How to create perene tokens?

[marcosrdac]

Currently my tokens last one week and then break. So I need to authenticate again manually (recreate the token, using a browser and so on). How would I prevent having to do so?

[VannTen]

You're talking about the refresh tokens right ? I think this depends on the token provider (aka, it can choose to invalidates the token). Can you share the details ?

[marcosrdac]

Hello @VannTen! I created this Google App that allows isync access to my gmail account data, so that it can sync my mails between the gmail server and my computer. To do so, I use auth2token to create a token for isync to stablish connection with gmail and do its work.

But it looks like my tokens have a validity of one week befores it breaks. Is there something I could configure here, when asking for the token in auth2token, or do you think I'm not looking at the right place to solve it?

What I wanted is to authenticate only once :S

[VannTen]

That's weird. That's my exact setup (why I made this in the first place, in fact) and it works flawlessly since that. Hum, maybe google imposes a limit on tokens issued for non-validated apps ? I know I created mine which was in my company scope, whatever that means, to avoid the external audit stuff...

App specific password do not work for your account ? I knew they did not for me, but that was on gsuite (so company mail)

Le jeu. 16 sept. 2021 à 23:38, Marcos Reinan de Assis Conceição < @.***> a écrit :

Hello @VannTen https://github.com/VannTen! I created this Google App that allows isync https://wiki.archlinux.org/title/isync access to my gmail account data, so that it can sync my mails between the gmail server and my computer. To do so, I use auth2token to create a token for isync to stablish connection with gmail and do its work.

But it looks like my tokens have a validity of one week befores it breaks. Is there something I could configure here, when asking for the token in auth2token, or do you think I'm not looking at the right place to solve it?

What I wanted is to authenticate only once :S

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/VannTen/oauth2token/issues/4#issuecomment-921273663, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADF2P7CPQLXVNKMBKNCQ6HTUCJPW3ANCNFSM44YSO5HA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

[marcosrdac]

Thanks for your tip! I'm a bit occupied this week, but I'll try your solution as soon as I can.

[gpcureton]

Hi @VannTen , thanks for an awesome tool! Perhaps I can provide some more context to this issue. I also have problems with the refresh tokens. I have installed oauth2token from the Arch AUR package (version 0.0.2.post2-1). I am using your tool to generate access tokens for use with Office365 (university) and GMail, from isync. The access tokens seems to expire after about 20 minutes, and attempts to get a refresh token (by running oauth2get <provider> <account>) result in

  File "/usr/bin/oauth2get", line 11, in <module>
    print (get_token(user=args.user, app=args.app))
  File "/usr/lib/python3.9/site-packages/oauth2token/token_mgmt.py", line 24, in get_token
    creds.refresh(Request())
  File "/usr/lib/python3.9/site-packages/google/oauth2/credentials.py", line 281, in refresh
    raise exceptions.RefreshError(
google.auth.exceptions.RefreshError: The credentials do not contain the necessary fields need to refresh the access token. You must specify refresh_token, token_uri, client_id, and client_secret.

My config.json looks like:

{
    "web": {
        "client_id": "08162f7c-0fd2-4200-a84a-f25a4db0b584",
        "client_secret": "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82",
        "auth_uri": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
        "token_uri": "https://login.microsoftonline.com/common/oauth2/v2.0/token"
    }
}

where the client_id and client_secret values are the publicly available values for Thunderbird.

[VannTen]

Hi,

I am using your tool to generate access tokens for use with Office365 (university) and GMail

Do you mean you have differents applications ? It's been a while since I made this, but I think different applications might need different scopes (scopes.json)

For the config.json, I think you might need more keys. If I remember correctly, the one in the README are juste the mandatory ones but provider might need more. For ref, I use this for the token I use with mbsync

{
  "installed": {
    "client_id": "1093327885731-7re98715kvjo0i90miua9dap7g91ruju.apps.googleusercontent.com",
    "project_id": "mail-client-275212",
    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
    "token_uri": "https://oauth2.googleapis.com/token",
    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
    "client_secret": "*",
    "redirect_uris": [
      "urn:ietf:wg:oauth:2.0:oob",
      "http://localhost"
    ]
  }
}

scopes.json

[
  "https://mail.google.com/"
]

From the error message, I think it might be the refresh token missing, maybe because some parameters are missing ? I never added logging, that could be helpful for that.

I'll try to investigate, but life is a bit tough right now, so no promise !

[VannTen]

Could you test 0.0.3 ? #5 could have been the same problem so it could solve your issue too...