Token has been expired or revoked

[nmishkin]

Hi, I'm a new gmailctl user. Great app! I got everything working but I followed the "testing mode" path described in the instructions:

3. You now have a choice. You can either:
   * Click on 'Publish App' and avoid 'Submitting for
   verification'. This will result in scary confirmation
   screens or error messages when you authorize gmailctl with
   your account (but for some users it works), OR
   * You could add your email as 'Test user' and keep the app in
   'Testing' mode. In this case everything will work, but
   you'll have to login and confirm the access every week (token
   expiration).

because I didn't get a sense of which approach you were recommending and now my token has expired and I get the "Token has been expired or revoked" error when I run gmailctl. So I went to the Google Cloud Console and started following the "Publish App" flow on the "OAuth consent screen". This led me to a pretty complicated flow that requires me to "prepare for verification" and supply all sorts of info that I don't have and/or can't readily come up with. I don't know whether the publish flow has gotten more picky/complicated since you first created gmailctl but it's pretty daunting/unclear (and I'm a software developer).

Any suggestions on how I should proceed?

Thanks!

Nat

[mbrt]

Hey Nathaniel,
I haven't tried the workflow in a while, but I wouldn't be surprised if it changed. Over the years I had to fight this progressive tightening so I understand your frustration.

I don't have time in the next few days to try it. Can you confirm that you tried to supply the necessary information? Usually things like "Accessing only personal email" and a bogus website work. IIRC it was a single screen of fields to fill in and that was it.

[nmishkin]

Hi Michele,

I just tried to go through the verification flow (putting in a combination of real and sem-real info :-) but then reached this step:

You can see the detailed requirements at this Google page.

Rather than actually making a YouTube video (or seeing whether a bogus YouTube link would work), for now at least I'm just going to reset the info in my .gmailctl directory (after saving my config.jsonnet file) and do another temporary setup.

If you have any suggestions, let me know. Thanks.

Nat

[mbrt]

A comment in this SO question seems to suggest that there's no middle ground between "testing" and "published" apps.

I wonder how projects like drive and rclone deal with this? I know for a fact that drive uses a shared API key by default, but this is not the route I want to follow, as I would need to constantly care about quotas and limit across all users and potentially paying out of pocket.

[mbrt]

I already did some investigation in the past but couldn't really find a workaround (and forgot about it): #232. This is quite frustrating, as every single person that tries to use the APIs for themselves needs to go through all these hoops.

Can you try using gmailctl init --refresh-expired?

[nmishkin]

Can you try using gmailctl init --refresh-expired?

That seems to have worked and I was then able to do gmailctl apply but the test was a bit imperfect because I'd mucked with some things since I originally ran into the problem. In particular I'd made a fresh .gmailctl directory and I was doing gmailctl export and then manually importing the XML file like I just discovered other people who've run into this problem have been doing. When the credentials expire again I'll try the gmailctl init --refresh-expired again and then we'll know for sure that it's a workaround.

[github-actions]

This issue is stale because it has been open for 30 days without activity.
This will be closed in 7 days, unless you add the 'lifecycle/keep-alive' label or comment.