Create an OAuth2 Client ID

A short guide to creating an OAuth2 Client ID through the Google Cloud Console.

Create a new OAuth2 Client ID

These steps are based on the steps outlined by ccrusius (a).

1. Navigate to the Cloud Console (a).
2. Choose an existing project or create a new one.
3. Select “APIs & Services” from the navigation menu.
4. Select “Credentials”.
5. Create new credentials of type “OAuth Client ID”.
6. Choose application type “Other”.
7. Choose a name for the client.
8. This should get you a Client ID and a Client Secret. We’ll need both.

Confirm that OAuth2 Authentication Works

1. Download gmail-oauth2-tools.

   This utility will generate our refersh tokens for us.

   git clone https://github.com/google/gmail-oauth2-tools
   

2. Create a refresh token using gmail-oauth2-tools.

   python2.7 /path/to/gmail-oauth2-tools/python/oauth2.py \
     --user=<you>@gmail.com \
     --client_id=<Client ID> \
     --client_secret=<Client Secret> \
     --generate_oauth2_token
   

3. Create access token generating script; gen_email_access_token.sh.

   Create a new file, paste the following in, and fill in the variable values. Don’t forget to set chmod 700!

   #!/bin/bash
   # Reference: http://blog.onodera.asia/2020/06/how-to-use-google-g-suite-oauth2-with.html
   
   python27_executable="python2.7"
   
   # Path to the oauth2.py file.
   # Get this file by cloning https://github.com/google/gmail-oauth2-tools
   path_to_oauth2py="/path/to/gmail-oauth2-tools/python/oauth2.py"
   
   # The email address we'll be using.
   gsuite_email_address="<you>@gmail.com"
   
   # Generate these by creating a new OAuth2 Client Id in Google's Cloud.
   client_id="<client id>"
   client_secret="<client secret>"
   
   # Generate a refresh token by running the following command:
   # python2.7 /opt/share/oauth2.py \
   #   --user=MY_GSUITE_EMAIL_ADDRESS \
   #   --client_id=MY_CLIENT_ID.apps.googleusercontent.com \
   #   --client_secret=MY_CLIENT_SECRET  \
   #   --generate_oauth2_token
   refresh_token="<your refresh token">
   
   access_token=$("${python27_executable}" "${path_to_oauth2py}" \
     --user="${gsuite_email_address}" \
     --client_id="${client_id}" \
     --client_secret="${client_secret}" \
     --refresh_token="${refresh_token}" \
     | awk -F" " '{if(NR==1)print $3}')
   
   echo -n "$access_token"
   

4. Confirm that your access token works.

   python2.7 /path/to/gmail-oauth2-tools/python/oauth2.py \
     --test_imap_authentication \
     --user=<you>@gmail.com \
     --access_token="<your access token>"
   

   You should see something like this:

   05:51.26 > OKBC1 AUTHENTICATE XOAUTH2
   05:51.32 < +
   05:51.33 write literal size 272
   05:55.17 < * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 UIDPLUS COMPRESS=DEFLATE ENABLE MOVE CONDSTORE ESEARCH UTF8=ACCEPT LIST-EXTENDED LIST-STATUS LITERAL- SPECIAL-USE APPENDLIMIT=157286400
   05:55.17 < OKBC1 OK <you>@gmail.com authenticated (Success)
   05:55.17 > OKBC2 SELECT INBOX
   05:55.59 < * FLAGS (\Answered \Flagged \Draft \Deleted \Seen $NotPhishing $Phishing)
   05:55.59 < * OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen $NotPhishing $Phishing \*)] Flags permitted.
   05:55.59 < * OK [UIDVALIDITY 1] UIDs valid.
   05:55.59 < * 142 EXISTS
   05:55.59 < * 0 RECENT
   05:55.59 < * OK [UIDNEXT 142654] Predicted next UID.
   05:55.59 < * OK [HIGHESTMODSEQ 65647480]
   05:55.59 < OKBC2 OK [READ-WRITE] INBOX selected. (Success)
   

Bibliography

Backlinks

• Read Gmail in Emacs with mbsync and mu4e
• Read Gmail in Emacs with notmuch and lieer