support oauth2 login #252
support oauth2 login #252
Conversation
I haven't fully reviewed the PR yet, but is that function a non-interactive command, or would it open a web browser? Needing to run |
|
You will only need to generate a refresh token once, since the refresh token can be reused. At the moment you need to call this manually from a python console, but something like 'r2e get-oauth2-refresh-token' would be great. If you have a good idea for a name I can give this a try. The process currently will take you to google where you OK access for the token and then it redirects you to a non-existing page on localhost. However, that request has the refresh token in it. I believe that some people made a web service one could use as a redirect that then nicely lists the token, but I'm not sure if you think it is OK to links to someones webpage. At the moment the redirect to localhost fails, but if you past the URL into the command line, you get the refresh token printed to the terminal. Not ideal, but at least it doesn't involve any 3rd-party web servers. |
|
When gmail began requiring oauth, the refresh token expired every 7 days, is that no longer the case? |
|
I believe the “right way” to use Gmail for r2e is with app passwords. If you must use oauth2, then do not reinvent the wheel; use the special tool that mimics regular |
I'm not an expert on oauth, but on my computer I got this to work without having to refresh this... so far it's been running for about 1 month. I believe the refresh token last forever and then for every login you generate an authorization token, which is what the code does. Perhaps this is a change from oauth to aouth2?
The code I committed does pretty much exactly the same as the python implementation that can be found at git-send-mail. It just combines two steps into into one, e.g. generating the authorization token and generating the string that you need to log in for the IMAP instance of rss2email. You will need some code layer to integrate this with rss2email, and I would think this is pretty much the minimal amount you need. Not sure if it is better to use a 3rd party tool here, but I'm open for whatever is the best way to get this to work in rss2email ;) As for app passwords, I'm not familiar with them and don't know how they would be integrated in rss2email. When I go to my google account page (managed by the company I work for), I don't have an option to create app passwords. Also google seems to not recommend them anymore. This is the first text I get when I go to the help for app passwords on my google account "App passwords aren’t recommended and are unnecessary in most cases." |
|
Just pushed some small updates and was wondering, if there is a change to get this merged (and if so what else would be needed) or if you rather want to go with 3rd party packages to handle oauth2. Either way, I would be interesting in getting oauth2 support into rss2email ;) |
Initial support for oauth2 login. The user needs to set 4 variables in the config file: imap-oauth2 is a boolean that needs to be set to True. imap-clientid, imap-clientsecret, imap-refreshtoken are needed to log in. The new file oauth2.py also includes code to generate a refresh token. Currently the function needs to be called manually.
Initial support for oauth2 login (at least for gmail).
The user needs to set 4 variables in the config file:
imap-oauth2 is a boolean that needs to be set to True.
imap-clientid, imap-clientsecret, imap-refreshtoken are needed to log in.
The new file oauth2.py also includes code to generate a refresh token. Currently the function needs to be called manually though and this should probably be integrated into r2e before merging.
I wanted to create this PR to start a discussion on what else needs to change so that this can be integrated in the future.
I'm running a similar code (but currently not the same) on my desktop where this is working already.
Looking forward to hearing back from you.