Hello. We previously used a standard login connection for Gmail, but found that if the password on the email account changed, our Make scenario connection and scenario broke.
So, we followed Make’s steps for setting up our Gmail connection using oAuth because we read that using oAuth would eliminate the issue. The connection worked to send emails as it should, however, when we recently changed the email account password, it still broke our connection! This is despite the fact that we are using the oAuth Client ID and Secret.
Are we misunderstanding how this should work? Is there something we’re missing to ensure that the connection remains stable regardless of password changes?
Just for additional context / information, the error that we received was “Failed to verify connection ‘OAuth Gmail’. Invalid refresh token. Please reauthorize the connection.”
Welcome to the Make community!
Unfortunately, this is a Google limitation / security feature.
According to the official documentation for Google Workspace,
To increase account security for Google users, OAuth 2.0 tokens issued for access to certain products are automatically revoked when a user’s password is changed. Third-party mail apps like Apple Mail and Mozilla Thunderbird―as well as other applications that use mail scopes to access a user’s mail―will stop syncing data upon password reset until a new OAuth 2.0 token has been granted. A new token will be granted when the user re-authenticates with their Google account username and password.
– Source: Google Workspace Help > Administrators > Apps & integrations > Automatic OAuth 2.0 token revocation upon password change
The possible/only workarounds, according to the same document, are:
-
The token revocation process does not include applications built on Apps Script, even if the script accesses mail.
-
Gmail IMAP sessions authenticated using OAuth aren’t affected by a password change, but are limited to the validity period of the access token (usually 1 hour).
-
The Less secure apps setting will have no impact on tokens being revoked upon password change.
Hope this helps!
— @samliew
Thanks @samliew. So, is there any way to use Make.com to send emails triggered by a Webflow form submission that are unaffected by Google account password changes? And/or is there a different / better option other than using Gmail to send emails like this?
We were under the impression that using Gmail + oAuth would keep a persistent connection regardless of password changes, so we’re looking for any solution that would work like that.
I’d recommend using a transactional email tool like Brevo or Resend that uses your domain to send the emails. There are a bunch out there, and a lot of them have connections with Make so you can handle Webflow form emails that way. I used to use SendGrid until their free plan was removed.
One thing to note is that emails sent by a service like this will not appear in the sent folder of the Google email they’re sending from which, is different from using the Google OAuth connection.
A nice benefit is that most of these tools allow you to connect a single email or an entire domain, so you could technically send emails from different addresses (same domain) based on form content.
Yup.
Either use the workarounds above, which is a PITA to setup, or don’t use a personal Gmail account.
If you go the non-personal Gmail account route, here are some options:
-
Set up a domain email account/ address that doesn’t change password,
e.g.: no-reply@yourdomain.com,
-
If you can’t use the main domain, setting up a subdomain is another option.
e.g.: no-reply@mailer.yourdomain.com