A short guide to creating an OAuth2 Client ID through the Google Cloud Console.
Create a new OAuth2 Client ID
These steps are based on the steps outlined by ccrusius (a).
- Navigate to the Cloud Console (a).
- Choose an existing project or create a new one.
- Select “APIs & Services” from the navigation menu.
- Select “Credentials”.
- Create new credentials of type “OAuth Client ID”.
- Choose application type “Other”.
- Choose a name for the client.
- This should get you a Client ID and a Client Secret. We’ll need both.
Confirm that OAuth2 Authentication Works
Download
gmail-oauth2-tools
.This utility will generate our refersh tokens for us.
git clone https://github.com/google/gmail-oauth2-tools
Create a refresh token using
gmail-oauth2-tools
.python2.7 /path/to/gmail-oauth2-tools/python/oauth2.py \ --user=<you>@gmail.com \ --client_id=<Client ID> \ --client_secret=<Client Secret> \ --generate_oauth2_token
Create access token generating script;
gen_email_access_token.sh
.Create a new file, paste the following in, and fill in the variable values. Don’t forget to set
chmod 700
!#!/bin/bash # Reference: http://blog.onodera.asia/2020/06/how-to-use-google-g-suite-oauth2-with.html python27_executable="python2.7" # Path to the oauth2.py file. # Get this file by cloning https://github.com/google/gmail-oauth2-tools path_to_oauth2py="/path/to/gmail-oauth2-tools/python/oauth2.py" # The email address we'll be using. gsuite_email_address="<you>@gmail.com" # Generate these by creating a new OAuth2 Client Id in Google's Cloud. client_id="<client id>" client_secret="<client secret>" # Generate a refresh token by running the following command: # python2.7 /opt/share/oauth2.py \ # --user=MY_GSUITE_EMAIL_ADDRESS \ # --client_id=MY_CLIENT_ID.apps.googleusercontent.com \ # --client_secret=MY_CLIENT_SECRET \ # --generate_oauth2_token refresh_token="<your refresh token"> access_token=$("${python27_executable}" "${path_to_oauth2py}" \ --user="${gsuite_email_address}" \ --client_id="${client_id}" \ --client_secret="${client_secret}" \ --refresh_token="${refresh_token}" \ | awk -F" " '{if(NR==1)print $3}') echo -n "$access_token"
Confirm that your access token works.
python2.7 /path/to/gmail-oauth2-tools/python/oauth2.py \ --test_imap_authentication \ --user=<you>@gmail.com \ --access_token="<your access token>"
You should see something like this:
05:51.26 > OKBC1 AUTHENTICATE XOAUTH2 05:51.32 < + 05:51.33 write literal size 272 05:55.17 < * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 UIDPLUS COMPRESS=DEFLATE ENABLE MOVE CONDSTORE ESEARCH UTF8=ACCEPT LIST-EXTENDED LIST-STATUS LITERAL- SPECIAL-USE APPENDLIMIT=157286400 05:55.17 < OKBC1 OK <you>@gmail.com authenticated (Success) 05:55.17 > OKBC2 SELECT INBOX 05:55.59 < * FLAGS (\Answered \Flagged \Draft \Deleted \Seen $NotPhishing $Phishing) 05:55.59 < * OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen $NotPhishing $Phishing \*)] Flags permitted. 05:55.59 < * OK [UIDVALIDITY 1] UIDs valid. 05:55.59 < * 142 EXISTS 05:55.59 < * 0 RECENT 05:55.59 < * OK [UIDNEXT 142654] Predicted next UID. 05:55.59 < * OK [HIGHESTMODSEQ 65647480] 05:55.59 < OKBC2 OK [READ-WRITE] INBOX selected. (Success)