I am using Gmail api and many users are complaining that sending emails does not work. For most users it works fine and I am not able to reproduce the issue. In Firebase I get the following crash report.
Non-fatal Exception: com.google.api.client.googleapis.extensions.android.gms.auth.UserRecoverableAuthIOException
at com.google.api.client.googleapis.extensions.android.gms.auth.GoogleAccountCredential$RequestHandler.intercept(GoogleAccountCredential.java:297)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:868)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:419)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:352)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:469)
at com.dummydomain.myapp.EmailUtils.sendMessage(EmailUtils.java:397)
(...)
Caused by com.google.android.gms.auth.d: NeedPermission
at com.google.android.gms.auth.zze.zzb(zze.java:13)
at com.google.android.gms.auth.zzd.zza(zzd.java:77)
at com.google.android.gms.auth.zzd.zzb(zzd.java:20)
at com.google.android.gms.auth.zzd.getToken(zzd.java:7)
at com.google.android.gms.auth.zzd.getToken(zzd.java:5)
at com.google.android.gms.auth.zzd.getToken(zzd.java:2)
at com.google.android.gms.auth.GoogleAuthUtil.getToken(GoogleAuthUtil.java:55)
at com.google.api.client.googleapis.extensions.android.gms.auth.GoogleAccountCredential.getToken(GoogleAccountCredential.java:267)
at com.google.api.client.googleapis.extensions.android.gms.auth.GoogleAccountCredential$RequestHandler.intercept(GoogleAccountCredential.java:292)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:868)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:419)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:352)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:469)
at com.dummydomain.myapp.EmailUtils.sendMessage(EmailUtils.java:397)
(...)
Below are the essentials of my authentication process. Manifest.permission.GET_ACCOUNTS is already granted at this point, and the appropriate API things in the Google Cloud Console are correctly configured and my app is verified for using the sensitive permission/scope GMAIL_SEND.
private void authenticate() {
String[] SCOPES = {GmailScopes.GMAIL_SEND};
GoogleAccountCredential mCredential = GoogleAccountCredential.usingOAuth2(
context,
Arrays.asList(SCOPES))
.setBackOff(new ExponentialBackOff());
startActivityForResult(mCredential.newChooseAccountIntent(),REQUEST_ACCOUNT_PICKER);
}
// which returns in
public void onActivityResult(...) {
// (...)
switch(requestCode) {
case REQUEST_ACCOUNT_PICKER:
if (resultCode == Activity.RESULT_OK && data != null && data.getExtras() != null) {
String accountName = data.getStringExtra(AccountManager.KEY_ACCOUNT_NAME);
if (accountName != null) {
// Check if not a gmail account, since gmail api only works with that gmail accounts...
if(!accountName.contains("@gmail.com") && !accountName.contains("@googlemail.com")){
// --> tell user to select a google account
return;
}
mCredential.setSelectedAccount(new Account(accountName, BuildConfig.APPLICATION_ID));
// Got account, now test if we have access
new CheckAccessTask().execute();
}else{
// (...)
}
}
break;
case REQUEST_AUTHORIZATION:
if (resultCode != Activity.RESULT_OK) {
// choose new account
startActivityForResult(mCredential.newChooseAccountIntent(), REQUEST_ACCOUNT_PICKER);
}else{
// Got authorization, so test email
new CheckAccessTask().execute();
}
break;
}
}
private class CheckAccessTask extends AsyncTask<Void, Void, Boolean> {
private Exception mLastError = null;
@Override
protected Boolean doInBackground(Void... params) {
try {
// Check if we got token - will crash with UserRecoverableAuthException
// if user didn't accept the google consent screen
mCredential.getToken();
// access granted, return true
return true;
} catch (Exception e) {
mLastError = e;
cancel(true);
return false;
}
}
@Override
protected void onCancelled() {
if (mLastError != null) {
if (mLastError instanceof GooglePlayServicesAvailabilityIOException) {
// Play Services not found --> cancel activation
} else if (mLastError instanceof UserRecoverableAuthException) {
startActivityForResult(((UserRecoverableAuthException) mLastError).getIntent(), REQUEST_AUTHORIZATION);
} else if (mLastError instanceof UserRecoverableAuthIOException) {
startActivityForResult(((UserRecoverableAuthIOException) mLastError).getIntent(), REQUEST_AUTHORIZATION);
} else {
// Other error --> cancel activation
}
} else {
// --> cancel activation
}
}
@Override
protected void onPostExecute(Boolean accessGranted) {
if (accessGranted){
// SUCCESS! Save email in shared preferences for later use
String accountName = mCredential.getSelectedAccountName();
prefs.putString(Constants.SENDER_ACCOUNT, accountName);
}
}
}
Essentials of sending email process (in actual code emails are HTML)
private void sendEmail(){
GoogleAccountCredential mCredential = GoogleAccountCredential.usingOAuth2(
context,
Arrays.asList(SCOPES))
.setBackOff(new ExponentialBackOff());
// set sender account
String senderAccount = prefs.getString(Constants.SENDER_ACCOUNT, null);
if(senderAccount == null) return; // Authentication not complete
mCredential.setSelectedAccount(new Account(senderAccount, BuildConfig.APPLICATION_ID));
// Initialize service object
HttpTransport transport = AndroidHttp.newCompatibleTransport();
JsonFactory jsonFactory = JacksonFactory.getDefaultInstance();
Gmail mGmailApiService = new Gmail.Builder(
transport, jsonFactory, mCredential)
.setApplicationName("My-App")
.build();
// Construct email
com.google.api.services.gmail.model.Message message;
try {
// create MimeMessage
Properties props = new Properties();
Session session = Session.getDefaultInstance(props, null);
MimeMessage mimeMessage = new MimeMessage(session);
mimeMessage.setSubject("Test email");
mimeMessage.setText("Hello this is an email sent from android");
mimeMessage.setFrom(new InternetAddress(mCredential.getSelectedAccountName()));
mimeMessage.setRecipients(javax.mail.Message.RecipientType.TO, InternetAddress.parse(senderAccount)); // send to yourself
// Convert MimeMessage to Message
ByteArrayOutputStream bytes = new ByteArrayOutputStream();
mimeMessage.writeTo(bytes);
String encodedEmail = Base64.encodeBase64URLSafeString(bytes.toByteArray());
message = new com.google.api.services.gmail.model.Message();
message.setRaw(encodedEmail);
} catch (MessagingException | IOException e) {
e.printStackTrace();
return;
}
// Send email
try {
mGmailApiService.users().messages().send("me", message).execute(); // (EmailUtils:397)
// Success, email sent!
} catch (IOException e) {
e.printStackTrace();
// ==== THIS is where users get UserRecoverableAuthIOExceptions ==== //
}
}
With firebase logging I've found out that the crash happens both shortly after authentication as well long after. I can also see that it sometimes happens that the code sends one email successfully and then crashes on the next one right after. I also get quite a few reports of SocketTimeoutException which I believe are caused by slow/faulty internet connection though.
Thank you for your time.
EDIT: The only way I am able to reproduce the error is by manually removing my app from the list of "Third-party apps with account access". But I don't see why this should happen without user interaction.
