SMusatov
/
IMAPsync
mirror of https://github.com/imapsync/imapsync


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778
							
# $Id: README_OAUTH2.txt,v 1.2 2022/07/25 16:44:43 gilles Exp gilles $

1) Do you have a refresh_token?
Yes: Good!

No:  Get one. How? Run the commands:

    cd oauth2/
    ./generate_gmail_token  youremail@gmail.com 

You will be asked to go to a long url with a browser, like this:

To authorize token, visit this url and follow the directions:
https://accounts.google.com/o/oauth2/auth?client_id=108687549524-86sjq07f3ch8otl9fnr56mjnniltdrvn.apps.googleusercontent.com&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code&scope=https%3A%2F%2Fmail.google.com%2F


Go to this url, the url above should be the same as presented by the script.
Select your gmail address on the page, maybe do some 2-steps confirmation
with your phone. Then you'll see this warning:

"Google hasn’t verified this app"
"The app is requesting access to sensitive info in your Google Account. 
Until the developer (gilles.lamiral@gmail.com) verifies this app 
with Google, you shouldn't use it."

Well, gilles.lamiral@gmail.com is me and I haven't verify this app 
with google yet. But it's me Gilles LAMIRAL, the imapsync author.

Click on the link "Advanced". 
It writes:
"Continue only if you understand the risks and trust the developer (gilles.lamiral@gmail.com)."

Then click on the link "Go to imapsync (unsafe)"

It then shows:
"imapsync wants to access your Google Account"
"Make sure you trust imapsync"
"You may be sharing sensitive info with this site or app. 
You can always see or remove access in your Google Account."

Click on the blue button "Allow"

Copy/paste the code after the prompt "Enter verification code: "

It will generate a refresh token, an access token, and an oauthdirect 
token shown on the output, saved in three files, 
one file named ./D_oauth2_refresh_token_youremail@gmail.com.txt
another named  ./D_oauth2_access_token_youremail@gmail.com.txt
another named  ./D_oauth2_oauthdirect_youremail@gmail.com.txt

The refresh_token is just there to refresh the access_token and the
oauthdirect token.

With imapsync you can use either the oauthdirect or the access_token
token, like this:

    imapsync ... --user1 useless             --oauthdirect1      oauth2/D_oauth2_oauthdirect_youremail@gmail.com.txt

    imapsync ... --user1 youremail@gmail.com --oauthaccesstoken1 oauth2/D_oauth2_access_token_youremail@gmail.com.txt

With --oauthdirect1 the --user1 parameter is useless because it is already 
coded inside the oauthdirect token.

With --oauthaccesstoken1 the --user1 parameter is important because it will be 
used by imapsync to generate the oauthdirect token.

2) How to get a fresh enough access_token (less than one hour)?

Run the same command:

    cd oauth2/
    ./generate_gmail_token  youremail@gmail.com 

It will generate a new access_token (and the oauthdirect one) 
without any prompt this time, because the refresh token is used for that.