search

gauteh / lieer

Fast email-fetching, sending, and two-way tag synchronization between notmuch and GMail
http://lieer.gaute.vetsj.com
Other
536 stars 62 forks source link

Can't use manually crafted credentials file #280

Open Melkor333 opened 4 months ago

Melkor333 commented 4 months ago

I try to use a manually crafted credentials.json because I only got the client_id & client_secret from my company. Using the id & secret + my mail account information works for offlineimap, neomutt & vdirsyncer, so I assume this information should be enough to authenticate and fetch mails. But when using lieer, i get 

# gmi pull
googleapiclient.errors.HttpError: <HttpError 403 when requesting https://gmail.googleapis.com/gmail/v1/users/MAIL%40ADDRESS/labels?alt=json returned "Gmail API has not been used in project PROJECTID before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/gmail.googleapis.com/overview?project=PROJECTID then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.". Details: "[{'message': 'Gmail API has not been used in project PROJECTID before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/gmail.googleapis.com/overview?project=PROJECTID then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.', 'domain': 'usageLimits', 'reason': 'accessNotConfigured', 'extendedHelp': 'https://console.developers.google.com'}]">

I assume it's because lieer doesn't seem to use the mail account information, but a project_id which I don't have. My credentials.json I used for authentication looked roughly like this:

{"installed":
  {"client_id":"CLIENT_ID",
    "login_hint":"MAIL_ADDRESS",
    "auth_uri":"https://accounts.google.com/o/oauth2/auth",
    "token_uri":"https://oauth2.googleapis.com/token",
    "auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs",
    "client_secret":"CLIENT_SECRET",
    "redirect_uris":["urn:ietf:wg:oauth:2.0:oob","http://localhost"]
  }
}

Authentication works fine:

# gmi auth -c cred.json -f
authorizing..
reauthorizing..
auth: using user-provided api id and secret
Please visit this URL to authorize this application: URL
#

and a file .credentials.gmailieer.json is created.

Looking at the other implementations, e.g. the neomutt script it looks like this uses login_hint, which doesn't seem to be used by lieer. But I don't know the API that well and could be wrong. Is this something that could be implemented more or less easily if my assumption is right?

Melkor333 commented 4 months ago

(sorry i accidentally pressed ctrl+enter, edited the initial text now!)

hsanson commented 2 weeks ago

Had same issue, you need to enable Gmail API in the project where the credentials are created. You can do so by visiting this page in the console:

This is in the documentation: https://github.com/gauteh/lieer?tab=readme-ov-file#using-your-own-api-key

Also maybe unrelated but in my client creds file I has a project_id field with the google project ID where the credentials were created:

{
  "installed": {
    "client_id": "********",
    "project_id": "[PROJECT ID]",
    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
    "token_uri": "https://oauth2.googleapis.com/token",
    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
    "client_secret": "******",
    "redirect_uris": [
      "http://localhost"
    ]
  }
}