search

domainaware / parsedmarc

A Python package and CLI for parsing aggregate and forensic DMARC reports
https://domainaware.github.io/parsedmarc/
Apache License 2.0
986 stars 214 forks source link

Problem: gmail_api Stuck on Authentication #545

Open superstes opened 2 weeks ago

superstes commented 2 weeks ago

It seems the gmail api is stuck at creating the oauth token. Here it calls the external flow module: https://github.com/domainaware/parsedmarc/blob/master/parsedmarc/mail/gmail.py#L30 This flow module states:

The server strategy instructs the user to open the authorization URL in
their browser and will attempt to automatically open the URL for them.

So basically it waits (forever) for you to open the browser and log-in interactively (from what I understand).

I had success using a service account for the non-interactive API access. But for this to work, the _get_creds function needs to be rewritten to this:

from google.oauth2 import service_account

def _get_creds(credentials_file, scopes):
    return service_account.Credentials.from_service_account_file(
        credentials_file, scopes=scopes,
    ).with_subject('<YOUR-DMARC-ACCOUNT-EMAIL-ADDRESS>')

Note that the content of the credentials_file.json needs to replaced by the service account key

superstes commented 2 weeks ago

Also: Have not found a streight-forward documentation on how to assign privileges to the service-account. Got stuck on unprivileged access and retracted to use imap with app-passwords.. https://support.google.com/accounts/answer/185833?hl=en

seanthegeek commented 1 week ago

@nathanthorpe @mkupferman worked on the Gmail integration and can probably shed some light on this.