Create and load persistent Google authentication tokens for command-line apps
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
.gitignore 1.0.0 Mar 31, 2014
LICENSE 1.0.0 Mar 31, 2014 Added "Consent screen" instructions to Oct 15, 2014
cli.js 3.0.0 Aug 3, 2014
index.js 3.0.1 - change error semantics Aug 4, 2014
package.json 3.0.2 - update docs Oct 14, 2014


Create and refresh a Google OAuth 2.0 authentication token for command-line apps


This module is based on ghauth which does the same thing for GitHub tokens

You can learn about Google tokens here

To use this you will need to:

  • have a google account
  • create a new application at the google developers console
  • enable an API on your new application (e.g. the gmail API)
  • create a new client ID for an "Installed application"
  • store the client ID and client secret in a secure location (you will need them to use googleauth)
  • add your email and product name to the "Consent screen" page under the APIs & auth section of your application
  • for the API you want to access locate the scope URL. e.g. gmail's scope url for read-only is:

Example usage

$ npm install googleauth -g
$ googleauth --scope="" --client_id="foobar" --client_secret="mysecret"
Open the following URL in your browser, then paste the resulting authorization code below:

Google Authorization Code: weeeeeeeeee
{ access_token: 'foo', token_type: 'Bearer', expires_in: 3600, refresh_token: 'bar' }

Because the refresh token is persisted, the next time you run it there will be no prompts, and a fresh google token will be requested from google every time:

$ googleauth
{ access_token: 'freshtokenhere', token_type: 'Bearer', expires_in: 3600, refresh_token: 'bar' }

Resetting your token

A JSON file will be created when you first get a token at this location:

path.join(process.env.HOME || process.env.USERPROFILE, '.config', 'googleauth.json')

You can simply delete that file to make googleauth forget about you.

If you change token settings e.g. add/remove scopes you will have to delete this file first so that googleauth will prompt you for the authentication flow again.


Pass in args using this CLI syntax: googleauth --foo=bar. You can pass in multiple scope arguments.

  • client_id (required)
  • client_secret (required)
  • scope (required) - authentication scope, googles are usually full URIs
  • redirect_uri (default urn:ietf:wg:oauth:2.0:oob) - you shouldnt need to change this, the default is what makes google use the CLI login flow
  • config_path (default ~/.config/googleauth.json)

Options are only required for authentication. You don't need to pass them in to refresh a token.