-
Notifications
You must be signed in to change notification settings - Fork 313
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Any way to make Google app authorization last longer? #611
Comments
I second that. Can we reup the app approval to avoid the oauth route? I'm using this on a remote PI to pull data from other locations and update the calendar on the screen. It works with oauth, but the weekly loss will get irritating. |
I think is google side problem. They revoke super fast the authorization. It's annoying |
anyone found a way to do this? |
Apparently this is a limitation if your app is set to "testing" rather than "published". But when I try to publish, it requires a bunch of information and manual verification from Google, because the app has "sensitive scope". Is there any way to set the Google API scope so it's not "sensitive" requiring verification? Has anyone figured out exactly what scope is necessary for gcalcli to still work? |
I've made some progress. It's possible to remove all the sensitive scope authorizations if you set gcalcli to post to a secondary calendar. Then you should be able to publish your app without Google verification. However, to do this, you need to set redirect_uri to something other than urn:ietf:wg:oauth:2.0:oob (e.g. http://localhost:0, or a custom URL on your own server that could print out the activation code). I patched the gcalcli code to allow a --redirect-uri parameter. However, it appears that [https://github.com/googleapis/oauth2client/issues/317] tools.run_flow ignores this setting, and that code is no longer maintained. Anyone with better Python and googleapi knowledge than me able to fix this? Alternatively, gcalcli code be rewritten to use google-auth rather than oauth2client, as the latter is now deprecated. https://google-auth.readthedocs.io/en/latest/oauth2client-deprecation.html . But this seems like a significant undertaking. |
I agree, IMO replacing First, create a new OAuth 2.0 Client ID for Then, edit the Run It remains to be seen if this method requires reauthorization every 7 days. I will test and report back. |
I've created a slightly less ugly fix. Below is a patch to python-oauth2client (v4.1.3 from Ubuntu) that allows you to set OOB_CALLBACK_URN via environmental variable. I've also posted an unsigned DEB at https://adam.rosi-kessel.org/deb/python3-oauth2client_4.1.3-2.1_all.deb . You can also make the process less ugly by setting a real URL rather than localhost. I have a simple PHP page that just returns the code passed to it (code below). So here is the full workflow:
Patch code:
PHP code:
An even spiffier solution would be for gcalcli to grab the code from the code.php URL, so that the user doesn't need to copy and paste back to the CLI. This wouldn't be much work to implement, although if this solution "sticks" so that regenerating the token is very rare, it may not be necessary. |
My test gcalcli setup asks for autorization again, so I guess this approach still doesn't solve the issue. |
My solution posted above is working for me. I do run gcalcli hourly (gcalcli agenda > /dev/null 2>&1 as a cronjob) to make sure the token is regularly refreshed. I've been using it for more than a week now with no re-authorization required. |
Looking at the contents of |
Running gcalcli via cron every hour appears to have solved the problem completely for me. |
Does this only work with your patched version? |
Is there a way to share the auth between a server and my laptop? I can't run a job every N hour on a laptop. |
Interestingly I do not see this problem but not sure what the difference is. |
Likely fixed now that I merged #683. Please let me know if issues remain. Thanks! |
I find I have to reauthorize this app (using the same device) at least 1-2x per week, i.e. by running gcalcli with --noauth_local_webserver and my client-id and client-secret, then navigating through the Google prompts to trust the app. Is there any way to make this authorization last longer so I can rely on gcalcli for automated processing without needing to keep checking if it remains authorized?
The text was updated successfully, but these errors were encountered: