Error with Google Tokens

[kayvanaarssen]

Cannot seem to get the correct google Oauth tokens what can this be.
The file is there...

root@misc-public:~/sync/oauth2# ./generate_gmail_token USERNAME@DOMAIN.COM
I am PID 155746 ./generate_gmail_token USERNAME@DOMAIN.COM
In refresh_token_is_here USERNAME@DOMAIN.COM 
./D_oauth2_refresh_token_USERNAME@DOMAIN.COM.txt is not here or empty
Interractive
I am the parent
will do: script -q -f -c ./generate_gmail_token USERNAME@DOMAIN.COM 
I am PID 155751 ./generate_gmail_token USERNAME@DOMAIN.COM
In refresh_token_is_here USERNAME@DOMAIN.COM 
./D_oauth2_refresh_token_USERNAME@DOMAIN.COM.txt is not here or empty
Interractive
I am a child in script 155751
./generate_gmail_token: 28: /root/sync/oauth2/oauth2_google.py: not found
refresh_token saved in ./D_oauth2_refresh_token_USERNAME@DOMAIN.COM.txt
access_token saved in ./D_oauth2_access_token_USERNAME@DOMAIN.COM.txt
/root/sync/oauth2/oauth2_google.py --quiet --user=USERNAME@DOMAIN.COM --client_id=108687549524-86sjq07f3ch8otl9fnr56mjnniltdrvn.apps.googleusercontent.com --client_secret=zAJO4PLxzeJ4yOaiJRk6f69k --refresh_token=
./generate_gmail_token: 52: /root/sync/oauth2/oauth2_google.py: not found
access_token saved in ./D_oauth2_access_token_USERNAME@DOMAIN.COM.txt
./generate_gmail_token: 89: /root/sync/oauth2/oauth2_google.py: not found
oauth2_string saved in ./D_oauth2_oauthdirect_USERNAME@DOMAIN.COM.txt
Give this to imapsync --oauthdirect1 or --oauthdirect2
'```

[gilleslamiral]

Do you have
https://imapsync.lamiral.info/oauth2/oauth2_gmail/oauth2_google.py
in the same directory?

[kayvanaarssen]

Yes, just did a whole clone of the IMAPSYNC from github as well.

See:

[gilleslamiral]

It's one of those shell mysteries...

What gives
/root/sync/oauth2/oauth2_google.py

[kayvanaarssen]

Looks like it cannot find Phyton.

root@misc-public:~/sync/oauth2# ./oauth2_google.py
-bash: ./oauth2_google.py: /usr/bin/python: bad interpreter: No such file or directory
root@misc-public:~/sync/oauth2#

apt install python

And now showing:

I'll try again tomorrow running the whole thing.

[kayvanaarssen]

@gilleslamiral I've started to try it this morning when I generate with:

./oauth2_google.py --user=USER@DOMAIN.COM --client_id=6395189-hbl1cs6k98a2aum.apps.googleusercontent.com     --client_secret=GOCSL_sEckDXEFx     --generate_oauth2_token

And i copy and past the URL your script gives me i get this error in google:

Where can I find the right guide on how to test this, so that we do not need to enable 2FA when doing a migration and creating App Passwords.

We do Many M365 Migrations that works great but Google is a pain (at the moment :-D )

[gilleslamiral]

The script to run is ./generate_gmail_token not ./oauth2_google.py

[kayvanaarssen]

than i get this error on Google:

so i only ran: ./generate_gmail_token --user=USER@DOMAIN.com

[gilleslamiral]

You may use an old release.

Update with:
https://imapsync.lamiral.info/oauth2/oauth2_gmail/

[kayvanaarssen]

@gilleslamiral Still having the same issue just tried again:

The Advanced button that is stated in your Documentation is not available as you can see.

[gilleslamiral]

Do you use generate_gmail_token release 1.12?

gilles@petite:~/public_html/imapsync/oauth2/oauth2_gmail 11$ more generate_gmail_token
#!/bin/sh

# $Id: generate_gmail_token,v 1.12 2023/05/31 09:31:42 gilles Exp gilles $

https://imapsync.lamiral.info/oauth2/oauth2_gmail/generate_gmail_token

[kayvanaarssen]

Yes I do, downloaded from the link you provided:

[gilleslamiral]

Ok
I don't have this reject when I use it, I just have warnings I can accept

[robertmathews]

I have the same problem: when I try using generate_gmail_token,v 1.12 with Google, I get the Access blocked: imapsync has not completed the Google verification process error:

According to the Google documentation, they allow a certain number of users to be shown a warning they can click past, but when you reach a "user cap", everyone else gets blocked:

Note: Your app is still subject to a tester warning screen, as shown in figure 2, a user cap is in effect, and the refresh token lifetime is limited.

So this is not going to work for other people unless you follow the How to submit your app for verification steps.

[gilleslamiral]

Ok.
Maybe you can try with the Thunderbird client_id

[Avamander]

Google has now blocked all OOB OAuth2 flows:

The out-of-band (OOB) flow has been blocked in order to keep users secure. Follow the Out-of-Band (OOB) flow migration guide linked in the developer docs below to migrate your app to an alternative method.
Request details: redirect_uri=urn:ietf:wg:oauth:2.0:oob

The current scripts unfortunately can't function even if you use your own Client ID and Secret.

[gilleslamiral]

Google has now blocked all OOB OAuth2 flows:
The current scripts unfortunately can't function even if you use your own Client ID and Secret.

The script
https://imapsync.lamiral.info/oauth2/oauth2_gmail/generate_gmail_token
doesn't use OOB anymore.

[Avamander]

The script generate_gmail_token doesn't use OOB anymore. But the script oauth2_google.py invoked by generate_gmail_token defines REDIRECT_URI = 'urn:ietf:wg:oauth:2.0:oob'.

I'm unfortunately not sure what the replacement should be though, the script would have to start a HTTP listener for that at localhost, no?

[gilleslamiral]

The script generate_gmail_token doesn't use OOB anymore. But the script oauth2_google.py invoked by generate_gmail_token defines REDIRECT_URI = 'urn:ietf:wg:oauth:2.0:oob'.

So I was wrong about OOB. I don't understand why this still works for me.

I'm unfortunately not sure what the replacement should be though, the script would have to start a HTTP listener for that at localhost, no?

Yes. I wrote this for Office365:
https://imapsync.lamiral.info/oauth2/oauth2_office365/oauth2_office365_with_imap

It should work for Gmail, changing the values. I haven't trie it.