Skip to content
SuperMail docs

Reauthentication

Credentials go stale every so often. When that happens you’ll see a red banner at the top of the inbox and a Reauthenticate button (for Gmail OAuth) or Update credentials button (for IMAP accounts like Outlook, Yahoo, iCloud, Fastmail, etc.) next to the affected account in the sidebar.

Why it happens

Gmail (OAuth)

  • Password change on the Google account.
  • Admin revoked the OAuth grant in your Google Workspace tenant.
  • Long inactivity - Google expires refresh tokens after 6 months of no use.
  • Security review triggered by Google (e.g. “unusual sign-in”).
  • We pushed an updated OAuth scope and asked you to re-consent (rare; we try to keep scopes stable).

IMAP / app-password accounts (Outlook, Yahoo, iCloud, Fastmail, etc.)

  • You regenerated the app password on the provider’s security page. The old one we stored no longer authenticates.
  • The provider rotated credentials after a security event on their end.
  • 2-step verification was turned off, which invalidates app passwords on Microsoft and Yahoo.
  • SMTP AUTH was disabled by your M365 tenant admin.

How to fix it

Gmail

  1. Click Reauthenticate on the banner or on the account in Settings → Accounts.
  2. You’ll be sent through the same Google OAuth flow as when you first connected the account.
  3. Sign in, re-consent, and you’re done. No data is lost - we resume sync from where the old token stopped working.

IMAP accounts

  1. Generate a new app password on the provider’s security page (see the provider’s doc page: Outlook, Yahoo, IMAP providers).
  2. Click Update credentials on the banner.
  3. Paste the new app password. The rest of the server settings stay the same.

What’s paused while you’re out

  • Incoming sync stops. New mail doesn’t appear in SuperMail until you reauth.
  • Sending also stops (SMTP auth uses the same credential).
  • Reading existing mail still works; old messages are cached in our database.
  • Drafts are still saved locally and sync back up once you reauth.

Silent reauth (auto-attempted)

For Gmail OAuth, SuperMail tries to refresh tokens automatically before they expire. The explicit “Reauthenticate” step is only shown when the silent refresh fails. IMAP app passwords don’t have a refresh mechanism, so any failure there requires a manual credential update.

Still failing after reauth?

See Troubleshooting or email [email protected].