I'm using macOS High Sierra on a MacBoook Pro.

In System Preferences/Internet Accounts, clicking on 'Google' results in

===

Authorisation Error
Error 400: invalid_request

You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy for keeping apps secure.

You can let the app developer know that this app doesn't comply with one or more Google validation rules.
Learn more
Request Details
The content in this section has been provided by the app developer. This content has not been reviewed or verified by Google.
If you’re the app developer, make sure that these request details comply with Google policies.
redirect_uri: urn:ietf:wg:oauth:2.0:oob

===

This is an exhibition of a problem I started having intermittently when the Mail app (re-)connects to my Gmail accounts; this in the past required me to enter my Google account password via the Prefs/Accounts screen which was a bit tiresome but did work.
Now the Authorisation Error exemplified above has become hard and I can't use the Mail app with Gmail.

I don 't seem to be getting any problems (tempting fate, here) on IOS devices or on another MacBook.

I've got very rusty over the past few years, and nothing I have tried has worked.

Any ideas please

Kit.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Kit Powell <kit.powell@gmail.com> wrote:

I'm using macOS High Sierra on a MacBoook Pro.

In System Preferences/Internet Accounts, clicking on 'Google' results in

===

Authorisation Error
Error 400: invalid_request

You can't sign in to this app because it doesn't comply with Google's
OAuth 2.0 policy for keeping apps secure.

You can let the app developer know that this app doesn't comply with one
or more Google validation rules.
Learn more
Request Details
The content in this section has been provided by the app developer. This content has not been reviewed or verified by Google. If you’re the app developer, make sure that these request details comply with Google
policies.
redirect_uri: urn:ietf:wg:oauth:2.0:oob

Taking a wild guess suggests that High Sierra doesn't support Google's
current version of OAuth, which is a way you sign into Google using a web
page and allow Mail access to your account. Google changed things in May
2022 and maybe High Sierra doesn't work any more.

One workaround is to use an 'app password', which generates a fresh password for each app that wants to connect to Google. You can set an app password using these instructions (among others): https://www.getmailbird.com/gmail-app-password/
Note that to enable app passwords you also need to have two factor authentication on your Google account, so you may have to enable that too.

If you do this, you may have to configure Mail via 'add other mail account' rather than the Google option, and configure IMAP and SMTP manually. Some instructions here:
https://tnng.co.za/how-to-set-up-email-in-apple-mail/

Before doing that you need to enable IMAP in the Gmail control panel,
details here: https://support.google.com/mail/answer/7126229?hl=en-GB#zippy=%2Cstep-change-smtp-other-settings-in-your-email-client
and Step 2 there has the IMAP and SMTP settings you need to use to configure Mail (not the ones in the guide above for tnng.co.za).

Theo

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 22 Feb 2023 at 19:53:16 GMT, "Theo" <theom+news@chiark.greenend.org.uk> wrote:

One workaround is to use an 'app password', which generates a fresh password for each app that wants to connect to Google. You can set an app password using these instructions (among others): https://www.getmailbird.com/gmail-app-password/
Note that to enable app passwords you also need to have two factor authentication on your Google account, so you may have to enable that too.

This is how I did it, since I decided that I couldn't be bothered to implement OAuth2 in my email client. Enable 2FA in Goodgle, get an app-specific
password, and use that in the client as password. Works like a charm.

--
Tim

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wednesday, 22 February 2023 at 21:06:28 UTC, TimS wrote:

On 22 Feb 2023 at 19:53:16 GMT, "Theo" <theom...@chiark.greenend.org.uk> wrote:

One workaround is to use an 'app password', which generates a fresh password
for each app that wants to connect to Google. You can set an app password using these instructions (among others): https://www.getmailbird.com/gmail-app-password/
Note that to enable app passwords you also need to have two factor authentication on your Google account, so you may have to enable that too.

This is how I did it, since I decided that I couldn't be bothered to implement
OAuth2 in my email client. Enable 2FA in Goodgle, get an app-specific password, and use that in the client as password. Works like a charm.

--
Tim

Thanks to Theo and Tim for the suggestions.

TFA was on already.

I followed suggestions and generated app passwords the apps for all the Google services I am using, mail, calendar, and notes, deleted the accounts by unchecking them in their System Preferences panes then added them again. They are working.

At no point was I asked for an app password.

But if I try to add an account for any of the apps above it goes to the System Preferences/Internet Accounts screen and then behaves as in my original message -- it seems to be a problem between System Preferences app and Google authorisation.

In fact, if I just start System Preferences/Internet Accounts and click on Google in the list of possible service providers -- iCloud, Exchange, Twitter etc -- it fails with the above authorisation error, and no app has been involved.

Kit

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 22 Feb 2023 at 22:11:57 GMT, "Kit Powell" <kit.powell@gmail.com> wrote:

On Wednesday, 22 February 2023 at 21:06:28 UTC, TimS wrote:

On 22 Feb 2023 at 19:53:16 GMT, "Theo" <theom...@chiark.greenend.org.uk>
wrote:

One workaround is to use an 'app password', which generates a fresh password
for each app that wants to connect to Google. You can set an app password >>> using these instructions (among others):
https://www.getmailbird.com/gmail-app-password/
Note that to enable app passwords you also need to have two factor
authentication on your Google account, so you may have to enable that too. >> This is how I did it, since I decided that I couldn't be bothered to implement

OAuth2 in my email client. Enable 2FA in Goodgle, get an app-specific
password, and use that in the client as password. Works like a charm.

Thanks to Theo and Tim for the suggestions.

TFA was on already.

I followed suggestions and generated app passwords the apps for all the Google
services I am using, mail, calendar, and notes, deleted the accounts by unchecking them in their System Preferences panes then added them again. They are working.

At no point was I asked for an app password.

But if I try to add an account for any of the apps above it goes to the System
Preferences/Internet Accounts screen and then behaves as in my original message -- it seems to be a problem between System Preferences app and Google authorisation.

In fact, if I just start System Preferences/Internet Accounts and click on Google in the list of possible service providers -- iCloud, Exchange, Twitter etc -- it fails with the above authorisation error, and no app has been involved.

Here's more detail that I was planning on sending to users of my email client, but I never got a round tuit.

Your email client and gmail
===========================

If you use an email client to pick up mail from your gmail account, then you may wish to read on. If the client is what Google terms a "less secure app"
for accessing gmail, and indeed if you do download your gmail from Google
using it, then you must already have logged onto your gmail account and
enabled "allow less secure apps". You will also have received warnings from Google that as of 30th May 2022 this will no longer be allowed.

So, what to do? Google would like me to implement something called OAUTH2 in
my email client, but I haven't felt inclined to do so. But what I have found
is that one can continue with the existing setup by using something called an app-specific password. I'm doing this and it seems to work. Here's how.

Firstly, you'll need to logon to your gmail account, and under "Manage account", choose "Security". Then, choose to enable Two-step-verification, or 2SV as they call it (also known as 2FA, or "two factor authentication"). This will take you through a sequence where you signup your smart phone to receive
a code to enter, in addition to your password, at your sign in to Google from
a device you've not signed in from previously.

Having done this, return to your Security page, and in the part on "Signing in to Google", you'll see the section about "App Passwords". Expand that section next. Where you see "Select device" in that section, choose your device type. Then, where it says "Select App", choose "Other" and enter the name of your client. Now you can click "Generate". This will put up a pane with a password in large type that you need to copy (with ctrl/cmd-c or similar) to the clipboard.

Now switch to your email client and open the Preferences. Choose your gmail account, highlight the password field, and paste (with ctrl/cmd-v or similar) the password you copied above into the password field. Then click Save.

That's it. If you click to download mail it should confirm that you can still download from gmail.



--
Tim

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Kit Powell <kit.powell@gmail.com> wrote:

But if I try to add an account for any of the apps above it goes to the System Preferences/Internet Accounts screen and then behaves as in my original message -- it seems to be a problem between System Preferences
app and Google authorisation.

The key here is you aren't adding a Google account to your Mac, you're
adding an 'other provider' type of account. One which just happens to name Google's IMAP/SMTP servers as the place to contact. The Google account
support in High Sierra evidently doesn't work any more, but the 'other' support, being standards-based, should still work.

Google in the list of possible service providers -- iCloud, Exchange,
Twitter etc -- it fails with the above authorisation error, and no app has been involved.

'app' is a red herring here. Google call them 'app passwords' but really they're just secondary passwords that allow access to a certain subset of features (your mail, but not your Google Pay), and which you can revoke at a later date without changing your primary password. You need to configure
the settings for your 'other provider' account using these passwords.

Theo

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thursday, 23 February 2023 at 11:54:16 UTC, Theo wrote:

Kit Powell <kit.p...@gmail.com> wrote:

But if I try to add an account for any of the apps above it goes to the System Preferences/Internet Accounts screen and then behaves as in my original message -- it seems to be a problem between System Preferences
app and Google authorisation.

The key here is you aren't adding a Google account to your Mac, you're
adding an 'other provider' type of account. One which just happens to name Google's IMAP/SMTP servers as the place to contact. The Google account support in High Sierra evidently doesn't work any more, but the 'other' support, being standards-based, should still work.

Google in the list of possible service providers -- iCloud, Exchange, Twitter etc -- it fails with the above authorisation error, and no app has been involved.

'app' is a red herring here. Google call them 'app passwords' but really they're just secondary passwords that allow access to a certain subset of features (your mail, but not your Google Pay), and which you can revoke at a later date without changing your primary password. You need to configure
the settings for your 'other provider' account using these passwords.

Theo

Thank you both so much for your help -- that worked a treat.

I think I shall from now on not talk about being between a rock and a hard place but between Apple and Google.

Kit

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thursday, 23 February 2023 at 16:07:17 UTC, Kit Powell wrote:

On Thursday, 23 February 2023 at 11:54:16 UTC, Theo wrote:

Kit Powell <kit.p...@gmail.com> wrote:

But if I try to add an account for any of the apps above it goes to the System Preferences/Internet Accounts screen and then behaves as in my original message -- it seems to be a problem between System Preferences app and Google authorisation.

The key here is you aren't adding a Google account to your Mac, you're adding an 'other provider' type of account. One which just happens to name Google's IMAP/SMTP servers as the place to contact. The Google account support in High Sierra evidently doesn't work any more, but the 'other' support, being standards-based, should still work.

Google in the list of possible service providers -- iCloud, Exchange, Twitter etc -- it fails with the above authorisation error, and no app has
been involved.

'app' is a red herring here. Google call them 'app passwords' but really they're just secondary passwords that allow access to a certain subset of features (your mail, but not your Google Pay), and which you can revoke at a
later date without changing your primary password. You need to configure the settings for your 'other provider' account using these passwords.

Theo

Thank you both so much for your help -- that worked a treat.

I think I shall from now on not talk about being between a rock and a hard place but between Apple and Google.

Kit

Not getting any joy with calendars, though. From Calendar I try to add an account, selecting Other CalDAV Account, then picking Manual. Put my Gmail ID, the app password generated from the Google Accounts page, and the secret server address found in my
Google Calendar settings. 'Unable to verify account name or password', it says. I've tried the public server address, and putting in the Google Calendar CalDAV address, too. Nix.

Notes are OK, though.

Kit

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Kit Powell <kit.powell@gmail.com> wrote:

Not getting any joy with calendars, though. From Calendar I try to add an account, selecting Other CalDAV Account, then picking Manual. Put my
Gmail ID, the app password generated from the Google Accounts page, and
the secret server address found in my Google Calendar settings. 'Unable
to verify account name or password', it says. I've tried the public
server address, and putting in the Google Calendar CalDAV address, too.
Nix.

I had a bit of trouble setting up a Google Calendar via CalDAV in iOS
(Settings -> Calendar -> Accounts -> Add Account -> Add subscribed calendar) but it did work in the end. My 'server' setting looks like:

calendar.google.com/calendar/ical/me%40example.com/private-[long_hex_string]/basic.ics

where me@example.com is the address on the Google account. This URL came
from somewhere in my Google calendar settings. There is no username or password - I think the long hex string is effectively the password.

Theo

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thursday, 23 February 2023 at 20:57:45 UTC, Theo wrote:

Kit Powell <kit.p...@gmail.com> wrote:

Not getting any joy with calendars, though. From Calendar I try to add an account, selecting Other CalDAV Account, then picking Manual. Put my
Gmail ID, the app password generated from the Google Accounts page, and the secret server address found in my Google Calendar settings. 'Unable
to verify account name or password', it says. I've tried the public
server address, and putting in the Google Calendar CalDAV address, too. Nix.

I had a bit of trouble setting up a Google Calendar via CalDAV in iOS (Settings -> Calendar -> Accounts -> Add Account -> Add subscribed calendar) but it did work in the end. My 'server' setting looks like:

calendar.google.com/calendar/ical/me%40example.com/private-[long_hex_string]/basic.ics

where m...@example.com is the address on the Google account. This URL came from somewhere in my Google calendar settings. There is no username or password - I think the long hex string is effectively the password.

Theo

The version of Calendar I have, Version 10.0 (2195.4.3), doesn't offer the Add subscribed calendar option. It gives a choice of possible providers -- iCloud, Exchange, Google, Facebook, Yahoo, AOL, Other CalDAV Account. Selecting Google just gives the
same Authorisation error.

Selecting Other CalDAV Account gives a choice of Automatic, Manual and Advanced. Automatic just asks for email address and password and results in Unable to verify account name or password. Manual asks for username and password (as above) and Server
Address, for which I inserted the address given in the Google Calendar settings Integrate Calendar option, of the same form as your example (calendar.google.com/calendar/ical/...). This fails with either of the app password or my real Google account
password.

Stumped.

Kit

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Kit Powell <kit.powell@gmail.com> wrote:

Selecting Other CalDAV Account gives a choice of Automatic, Manual and Advanced. Automatic just asks for email address and password and results
in Unable to verify account name or password. Manual asks for username
and password (as above) and Server Address, for which I inserted the
address given in the Google Calendar settings Integrate Calendar option,
of the same form as your example (calendar.google.com/calendar/ical/...). This fails with either of the app password or my real Google account password.

Stumped.

What happens if you just use the server address with empty username and password? That works for me on iOS.

(although mine's a Google-for-work account that has no Gmail, if that makes
a difference - it uses other credentials for login so there's no Google
account password, and it doesn't have any app passwords)

Theo

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Friday, 24 February 2023 at 10:53:58 UTC, Theo wrote:

Kit Powell <kit.p...@gmail.com> wrote:

Selecting Other CalDAV Account gives a choice of Automatic, Manual and Advanced. Automatic just asks for email address and password and results
in Unable to verify account name or password. Manual asks for username
and password (as above) and Server Address, for which I inserted the address given in the Google Calendar settings Integrate Calendar option,
of the same form as your example (calendar.google.com/calendar/ical/...). This fails with either of the app password or my real Google account password.

Stumped.

What happens if you just use the server address with empty username and password? That works for me on iOS.

(although mine's a Google-for-work account that has no Gmail, if that makes
a difference - it uses other credentials for login so there's no Google account password, and it doesn't have any app passwords)

Theo

It won't allow an address to be entered without the User Name and Password fields being completed.

I think we're kicking a dead whale down the beach here Theo. Anyway the IOS versions of calendar still work with Google Calendar, and web access works too, so the Calendar app on the MacBook is not essential.

Many thanks for your help,

Kit.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

I also face this error on my web page https://informenu.com/fire-kirin/.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)