Configuration wizard does not make keyring entry for refresh token.

[tower2149]

Is it one of the specification?

[tower2149]

This causes ...

Checking TOML configuration integrity for account … OK
> Would you like to reset existing keyring entries? Yes
Resetting keyring entries… Error:
   0: cannot delete oauth2 refresh token from global keyring
   1: cannot delete secret from keyring matching `-imap-oauth2-refresh-token`
   2: No matching entry found in secure storage

[soywod]

Looks like an issue with the default keyring entry name generated by the config. Meanwhile you can force a specific name (if you also configured SMTP, you can use the same keyring name), see the config.sample.toml.

[soywod]

I cannot reproduce the issue, could you share your configuration?

[tower2149]

Here is my configuration.

backend.type = "imap"
backend.host = "outlook.office365.com"
backend.port = 993
backend.encryption.type = "tls"
backend.auth.type = "oauth2"
backend.auth.method = "xoauth2"
backend.auth.client-id = "08162f7c-0fd2-4200-a84a-f25a4db0b584"
backend.auth.auth-url = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"
backend.auth.token-url = "https://login.microsoftonline.com/common/oauth2/v2.0/token"
backend.auth.pkce = true
backend.auth.redirect-scheme = "http"
backend.auth.redirect-host = "localhost"
backend.auth.redirect-port = 49152
backend.auth.scopes = ["https://outlook.office.com/IMAP.AccessAsUser.All", "https://outlook.office.com/SMTP.Send"]
backend.auth.client-secret.keyring = "imap-oauth2-client-secret"
backend.auth.access-token.keyring = "imap-oauth2-access-token"
message.send.backend.type = "smtp"
message.send.backend.host = "smtp.office365.com"
message.send.backend.port = 587
message.send.backend.encryption.type = "start-tls"
message.send.backend.auth.type = "oauth2"
message.send.backend.auth.method = "xoauth2"
message.send.backend.auth.client-id = "08162f7c-0fd2-4200-a84a-f25a4db0b584"
message.send.backend.auth.auth-url = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"
message.send.backend.auth.token-url = "https://login.microsoftonline.com/common/oauth2/v2.0/token"
message.send.backend.auth.pkce = true
message.send.backend.auth.redirect-scheme = "http"
message.send.backend.auth.redirect-host = "localhost"
message.send.backend.auth.redirect-port = 49152
message.send.backend.auth.scopes = ["https://outlook.office.com/IMAP.AccessAsUser.All", "https://outlook.office.com/SMTP.Send"]
message.send.backend.auth.client-secret.keyring = "smtp-oauth2-client-secret"
message.send.backend.auth.access-token.keyring = "smtp-oauth2-access-token"

[tower2149]

at

himalaya v1.1.0 +pgp-commands +sendmail +maildir +keyring +oauth2 +smtp +imap +wizard
build: linux gnu x86_64
git: heads/master, rev 2b25a4d1fb0216e15049a3cf5bb9e3d3d66370da

[soywod]

I still cannot reproduce your name issue. I placed your configuration under a [accounts.test] name, commented *.client-secret.keyring and *.access-token.keyring (to get default keyring names) and ran the following command:

$ cargo run --features oauth2 -- -c /tmp/test.toml account doctor test --fix

Checking TOML configuration integrity for account test… OK
> Would you like to reset existing keyring entries? Yes
Resetting keyring entries… Error: 
   0: cannot delete oauth2 access token from global keyring
   1: cannot delete secret from keyring matching `test-imap-oauth2-access-token`
   2: No matching entry found in secure storage

That said, the keyring should not return an error if it tries to delete an entry that does not exist. I opened a dedicated issue for that purpose: #543.

So I would suggest to share the same keyring names between IMAP and SMTP to avoid duplicated setups, and to force a name for the refresh token:

- backend.auth.client-secret.keyring = "imap-oauth2-client-secret"
- backend.auth.access-token.keyring = "imap-oauth2-access-token"
+ backend.auth.client-secret.keyring = "himalaya-oauth2-client-secret"
+ backend.auth.access-token.keyring = "himalaya-oauth2-access-token"
+ backend.auth.access-token.keyring = "himalaya-oauth2-refresh-token"

- message.send.backend.auth.client-secret.keyring = "smtp-oauth2-client-secret"
- message.send.backend.auth.access-token.keyring = "smtp-oauth2-access-token"
+ message.send.backend.auth.client-secret.keyring = "himalaya-oauth2-client-secret"
+ message.send.backend.auth.access-token.keyring = "himalaya-oauth2-access-token"
+ message.send.backend.auth.refresh-token.keyring = "himalaya-oauth2-access-token"

Then you should be able to configure properly with account doctor --fix (say no to reset).

Let me know if it works for you.

[tower2149]

Thank you for your help.
I may have solved my problem.

[tower2149]

Sorry, problem still exist

[soywod]

Now at least you have a correct keyring name. Did you try to not reset entries before?

[tower2149]

In both cases it should have been tried.
The keyring for the refresh token was not even created.
The system , I think , must forget to save refresh token.

[soywod]

I will give another shot with my Gmail account and let you know.

[tower2149]

I got.
I will check my environment again.
I will report when something found.