-
Bug
-
Resolution: Unresolved
-
Low (View bug fix roadmap)
-
None
-
8.10.0, 9.4.1, 8.20.16, 8.20.17, 9.4.2
-
None
-
8.1
-
12
-
Severity 3 - Minor
-
1
-
Issue
When the Jira application is configured with an Incoming Mail Server using the combination of parameters below, any Mail Handler associated to this Mail Server will eventually fail to access the Mailbox 1 hour after the Mail Server was configured:
- a Google Mail Server (Gmail)
- the SECURE POP protocol
- the Oauth 2.0 authorization method
Note
Even though this bug was raised for the Jira Incoming Mail Handler (configured in ⚙ > System > Incoming Mail), this bug also applies to the Jira Service Management (JSM) Mail handler (configured in JSM projects in Project Settings > Email Requests). This is because both types of Mail Handlers use the same logic to fetch/refresh Oauth 2.0 tokens
Steps to replicate
- Configure an Oauth 2.0 integration using Google as the provider as per Configure an outgoing link in ⚙ > Applications > Application Links
- Configure a Mail Server in ⚙ > System > Incoming Mail using a Gmail Server, the SECURE POP protocol and the Oauth 2.0 integration configured earlier as the authentication method
- Authorize the mail box
- Test the connection
- Save the Mail Server
- Configure a Mail Handler in ⚙ > System > Incoming Mail and associated it to the Mail Server configured earlier
- Verify that new incoming mails are converted into new Jira tickets (or new comments)
- Wait for 1h
Expected results
1 hour later, the Mail Handler should still work and convert new emails into new Jira tickets (or new comments).
Actual results
After 1 hour, the Jira Mail Handler will eventually fail to connect to the Google Mail Server and fetch new emails.
The following error will is found in the file atlassian-jira-incoming-mail.log:
2023-01-12 08:40:00,261+0000 ERROR [GMAIL Server] Caesium-1-3 anonymous GMAIL Mail Handler GMAIL Mail Handler[10100]: Messaging Exception in service 'com.atlassian.jira.service.services.mail.MailFetcherService$MessageProviderImpl' when getting mail: Open failed
javax.mail.MessagingException: Open failed;
nested exception is:
java.io.IOException: STAT command failed: [AUTH] Invalid credentials.
at com.sun.mail.pop3.POP3Folder.open(POP3Folder.java:220) [jakarta.mail-1.6.5-atlassian-2.jar:1.6.5-atlassian-2]
at com.atlassian.jira.service.services.mail.MailFetcherService$MessageProviderImpl.getAndProcessMail(MailFetcherService.java:160) [jira-api-8.20.15.jar:?]
at com.atlassian.jira.service.services.mail.MailFetcherService.processMessages(MailFetcherService.java:388) [jira-api-8.20.15.jar:?]
If the debugging package com.atlassian.mail.auth is enabled with the DEBUG level, the following error will be found in the file atlassian-jira-incoming-mail.log:
2023-01-12 08:40:00,126+0000 DEBUG [GMAIL Server] Caesium-1-3 anonymous GMAIL Mail Handler DEBUG POP3: AUTH XOAUTH2 using one line authentication format 2023-01-12 08:40:00,227+0000 DEBUG [GMAIL Server] Caesium-1-3 anonymous GMAIL Mail Handler DEBUG POP3: AUTH XOAUTH2 failed, THROW: 2023-01-12 08:40:00,227+0000 DEBUG [GMAIL Server] Caesium-1-3 anonymous GMAIL Mail Handler java.io.EOFException: OAUTH2 authentication failed: {"status":"400","schemes":"Bearer","scope":"https://mail.google.com/"} 2023-01-12 08:40:00,228+0000 DEBUG [GMAIL Server] Caesium-1-3 anonymous GMAIL Mail Handler at com.sun.mail.pop3.Protocol$OAuth2Authenticator.doAuth(Protocol.java:731) 2023-01-12 08:40:00,228+0000 DEBUG [GMAIL Server] Caesium-1-3 anonymous GMAIL Mail Handler at com.sun.mail.pop3.Protocol$Authenticator.authenticate(Protocol.java:486) 2023-01-12 08:40:00,228+0000 DEBUG [GMAIL Server] Caesium-1-3 anonymous GMAIL Mail Handler at com.sun.mail.pop3.Protocol.authenticate(Protocol.java:304) 2023-01-12 08:40:00,228+0000 DEBUG [GMAIL Server] Caesium-1-3 anonymous GMAIL Mail Handler at com.sun.mail.pop3.POP3Store.authenticate(POP3Store.java:432)
Workaround
The workaround consists in using the SECURE IMAP protocol instead of the SECURE POP protocol, since the bug does not occur when using such protocol.
Please note that the integration GMAIL + SECURE IMAP + Oauth 2.0 is impacted by a different bug tracked in JRASERVER-74666. Because of that bug, even though the connection will no longer after 1h when switching to IMAP, it will fail after 30 days. Please refer to the workaround section of that bug to prevent this issue from happening after 30 days.
- is related to
-
JRASERVER-74666 Jira and JSM Mail Handlers fail to connect to Google Mail Servers with IMAP 30 days after they were configured with Oauth 2.0
-
- Closed
-
- relates to
-
BOAR-772 You do not have permission to view this issue