Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/MunifTanjim/gmail-oauth2-script

Script to get OAuth2 Access Token for Gmail.
https://github.com/MunifTanjim/gmail-oauth2-script

gmail mbsync msmtp mutt neomutt oauth2

Last synced: about 1 month ago
JSON representation

Script to get OAuth2 Access Token for Gmail.

Host: GitHub
URL: https://github.com/MunifTanjim/gmail-oauth2-script
Owner: MunifTanjim
License: mit
Created: 2020-10-18T18:51:17.000Z (about 4 years ago)
Default Branch: main
Last Pushed: 2024-04-16T06:25:16.000Z (9 months ago)
Last Synced: 2024-11-19T07:11:42.131Z (about 1 month ago)
Topics: gmail, mbsync, msmtp, mutt, neomutt, oauth2
Language: Shell
Homepage:
Size: 15.6 KB
Stars: 7
Watchers: 4
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Gmail OAuth2 Script

Script to get OAuth2 Access Token for Gmail.

It can be used with cli tools that interacts with Gmail via
[IMAP](https://tools.ietf.org/html/rfc3501) or [SMTP](https://tools.ietf.org/html/rfc5321).
For example:

- [`mutt`](http://www.mutt.org/) or [`neomutt`](https://neomutt.org/)
- [`mbsync`](https://isync.sourceforge.io/)
- [`msmtp`](https://marlam.de/msmtp/)
- Your own script/tool that speaks IMAP/SMTP

## Installation

Just copy the script you want on your machine and give it executable permission:

```sh
curl --progress-bar https://raw.githubusercontent.com/MunifTanjim/gmail-oauth2-script/main/gmail-oauth2_none_none.sh -o ~/.local/bin/gmail-oauth2.sh
chmod u+x ~/.local/bin/gmail-oauth2.sh
```

If you need one, [create an OAuth client](https://console.cloud.google.com/apis/credentials/oauthclient).
It is recommented to use "Desktop app" as OAuth client type.

## Variants

There are several variants of the script using different tools for cache, storage or secret management.

### `gmail-oauth2_none_none.sh`

Minimal script with no extra features for caching or secret management.
It requires hardcoding sensitive information to the script.

#### Dependencies

- `bash`
- `jq`

#### Usage

**Get Refresh Token**:

```sh
gmail-oauth2.sh refresh_token --client-id CLIENT_ID --client-secret CLIENT_SECRET
```

**Get Access Token**:

```sh
gmail-oauth2.sh access_token --client-id CLIENT_ID --client-secret CLIENT_SECRET --refresh-token REFRESH_TOKEN
```

### `gmail-oauth2_bitwarden_secret-tool.sh`

Uses Bitwarden during initial setup and GNOME Keyring for the rest.

Store your OAuth2 Client's credentials in a Bitwarden item with the following custom fields:

- `client_id` - OAuth2 Client ID
- `client_secret` - OAuth2 Client Secret

#### Dependencies

- `bash`
- `jq`
- `bw` - [Bitwarden CLI](https://github.com/bitwarden/cli)
- `secret-tool` - CLI for GNOME Keyring

#### Usage

```sh
gmail-oauth2.sh [ACCOUNT_ID]

Commands:
authorize Perform the initial authorization steps
access_token Prints Access Token

Flags:
--account-id Alias for the Gmail Account (e.g.: "personal" or "[email protected]")
--store-id Description for GNOME Keyring Items (default: "Gmail-OAuth2-Script")
--secret-id Search Term for Bitwarden Item (default: "client.oauth2.com.google.mail")
```

**Initial Authorization**:

Reads the `client_id` and `client_secret` from Bitwarden, stores them in GNOME Keyring.
Obtains a `refresh_token` after successful authorization and stores it in GNOME Keyring.

```sh
gmail-oauth2.sh authorize [email protected]
# or
gmail-oauth2.sh authorize --account-id [email protected]
```

**Get Access Token**:

Checks GNOME Keyring for existing `access_token`, if it's not expired prints it.
Otherwise, get an `access_token` using the `client_id`, `client_secret`, `refresh_token` from GNOME Keyring,
stores it in GNOME Keyring and prints it.

```sh
gmail-oauth2.sh access_token --account-id [email protected]
```

## License

Licensed under the MIT License. Check the [LICENSE](./LICENSE) file for details.