IMAP "Invalid Credentials" via GMail XOAUTH

Asked 11/11, 2011 at 11:39 Answered 12/10, 2012 at 7:55

Solved zend-framework authentication gmail imap gmail-imap

I'm trying to get into the IMAP server with OAuth, using the PHP Sample Code provided by Google which uses the Zend Imap class but I am failing to authenticate. Zend is giving me the error:

Zend_Mail_Storage_Exception [ Error ]: cannot select INBOX, is this a valid transport?

Annoyingly this is a rather confusing error message, for what is essentially "Invalid Credentials". How did I know that? By debugging the actual commands being send to the IMAP socket I see this:

string(44) "NO Invalid credentials ey9if1544983wid.142
"

I have tried with telnet and a Ruby gmail_xoauth gem which suggests it is not a code issue, but something else.

Looking at the most basic level of all this, I am getting commands like this:

TAG1 AUTHENTICATE XOAUTH R0VUIGh0dHBzOi8vbWFpbC5nb29nbGUuY29tL21h......etc

This is where I get NO Invalid credentials then:

TAG2 SELECT "INBOX"

This returns BAD Unknown command and kicks me out.

I have tried searching around for people having the same problem but I find only questions and no answers. There are a few similar StackOverflow questions:

One post shows somebody having the exact same problem in Python.

This post shows somebody trying to be awkward and do it with OAuth 2, with no report of success.

There is a thread on the GMail Google Group that suggests an "Invalid Credentials" error can be resolved by going to https://accounts.google.com/DisplayUnlockCaptcha for GMail accounts and https://www.google.com/a/[YOURDOMAIN.COM]/UnlockCaptcha if you are using Google Apps, but the latter just said that my username and password were wrong when they clearly were not. Using this https://accounts.google.com/DisplayUnlockCaptcha worked fine - even though my account is a hosted App, not plain old GMail - however I still get the same errors when trying to log back in with the PHP sample code provided by Google.

I've tried with various hosted Google App accounts and a plain GMail account. I've tried switching the IMAP server from imap.gmail.com to imap.googlemail.com, nothing makes any difference.

      /**
       * Make the IMAP connection and send the auth request
       */
      $imap = new Zend_Mail_Protocol_Imap('imap.googlemail.com', '993', true);
      $authenticateParams = array('XOAUTH', $initClientRequestEncoded);
      $imap->requestAndResponse('AUTHENTICATE', $authenticateParams);

      /**
       * Print the INBOX message count and the subject of all messages
       * in the INBOX
       */
      $storage = new Zend_Mail_Storage_Imap($imap);

      echo '<h1>Total messages: ' . $storage->countMessages() . "</h1>\n";

For those with an interest, this is the specific PHP code that sets up the connection, all XOauth is handled by Google's PHP in the same file but I skipped it.

Drawee answered 11/11, 2011 at 11:39 Comment(4)

According to the Zend documentation, you should be doing $imap = new Zend_Mail_Protocol_Imap('imap.googlemail.com', '993', 'SSL'); framework.zend.com/apidoc/1.9/Zend_Mail/Protocol/… – Stereophotography 11/11, 2011 at 12:51

Thanks, I was blindly following the Google example code for that and the Zend class docblock agrees with you. Sadly changing it to "SSL" had no effect, same errors. – Drawee 11/11, 2011 at 13:22

Did you ever figure this one out? I'm stuck on the same thing. Followed the example code to the letter and got the invalid credentials error. Can't seem to find anyone having fixed it. – Excursus 9/6, 2012 at 10:18

I never solved the problem as a few weeks after posting this the project fell through - which was a pain in the ass. – Drawee 9/6, 2012 at 13:37

I had this exact same error, and eventually realised I was using the wrong scope when requesting the OAuth permissions.

You need to have...

scope=https://mail.google.com/
access_type=offline

And also IMAP enabled in your Gmail account obviously. All seems good now.

Alwitt answered 12/10, 2012 at 7:55 Comment(1)

Thanks you for updating this old question with an answer. I'd not found anyone who had actually done this successfully so its great to know its possible. Luckily the project got dropped so I didn't care anymore but useful for next time :) – Drawee 12/10, 2012 at 11:12

One problem you may have is that the third parameter of Zend_Mail_Protocol_Imap('imap.googlemail.com', '993', true); should not be true. It should be a string, as either "SSL" or "TLS". I believe you want "SSL" if going over port 993. It's only a boolean when it is FALSE.

Try replacing that first line with this:

$imap = new Zend_Mail_Protocol_Imap('imap.googlemail.com', '993', 'SSL');

Distress answered 11/11, 2011 at 18:5 Comment(1)

Hey Joel, thanks for answering but this has already been proposed in the comments above to no effect. I get the exact same error when using "SSL" over true. Any other ideas? – Drawee 13/11, 2011 at 20:1

When i had this same error message, it was because

$options['consumerSecret'] = $THREE_LEGGED_CONSUMER_SECRET_HMAC;

I was doing that in a function and variable $THREE_LEGGED... wasn't in the scope. Pretty stupid and i'm sure that you'd have spotted that but just in case somebody new is reading that.

Squalene answered 9/2, 2012 at 16:33 Comment(1)

Yeah sadly that was not the case. – Drawee 12/2, 2012 at 11:59

Recommended topics

Hot tags