[kwlug-disc] Google with TOTP
Khalid Baheyeldin
kb at 2bits.com
Tue Jun 14 13:15:50 EDT 2022
So TOTP with Google was not an option, because they require you to give them
a phone number and they send an SMS to it (at least initially).
I did not want to go that route. In fact, they did have my cell number and
I removed
it from my account. The reason is not privacy, but something more
dangerous. Someone
I know was the victim of a SIM swap attack, not once, but twice. Basically
an attacker
convinces the cell phone provider that he owns the number, and gets a SIM.
He then
goes into Google and asks for a password reset. Now any other service that
uses the
Google email is also compromised.
What I ended up using for getmail (to backup my Gmail account over IMAP) is
use the
Xoauth2 method supported by getmail. To do this I had to use a Python
program that
renews a token from Gmail using cloud apps
This is the script I used:
https://github.com/akkana/scripts/blob/master/gmail-oauth-tokens.py
I had to make a small change, adding float() around a value:
if time.time() >= float(expired):
In getmail's config, the following is needed:
use_xoauth2 = True
password_command = ("/usr/local/bin/gmail-oauth-tokens.py",
"/home/path/to/gmail.json")
The steps to setup a cloud app with XOauth2 is as follows (from comments in
another
program):
- create a project
https://console.cloud.google.com/projectcreate
- consent screen:
https://console.cloud.google.com/apis/credentials/consent
only external available for non-workspace users.
[ADD OR REMOVE SCOPE] https://mail.google.com/
Test User: Add all your emails you want to use with getmail.
- credential:
https://console.cloud.google.com/apis/credentials
[Create Credentials/Oauth client ID] Desktop App / getmail
- download json
It works well.
But the mailwatch widget for XFCE does not work, and does not have a way to
use
the above tokens
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20220614/1b1c6ae1/attachment.htm>
More information about the kwlug-disc
mailing list