<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jun 14, 2022 at 6:10 PM Rick Moen <<a href="mailto:rick@linuxmafia.com" target="_blank">rick@linuxmafia.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Forwarding back.<br>
<br>
----- Forwarded message from Akkana Peck <<a href="mailto:akkana@shallowsky.com" target="_blank">akkana@shallowsky.com</a>> -----<br>
<br>
Date: Tue, 14 Jun 2022 15:21:03 -0600<br>
From: Akkana Peck <<a href="mailto:akkana@shallowsky.com" target="_blank">akkana@shallowsky.com</a>><br>
To: <a href="mailto:sf-lug@linuxmafia.com" target="_blank">sf-lug@linuxmafia.com</a><br>
Subject: Re: [sf-lug] Fwd: [kwlug-disc] Google with TOTP (Akkana to the<br>
rescue...)<br>
<br>
Ronald Barnes writes:<br>> Someone on the KWLUG list had their issue with email and Google's OAUTH<br>
> implementation by using something they found on <a href="http://github.com" rel="noreferrer" target="_blank">github.com</a>.<br>
> <br>
> Something about the repo looked familiar - it's Akkana's script.<br>
<br>
Neat! Thanks for letting me know -- I love hearing things like that.<br>
I've now made the change Khalid mentioned, adding the float conversion.<br>
<br>
I don't remember if I ever posted a link to my writeup once I<br>
got OAuth2 working. If not, it's<br>
<a href="https://shallowsky.com/blog/tech/email/gmail-api-oauth2.html" rel="noreferrer" target="_blank">https://shallowsky.com/blog/tech/email/gmail-api-oauth2.html</a><br>
<br>
I'm still working on getting the script to spit out a clear message<br>
when the token expires and you have to go get a new one (which I<br>
think happens once a week, if you don't use it in that time). It's<br>
hard to debug something that can only be tested once a week. :-)<br>
Once I'm confident it's working, I'll probably make a cron job or a<br>
.zlogin job that fetches the token; I'm hoping that if I fetch it<br>
more often than once a week, maybe it won't expire, but I don't know<br>
since they don't make those policies clear anywhere.<br>
<br>
...Akkana<br></blockquote></div><div><br></div><div>Yes, I did see that page from a search, and that is what led me to the <br></div><div>Python program that I am using now, after the fix. <br></div><div><br></div><div>And I was about to email Akkana, because I did recognize the site's <br></div><div>unique name from years ago, when I used it to find the positions of</div><div>Jupiter's moons, and their transits. Wanted to thank him/her/them <br></div><div>for that too ... <br></div><div><br></div><div>And here is the debug output of the python program when using the</div><div>-d option. Maybe that will help. <br></div><div><br></div><div>External password program "/yadda/gmail-oauth" wrote to stderr: JSON data:<br>{'access_token': 'foo',<br> 'auth_provider_x509_cert_url': '<a href="https://www.googleapis.com/oauth2/v1/certs">https://www.googleapis.com/oauth2/v1/certs</a>',<br> 'auth_uri': '<a href="https://accounts.google.com/o/oauth2/auth">https://accounts.google.com/o/oauth2/auth</a>',<br> 'client_id': '<a href="http://bar.apps.googleusercontent.com">bar.apps.googleusercontent.com</a>',<br> 'client_secret': 'baz',<br> 'expires_at': 1654915100.9797966,<br> 'project_id': 'project-123',<br> 'redirect_uri': '<a href="http://localhost/">http://localhost/</a>',<br> 'refresh_token': 'aaaaa',<br> 'scope': '<a href="https://mail.google.com/">https://mail.google.com/</a>',<br> 'token_uri': '<a href="https://oauth2.googleapis.com/token">https://oauth2.googleapis.com/token</a>',<br> 'user': '<a href="mailto:someone@gmail.com">someone@gmail.com</a>'}<br>Need to refresh tokens: expired at 2022-06-11 02:38<br>Refreshing token<br>Refresh response:<br>{'access_token': 'bbbb',<br> 'expires_in': 3599,<br> 'scope': '<a href="https://mail.google.com/">https://mail.google.com/</a>',<br> 'token_type': 'Bearer'}<br>New expiration: time.struct_time(tm_year=2022, tm_mon=6, tm_mday=11, tm_hour=22, tm_min=38, tm_sec=21, tm_wday=5, tm_yday=162, tm_isdst=1)<br>No refresh token</div><div><br></div><div>But I do observe that the access_token "foo" is different from the access_token "bbbb", so maybe it is renewing,</div><div>since the expires_in is set to 3599 (one hour?)<br></div>-- <br><div dir="ltr">Khalid M. Baheyeldin<br><br></div></div>