Support

Admin Tools

#41833 Google authentication (AcyMailing) gets blocked

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
5.2.6
PHP version
8.3.19
Admin Tools version
Admin Tools Pro

Latest post by jjst135 on Monday, 14 April 2025 04:50 CDT

Sunday, 13 April 2025 11:30 CDT

jjst135

Hi!

On one of our (test) sites I am trying to set up email sending from AcyMailing using Google oAuth. At the last step of the authentication this URL is used to get back to AcyMailing to verify the connection:

https://[DOMAIN}/administrator/?state=acymailingsmtp&code=4/0Ab_5qlnQp8ZfWoVi09n0dREsBzW96Sb7li9-kG7HZVsNFd26pcjkW14gUZ_LScvrs4uuSw&scope=https://mail.google.com/

The page shows: 
Forbidden - You don't have permission to access this resource.

I think Admin Tools is blocking this URL? because of the 'scope' parameter in the URL? How can I prevent that to get this authentication done?

Kind regards,
Jip Jonker

 

 

 

 

 

Edited by jjst135 on 2025-04-13 11:34 CDT

Monday, 14 April 2025 01:39 CDT

nicholas

It is the scope indeed. Go to .htaccess Maker and set “Protect against common file injection attacks” to No. Then save and create .htaccess.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 14 April 2025 04:39 CDT

jjst135

Hi! This worked for me. Thanks! When setting this (acymailing OAuth) up I just need to remember to disable this feature and possibly turn it back on after (when that does not interfere with the sending / authentication. 

Is there a way AcyMailing can somehow change the URL so it won't be blocked by the 'Protect against common file injection attacks' settings? I will be happy to relay that to them.

Kind regards,
Jip

Monday, 14 April 2025 04:48 CDT

nicholas

No, they cannot change that. It's actually Google's fault. On one hand their security team will tell you how bad it is to have URL parameters that look like a URL. On the other hand, their API team will use scope identifiers that look like URLs and which need to go into URL parameters. If it doesn't make sense but it works, it's Google. Do not confuse it with if it doesn't make sense and it doesn't work, because then it's Microsoft.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 14 April 2025 04:50 CDT

jjst135

"If it doesn't make sense but it works, it's Google. Do not confuse it with if it doesn't make sense and it doesn't work, because then it's Microsoft."

Haha, spot on;-)

Thanks Nicholas! Have a good day.

Support Information

Easter vacation: We will be closed from 17 April 2025 16:00 UTC to 21 April 2025 06:00 UTC due to observing the Christian Easter holiday. Support will be closed during that time for both new tickets, and replies to existing tickets.

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!