
Apologies for the delay but work got in the way…
No, they had different cache-store files and were NOT synced. I would agree that would probably be a bad thing.
I have been running all services on a single VM for almost a week now and it has not failed once. Also, I went through the logs for the past several days now and I am not seeing any of the failures I saw in past.
So, all I can figure is having some kind of strange combination of VMs and Services was the cause of the issue. Thank you so much for the support and greatly appreciate the support. Keep up the great work.
Regards, Johspa
Per your questions:
When I turn off the cache-store, same result
Yes, only one instance is running on each PC.
I just created an hour long DEBUG of the data so need to comb through it.
Regards, Johspa