[kwlug-disc] (forw) Re: [sf-lug] Fwd: Google with TOTP (Akkana to the rescue...)

Khalid Baheyeldin kb at 2bits.com
Tue Jun 14 20:36:58 EDT 2022


On Tue, Jun 14, 2022 at 6:10 PM Rick Moen <rick at linuxmafia.com> wrote:

> Forwarding back.
>
> ----- Forwarded message from Akkana Peck <akkana at shallowsky.com> -----
>
> Date: Tue, 14 Jun 2022 15:21:03 -0600
> From: Akkana Peck <akkana at shallowsky.com>
> To: sf-lug at linuxmafia.com
> Subject: Re: [sf-lug] Fwd: [kwlug-disc] Google with TOTP (Akkana to the
>         rescue...)
>
> Ronald Barnes writes:
> > Someone on the KWLUG list had their issue with email and Google's OAUTH
> > implementation by using something they found on github.com.
> >
> > Something about the repo looked familiar - it's Akkana's script.
>
> Neat! Thanks for letting me know -- I love hearing things like that.
> I've now made the change Khalid mentioned, adding the float conversion.
>
> I don't remember if I ever posted a link to my writeup once I
> got OAuth2 working. If not, it's
> https://shallowsky.com/blog/tech/email/gmail-api-oauth2.html
>
> I'm still working on getting the script to spit out a clear message
> when the token expires and you have to go get a new one (which I
> think happens once a week, if you don't use it in that time). It's
> hard to debug something that can only be tested once a week. :-)
> Once I'm confident it's working, I'll probably make a cron job or a
> .zlogin job that fetches the token; I'm hoping that if I fetch it
> more often than once a week, maybe it won't expire, but I don't know
> since they don't make those policies clear anywhere.
>
>         ...Akkana
>

Yes, I did see that page from a search, and that is what led me to the
Python program that I am using now, after the fix.

And I was about to email Akkana, because I did recognize the site's
unique name from years ago, when I used it to find the positions of
Jupiter's moons, and their transits. Wanted to thank him/her/them
for that too ...

And here is the debug output of the python program when using the
-d option. Maybe that will help.

External password program "/yadda/gmail-oauth" wrote to stderr: JSON data:
{'access_token': 'foo',
 'auth_provider_x509_cert_url': 'https://www.googleapis.com/oauth2/v1/certs
',
 'auth_uri': 'https://accounts.google.com/o/oauth2/auth',
 'client_id': 'bar.apps.googleusercontent.com',
 'client_secret': 'baz',
 'expires_at': 1654915100.9797966,
 'project_id': 'project-123',
 'redirect_uri': 'http://localhost/',
 'refresh_token': 'aaaaa',
 'scope': 'https://mail.google.com/',
 'token_uri': 'https://oauth2.googleapis.com/token',
 'user': 'someone at gmail.com'}
Need to refresh tokens: expired at 2022-06-11 02:38
Refreshing token
Refresh response:
{'access_token': 'bbbb',
 'expires_in': 3599,
 'scope': 'https://mail.google.com/',
 'token_type': 'Bearer'}
New expiration: time.struct_time(tm_year=2022, tm_mon=6, tm_mday=11,
tm_hour=22, tm_min=38, tm_sec=21, tm_wday=5, tm_yday=162, tm_isdst=1)
No refresh token

But I do observe that the access_token "foo" is different from the
access_token "bbbb", so maybe it is renewing,
since the expires_in is set to 3599 (one hour?)
-- 
Khalid M. Baheyeldin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20220614/76653e7c/attachment.htm>


More information about the kwlug-disc mailing list