Mojave 10.14.4 fails to Authenticate Gmail account

UPDATE:

I contacted Apple and spoke with a tech support person, shared my screen so he could see what was happening. He verified that it is legit. Continuing with the process for each account, I was able to get my accounts online.

IF for some reason you do not get the prompt, click the sideways lightning strike (my description) next to the account that's offline, and you should then get the prompts to authenticate.

I was able to set up my gmail account the old fashioned way, using 'Add Other Account..." and add smtp and imap info manually... It doesn't bring in google calendar, but my email account is working again on Mojave, and iOS 12.2, which was experiencing the same issue for me.

Hi,

i bring Apple mail working again. Is a Google GsSuite Account, thats ends not to gmail.com.

I Have 2 accounts one with 2FA one without. Only want mail functionality back first.

First, have same issues, can´t login, Safari opens ... endless loop and not online.

What i did.

1. Delete google Accounts in system Preferences -> Internet Accounts
2. Open Mail
3. Add Account
4. Choose other
5. Enter mail Adress / Username = full mail address / mail.gmail.com / smtp.gmail.com
6. Password A) Create one for 2FA in you Google Account for Mail
7. Password B) just choose the normal one

Update, also tested with my private @gmail.com -> works to

please try.

Check the previous replies: At the moment the only fix is to delete the account and add it in manually as an IMAP account - if you have 2FA you will need to generate an App password - use that when you add the account back in. This will get you your mail but will not allow you to access Calendars or Contacts.

After nearly 1.5 hrs with a senior technician on the phone, we did find some kind of workaround.

I've added it as a Google account in Mail, but for some reason it comes up as a normal mail account, which is strange. He emptied a couple of Library folders, caches etc but we found out that if 'Less secure app access' is turned off in the Google account security settings, it won't work, only if it is 'on'.

At least the G Suite account is now up and running again, but doesn't merge with 'All Mail' with the normal non G Suite gmail account.

Here is the only workaround that worked for me. I had to add the Google account in Mail using the option "Other Mail Account..."

1. First you need to prepare your Google account by generating an app specific password https://support.google.com/accounts/answer/185833 and by enabling IMAP https://support.google.com/mail/answer/7126229
2. Then open Mail
3. In the menu choose "Add Account"
4. Choose "Other Mail Account..."
5. Use your email address and the app specific password you generated. And for the servers use the following:

outgoing: smtp.google.com

incoming: imap.google.com

Good luck

@lowfreakwency, here's what I posted earlier (YMMV):

I had a number of Gmail accounts with this problem - although not all my Gmail accounts were affected. I got tired of waiting for a fix from Apple, so here's the workaround I used on all of them:

1) Quit out of the Mail app if it's running.

2) Completely remove (not just disable) the affected account(s) from System Preferences > Internet Accounts.

3) Log into https://accounts.google.com/signin/v2/identifier.

4) Click on Security, then click 2-Step Verification and make sure it's OFF (if you don't do this, the next step won't even be an option).

5) Set "less secure app access" ON.

6) Re-add the account(s) from System Preferences > Internet Accounts.

7) Launch the Mail app - the account(s) should sync.

Hi.

Ok, This worked for me:

1) Delete all affected ACCOUNTS from System preferences -> Internet Accounts.

2) Go to https://myaccount.google.com/ and in the search bar above the page type "third-party" (without the quotation) than click on the first suggestion "Third-party apps with account access" and from there click on "macOS" from expanded menu click on remove access and click "OK".

3) Go back to System preferences -> Internet Accounts and re-add your account(s).

Hopefully this works for you.

Someone with the handle Gannett posted a fix on the MacRumors website and it worked for me. I don't know how to link directly to his post so I'm pasting his instructions below. The fact that he figured out a solution shows just how neglectful Apple has been about this problem.

Anyway, these are Gannett's instructions:

Okay, so I've tried to make this as easy as possible. We're going to use Charles to rewrite a response from google to include the email address which is for some reason missing in google's own response. This is a one time setup only needed for verification.

1. Download, install and run Charles.
2. If this is your first time using Charles it should prompt you to authorize automatic proxy configuration. Do this. (Otherwise just make sure the macOS proxy is enabled and working)
3. From the Help menu choose SSL Proxying > Install Charles Root Certificate.
4. Once the certificate is installed, find it in your keychain (type Charles into the search), open it, expand the Trust section and set to Always Trust. You will be prompted for your password when closing it.
5. Back in Charles, from the Proxy menu choose SSL Proxying Settings.
6. Add a new location with Host: people.googleapis.com.
7. From the Tools menu choose Rewrite and click the Add button.
8. Add a new location with Host: people.googleapis.com.
9. Add a new action with the following details...

• • Type: Body
  • Where: Response
  • Replace Value: {"names":[{"metadata":{"primary":true},"displayName":"Your Name"}],"emailAddresses":[{"value":"your@email"}]}
  • (Make sure you put in your name and email address)

1. Once you save this, we're all set. Go to your system Internet Accounts or (Mail) and authorize your account.
2. If everything thing is working, you can quit Charles and feel free to delete the certificate from Keychain.

Here's a potential fix, and also another piece of the puzzle. Prior to "The Fix" (see below) my 10.14.4 system was in this state:

• GSuite account (grandfathered) was in the authentication loop.
• Standard "...@gmail.com" account was working
• In KeyChain I had deleted the "com.apple.account.Google.oauth-{token | expiry-date | refresh-token}" for the failing GSuite account only.

The Fix (for me...YMMV)

1. Quit Mail.app and Calendar.app (basically, all the apps that can sync with GSuite!)
2. Install Thunderbird - yes, that old chestnut!
3. Add your failing GSuite account to Thunderbird.
   1. Go through the OAuth dance (including 2FA if you're using it).
   2. Verify email is flowing in Thunderbird.
4. Quit Thunderbird...it's job is done.
5. Open KeyChain - you should have fresh "com.apple.account.Google.oauth-{token | expiry-date | refresh-token}" entries for the failing GSuite account!
6. Open Mail.app. and take your GSuite account ONLINE. Same deal with Calendar.app etc. The new auth tokens are (should be) working.

So what do we learn from this? Simply that Apple's OAuth dance in System Preferences DOESN'T populate the necessary tokens in KeyChain. This also means that as soon as my existing tokens expire again, I will likely need to open Thunderbird to get new ones again. It's clunky, but it "works".

To verify this fix, I did the following:

1. Quit Mail.app etc.
2. Deleted the tokens etc from KeyChain (again).
3. Tried to authenticate in "System Preferences -> Internet accounts" which just looped as we have all seen.
4. Fired up Thunderbird, which asked me to re-authenticate - expected because the oauth tokens are gone.
5. Verified mail access etc. then closed Thunderbird.
6. Confirmed new tokens in KeyChain.
7. Restarted Mail.app and Calendar.app - mail/calendar sync now operational again.

I CAN CONFIRM THE FOLLOWING PROCEDURE WORKS. Tried on 3 different accounts successfully.

Previously tried everything on this thread (even re-adding the account and certificate removal).

Important: After you're done with the authentication, you can remove the Charles application and Mail will continue to work:

We're going to use an app named Charles to rewrite a response from Google to include the email address (which is for some reason missing in google's own response). This is a one time setup only needed for verification.

1. Download, install and run Charles.
2. If this is your first time using Charles it should prompt you to authorize automatic proxy configuration. Do this. (Otherwise just make sure the macOS proxy is enabled and working)
3. From the Help menu choose SSL Proxying > Install Charles Root Certificate.
4. Once the certificate is installed, find it in your keychain (type Charles into the search), open it, expand the Trust section and set to ALWAYS TRUST. You will be prompted for your password when closing it.
5. Back in Charles, from the Proxy menu choose SSL Proxying Settings.
6. Add a new location with Host: people.googleapis.com
7. From the Tools menu choose Rewrite and click the Add button.
8. Add a new location with Host: people.googleapis.com
9. Add a new action with the following details:

• • Type: Body
  • Where: Response (uncheck "request")
  • Replace Value: {"names":[{"metadata":{"primary":true},"displayName":"Your Name Here"}],"emailAddresses":[{"value":"your@emailaddress.com"}]}
  • (Make sure you put in your name and email address).

Once you save this, we're all set. Go to your system Internet Accounts or (Mail) and authorize your account.

If everything thing is working, you can quit Charles and feel free to delete the certificate from Keychain.

If this worked for you, click the "helpful" button below.

(credits to "Gannet" at the MacRumors forum)

I have 6 G-Suite accounts and one vanilla Gmail account. Vanilla Gmail account worked following re-authentication but the G-Suites accounts did not.

Here's how I resolved it. For each G-Suite account,

1. Quit Mail App & Calendar App
2. Go to keychain and search for 'google.oa' keychains
3. Delete all keychains corresponding to the G-Suite account you want to resolve.
4. Go to https://accounts.google.com
5. login with the G-Suite account you want to resolve
6. Go to Security (4th item on left menu) -> "Manage third-part access" [or Security -> "Signing in with Google"]
7. click on macOS
8. Revoke macOS access
9. Sign out of https://accounts.google.com
10. On macOS System Preferences, re-authenticate the G-Suite account ensuring you allow macOS third party access to the Google account.
11. Confirm that new auth tokens are present in keychain
12. Open up Mail App and synchronize the account to get your mails
13. Open up Calendar App, hit Command+R to synchronize your calendar
14. Done

Seems problem is related to old macOS access on G-Suite apps still persisting on Google's side which 10.4.4 doesn't like. Problem lies between Apple & Google with users in between facing their wrath.

I have a corporate Google Apps account with 2FA. This is what worked for me:

1. Open 'System Preferences > Internet Accounts'
2. Delete existing Google account
3. Add new Google account
4. Follow the prompts to get a Safari window where you enter user ID. Don't enter the details yet!
5. In the Safari menu, go to 'Safari > Settings for this Website' and untick 'enable content blockers'
6. Now enter username, then password, then go through 2FA.
7. You should be prompted to enable Mail, Calendar, Contact, and Notes. Tick what you want

Now working...

I was able to get my gmail account working again in Mail by doing the following:

1. Go into mail Preferences > Accounts
2. Select the Account Information tab for your Gmail account > Click the Email Address droplist
3. Select: Edit Email Addresses...
4. Click the "+" to add a new email address
5. Create a new email address identical to the original
6. Once the new email address is created, delete the original email address with the "-" button.
7. Click "OK"
8. Go through the Google authentication again.

Hopefully that will work for you. One note, my Gmail was previously setup for IMAP.

The steps below worked for me when 10.14.4 broke access to my GSuite-backed e-mail, calendars and notes. Hopefully it works for others as well as this problem is a real PITA.

• Delete the problematic Google account(s) from mail.app and Internet Accounts
• Remove any stored credentials for the impacted Google account(s) from Keychain Access.
• Add the account back (as a new account) via Internet Accounts or mail.app (via add Google account), but only select Mail, NOT Contacts, Calendars or Notes. (only connecting to Mail for the initial auth appears to make a difference for some reason)
• Complete the new account authentication process as you normally would.
• At this point, mail.app and Internet Accounts were able to successfully authenticate and connect to Google mail.
• (optional) Enable access to Contacts, Calendars and Notes as needed in Internet Accounts.