Oath2 SMTP Token refresh failure Alarm

Hello All:

I have an Ignition gateway that has an Gmail email profile configured with OAuth2 SMTP. The email profile is used to with a notification pipeline to emails when a generator goes offline since the site is only partially manned.

The OAuth token returned from Google has a time to line of 1 hour so the system refreshes the token every hour. This was all working as intended until there was a loss of offsite communication. While comms were down, Ignition attempted a token refresh, it failed, and eventually the token timed out.

Once comms were back Ignition continued to try to send emails but could not authenticate to Google due to the invalid token.

Right now this fails silently. A log entry is generated but there is nothing operator-facing (HMI indicator or alarm, etc.) to indicate that the notification function is failing.

I looked for a tag that would indicate token expiry or an error condition with the email profile and could not find anything.

Does anyone have suggestions on a tag that I could use to provide indication if the OAuth token expires again?

Or some other solution so that this isn't a silent failure?

Thank you.

I suspect you will need to open a support ticket.

An alternative with GMail is you can set up application passwords for GMail to allow apps that don't support OAuth to have a complex password generated by Google and set it up as a regular SMTP account using the credentials it supplies. This is a non-expiring password, and while technically less secure, should be more reliable. If you want to roll it yearly, then you could always do it manually by generating a new application login/password, switching Ignition over to it, then removing the old one from Google with zero downtime.

Edit: Link to Google Help Doc: Come creare password per le app  |  Google Workspace Knowledge Center