Adium

Opened 4 years ago

Last modified 3 years ago

#15310 new defect

Can’t log in to gtalk with an application specific password (2-factor authentication)

Reported by: robin_reala Owned by:
Milestone: Component: Service/Google Talk
Version: 1.4.3b1 Severity: normal
Keywords: Cc:
Patch Status:

Description

Summary

I made a new Google account and set it to 2-factor authentication. I then generated an application specific password for Adium to use.

Steps to reproduce

  1. Make a new Google account
  2. Set it up with 2-factor authentication
  3. Generate an application specific password from the Account Settings page
  4. Make a new GTalk account in Adium and try to use that password to log in.

Expected results

Adium logs in to GTalk as per usual.

Actual results

Fails to log in.

Regression

Haven’t tried to work backwards to see if this has previously not been a problem.

Notes

It’s entirely possible (and maybe even likely) that this is a GTalk problem rather than an Adium problem, but I thought try here first to eliminate one potential source.

Attachments (1)

2-factor_gtalk_login_attemp.txt.zip (2.7 KB) - added by robin_reala 4 years ago.
Zipped log of a login attempt

Download all attachments as: .zip

Change History (11)

Changed 4 years ago by robin_reala

Zipped log of a login attempt

comment:1 Changed 4 years ago by robin_reala

14:30:29: -[AIAccount(Abstract) retrievePasswordThenConnect]: Retrieving <AIPurpleGTalkAccount:396a960 15>:robin@reala.net's password (promptOption 2)
14:30:29: adiumPurpleCoreDebugInit: 
14:30:30: (Libpurple: util) Reading file xmpp-caps.xml from directory /Users/robin/Library/Application Support/Adium 2.0/Users/Default/libpurple
14:30:30: (Libpurple: jabber) creating hash tables for data objects
14:30:30: (Libpurple: prefs) /purple/status/scores/offline changed, scheduling save.
14:30:30: (Libpurple: prefs) /purple/status/scores/available changed, scheduling save.
14:30:30: (Libpurple: prefs) /purple/status/scores/invisible changed, scheduling save.
14:30:30: (Libpurple: prefs) /purple/status/scores/away changed, scheduling save.
14:30:30: (Libpurple: prefs) /purple/status/scores/extended_away changed, scheduling save.
14:30:30: (Libpurple: prefs) /purple/status/scores/idle changed, scheduling save.
14:30:30: (Libpurple: prefs) /purple/status/scores/offline_msg changed, scheduling save.
14:30:30: (Libpurple: util) Reading file accounts.xml from directory /Users/robin/Library/Application Support/Adium 2.0/Users/Default/libpurple
14:30:30: (Libpurple: util) Reading file status.xml from directory /Users/robin/Library/Application Support/Adium 2.0/Users/Default/libpurple
14:30:30: (Libpurple: util) File /Users/robin/Library/Application Support/Adium 2.0/Users/Default/libpurple/status.xml does not exist (this is not necessarily an error)
14:30:30: (Libpurple: certificate) CertificateVerifier x509, singleuse requested but not found.
14:30:30: (Libpurple: certificate) CertificateVerifier singleuse registered
14:30:30: (Libpurple: certificate) CertificatePool x509, ca requested but not found.
14:30:30: (Libpurple: certificate) CertificateScheme x509 requested but not found.
14:30:30: (Libpurple: certificate/x509/ca) Lazy init failed because an X.509 Scheme is not yet registered. Maybe it will be better later.
14:30:30: (Libpurple: certificate/x509/ca) Init failed, probably because a dependency is not yet registered. It has been deferred to later.
14:30:30: (Libpurple: certificate) CertificatePool ca registered
14:30:30: (Libpurple: certificate) CertificatePool x509, tls_peers requested but not found.
14:30:30: (Libpurple: certificate) CertificatePool tls_peers registered
14:30:30: (Libpurple: certificate) CertificateVerifier x509, tls_cached requested but not found.
14:30:30: (Libpurple: certificate) CertificateVerifier tls_cached registered
14:30:30: (Libpurple: prefs) /purple/logging/format changed, scheduling save.
14:30:30: (Libpurple: prefs) /purple/logging/format changed, scheduling save.
14:30:30: (Libpurple: prefs) /purple/proxy/type changed, scheduling save.
14:30:30: (Libpurple: prefs) /purple/proxy/host changed, scheduling save.
14:30:30: (Libpurple: prefs) /purple/proxy/port changed, scheduling save.
14:30:30: (Libpurple: prefs) /purple/proxy/username changed, scheduling save.
14:30:30: (Libpurple: prefs) /purple/proxy/password changed, scheduling save.
14:30:30: (Libpurple: sslconn) Unable to initialize SSL.
14:30:30: (Libpurple: util) Reading file smileys.xml from directory /Users/robin/Library/Application Support/Adium 2.0/Users/Default/libpurple
14:30:30: (Libpurple: util) File /Users/robin/Library/Application Support/Adium 2.0/Users/Default/libpurple/smileys.xml does not exist (this is not necessarily an error)
14:30:30: (Libpurple: stun) using server 
14:30:30: (Libpurple: nat-pmp) Found a default gateway
14:30:30: (Libpurple: nat-pmp) Attempting to retrieve the public ip address for the NAT device at: 192.168.1.254
14:30:30: (Libpurple: nat-pmp) 	Timeout: 0s 250000us
14:30:30: (Libpurple: nat-pmp) Response was not received from our gateway! Instead from: 19.9.148.0
14:30:30: Setting en as LC_ALL
14:30:30: adiumPurpleCore: load_all_plugins()
14:30:30: adiumPurpleCoreUiInit
14:30:30: adiumPurpleCore: purple_blist_load()...
14:30:30: (Libpurple: util) Reading file blist.xml from directory /Users/robin/Library/Application Support/Adium 2.0/Users/Default/libpurple
14:30:30: Created PurpleAccount 0x14ab6d60 with UID robin@reala.net and protocolPlugin prpl-jabber
14:30:30: Created PurpleAccount 0x14ab6d60 with UID robin@reala.net, protocolPlugin prpl-jabber
14:30:30: Original image of size 100.000000 100.000000
14:30:30: <AIPurpleGTalkAccount:396a960 15>:robin@reala.net: Scaled image to size {96, 96}
14:30:30: -[CBPurpleAccount setAccountUserImage:withData:]: <AIPurpleGTalkAccount:396a960 15>:robin@reala.net setting icon data of length 25005
14:30:30: (Libpurple: util) Writing file /Users/robin/Library/Caches/Adium/Default/877948923d1c94e6dbf804562567814d47e5bfb0.png
14:30:30: <AIPurpleGTalkAccount:396a960 15>:robin@reala.net: Updating status for key: User Icon
14:30:30: Adium: Connect: robin@reala.net initiating connection using status state <AIStatus: 18e1e2c0 [Available]> ((null)).
14:30:30: Setting status on 14ab6d60 (robin@reala.net/Adium): ID available, isActive 1, attributes {
    buzz = 1;
    priority = 0;
}
14:30:30: (Libpurple: account) Connecting to account robin@reala.net/Adium.
14:30:30: (Libpurple: connection) Connecting. gc = 0x14abbb00
14:30:30: Connecting: gc=0x14abbb00 (Connecting) 1 / 5
14:30:30: (Libpurple: dns) DNS query for 'talk.google.com' queued
14:30:30: Called write with no write_tag <SourceInfo 0x14a92b50: Socket 0x14a92370: fd 10; timer_tag 0; read_tag 4; write_tag 0>
14:30:30: ************ robin@reala.net --step-- 1
14:30:30: -[AdiumPurpleDnsRequest startLookup]: Performing DNS resolve: talk.google.com:5222
14:30:30: DNS resolve complete for talk.google.com:5222; 1 addresses returned
14:30:30: (Libpurple: dnsquery) IP resolved for talk.google.com
14:30:30: (Libpurple: proxy) Attempting connection to 209.85.227.125
14:30:30: (Libpurple: proxy) Connecting to talk.google.com:5222 with no proxy
14:30:30: (Libpurple: proxy) Connection in progress
14:30:30: (Libpurple: proxy) Connecting to talk.google.com:5222.
14:30:30: (Libpurple: proxy) Connected to talk.google.com:5222.
14:30:30: (Libpurple: jabber) Sending (robin@reala.net/Adium): <?xml version='1.0' ?>
14:30:30: Connecting: gc=0x14abbb00 (Initializing Stream) 2 / 5
14:30:30: (Libpurple: jabber) Sending (robin@reala.net/Adium): <stream:stream to='reala.net' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
14:30:30: ************ robin@reala.net --step-- 2
14:30:30: (Libpurple: jabber) Recv (379): <stream:stream from="reala.net" id="017F4926CCBB611A" version="1.0" xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client"><stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required/></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>X-GOOGLE-TOKEN</mechanism><mechanism>X-OAUTH2</mechanism></mechanisms></stream:features>
14:30:30: (Libpurple: jabber) Sending (robin@reala.net/Adium): <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
14:30:30: Connecting: gc=0x14abbb00 (Initializing SSL/TLS) 6 / 9
14:30:30: ************ robin@reala.net --step-- 6
14:30:30: (Libpurple: jabber) Recv (50): <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
14:30:30: (Libpurple: cdsa) Connecting
14:30:30: Called write with no write_tag <SourceInfo 0x14a878b0: Socket 0x1970e190: fd 15; timer_tag 0; read_tag 11; write_tag 0>
14:30:30: (Libpurple: cdsa) Connecting
14:30:30: (Libpurple: cdsa) Connecting
14:30:30: (Libpurple: cdsa) SSL_connect: verifying certificate
14:30:30: (Libpurple: cdsa) SSL_connect complete
14:30:30: Connecting: gc=0x14abbb00 (Initializing Stream) 5 / 9
14:30:30: (Libpurple: jabber) Sending (ssl) (robin@reala.net/Adium): <stream:stream to='reala.net' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
14:30:30: Connecting: gc=0x14abbb00 (Initializing SSL/TLS) 6 / 9
14:30:30: Called write with no write_tag <SourceInfo 0x19717300: Socket 0x14aceec0: fd 15; timer_tag 0; read_tag 12; write_tag 0>
14:30:30: ************ robin@reala.net --step-- 5
14:30:30: ************ robin@reala.net --step-- 6
14:30:30: (Libpurple: jabber) Recv (ssl)(138): <stream:stream from="reala.net" id="4895F7C154795E2C" version="1.0" xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client">
14:30:30: (Libpurple: jabber) Recv (ssl)(197): <stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>X-GOOGLE-TOKEN</mechanism><mechanism>X-OAUTH2</mechanism></mechanisms></stream:features>
14:30:30: Connecting: gc=0x14abbb00 (Authenticating) 7 / 9
14:30:30: (Libpurple: sasl) Mechs found: PLAIN X-GOOGLE-TOKEN X-OAUTH2
14:30:30: (Libpurple: jabber) Sending (ssl) (robin@reala.net/Adium): <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN' xmlns:ga='http://www.google.com/talk/protocol/auth' ga:client-uses-full-bind-result='true'>password removed</auth>
14:30:30: ************ robin@reala.net --step-- 7
14:30:30: (Libpurple: jabber) Recv (ssl)(126): <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/><auth:missing-username xmlns:auth="google:auth"/></failure>
14:30:30: (Libpurple: sasl) Mechs found: X-GOOGLE-TOKEN X-OAUTH2
14:30:30: (Libpurple: sasl) No worthy mechs found
14:30:30: (Libpurple: connection) Connection error on 0x14abbb00 (reason: 2 description: Not Authorized)
14:30:30: Connection Disconnected: gc=14abbb00 (Not Authorized)
14:30:30: -[AIAccount(Abstract) serverReportedInvalidPassword]: <AIPurpleGTalkAccount:396a960 15>:robin@reala.net
14:30:30: <AIPurpleGTalkAccount:396a960 15>:robin@reala.net accountConnectionReportDisconnect: Not Authorized
14:30:30: (Libpurple: jabber) Recv (ssl)(16): </stream:stream>
14:30:30: (Libpurple: account) Disconnecting account robin@reala.net/Adium (0x14ab6d60)
14:30:30: (Libpurple: connection) Disconnecting connection 0x14abbb00
14:30:30: (Libpurple: jabber) Sending (ssl) (robin@reala.net/Adium): </stream:stream>
14:30:30: Disconnected: gc=14abbb00
14:30:30: <AIPurpleGTalkAccount:396a960 15>:robin@reala.net: Telling the core we disconnected
14:30:30: -[AIContactObserverManager endListObjectNotificationsDelaysImmediately]: 
14:30:31: -[AIAccount(Abstract) serverReportedInvalidPassword]: <AIPurpleGTalkAccount:396a960 15>:robin@reala.net
14:30:31: <AIPurpleGTalkAccount:396a960 15>:robin@reala.net: Disconnected ("Not Authorized"): Automatically reconnecting immediately
14:30:31: -[AIAccount(Abstract) retrievePasswordThenConnect]: Retrieving <AIPurpleGTalkAccount:396a960 15>:robin@reala.net's password (promptOption 1)
14:30:31: <AIPurpleGTalkAccount:396a960 15>:robin@reala.net: Updating status for key: Online
14:30:31: (Libpurple: connection) Destroying connection 0x14abbb00
14:30:31: Called write with no write_tag <SourceInfo 0x39e1580: Socket 0x39e6240: fd 10; timer_tag 0; read_tag 16; write_tag 0>
14:30:35: (Libpurple: util) Writing file prefs.xml to directory /Users/robin/Library/Application Support/Adium 2.0/Users/Default/libpurple
14:30:35: (Libpurple: util) Writing file /Users/robin/Library/Application Support/Adium 2.0/Users/Default/libpurple/prefs.xml
14:30:35: (Libpurple: util) Writing file accounts.xml to directory /Users/robin/Library/Application Support/Adium 2.0/Users/Default/libpurple
14:30:35: (Libpurple: util) Writing file /Users/robin/Library/Application Support/Adium 2.0/Users/Default/libpurple/accounts.xml
14:30:35: (Libpurple: util) Writing file blist.xml to directory /Users/robin/Library/Application Support/Adium 2.0/Users/Default/libpurple
14:30:35: (Libpurple: util) Writing file /Users/robin/Library/Application Support/Adium 2.0/Users/Default/libpurple/blist.xml

comment:2 Changed 3 years ago by robin_reala

A comment on Superuser suggested that this might be a similar problem?

http://help.trillian.im/discussions/web-questions/25-google-talk-login-widget-not-accepting-my-new-passwords

I tried the suggestions there and they don’t seem to work, but it might be a point to attack the problem?

comment:3 Changed 3 years ago by sphynx

  • Type changed from defect to enhancement

2-factor authentication would need to be implemented in Adium first (possibly similar to Facebook's OAuth login).

On the other hand, from what I've heard, an application-specific password for Adium should work.

comment:4 Changed 3 years ago by robin_reala

This problem is specifically to do with application-specific passwords. It’s a bug either at Adium or Google’s end, not an enhancement. (or alternatively, not a bug but I’m missing some step as suggested in the Trillian forum link)

comment:5 Changed 3 years ago by sphynx

  • Summary changed from Can’t log in to gtalk with a 2-factor authenticated Google account to Can’t log in to gtalk with an application specific password (2-factor authentication)
  • Type changed from enhancement to defect

You're right, something else is going on here.

comment:6 Changed 3 years ago by sphynx

I noticed your email doesn't end in @gmail.com. Do you have a Google Apps account, or a Google account without GMail?

comment:7 Changed 3 years ago by robin_reala

It’s a standard Google account without gmail set up. I’ve got Google Plus associated with it, and I can use Google Talk through the widget built into that. Same on the iGoogle portal - the Google Talk widget works fine through that.

comment:8 Changed 3 years ago by sphynx

Ah, I'm afraid that setup is not supported by Adium:

https://support.google.com/chat/bin/answer.py?hl=en&answer=159495:

Note: A Gmail account is required to use Google Talk or other download clients.

comment:9 Changed 3 years ago by robin_reala

Oh, that sucks. Worked before I went to 2-factor auth, but I’m loathe to turn that off now so I guess I’ll just have to create a gmail account. Thanks anyway!

comment:10 Changed 3 years ago by robin_reala

Feel free to close this off as invalid.

Note: See TracTickets for help on using tickets.