Anthony Bailey (anthonybailey) wrote,
Anthony Bailey

GoogleCL authentication with accounts that use non-Google email addresses

logoGoogleCL is a command line tool that uses the Google Data APIs, so that you can interact with your personal wisp of the Google cloud from your shell. I approve: many thanks to the Google devs who run this project in their spare time.

However, there's an authentication issue for Google accounts registered under non-Google email addresses. This blog post describes a workaround that solved the problem for my account - but I'll use as the domain name throughout to avoid personalizing the report. (I was clued in to this workaround through a forum comment by someone I can only credit as "sjoub..."..)

So: you have a Google account under an email address in a domain that you own: You have signed your account up for Google Apps, and installed GoogleCL. When you run it, you'll have to grant it access permissions. This is what you do:

  1. First, sign in to your Google account in your browser.
  2. Run your GoogleCL command, specifying this account, and telling it to ignore any previous failed attempts to authenticate:
    % google calendar list --user --force-auth
  3. GoogleCL will say: Please log in and/or grant access via your browser at then hit enter.
  4. (Your browser will probably open up that URL, follow some 302 redirects to a page, and report "Sorry, you've reached a login page for a domain that isn't using Google Apps".)
  5. Visit the URL that GoogleCL suggested, but with the "&" part at the end chopped off. This makes Google correctly use the default hosted domain for the logged-in account. You'll get to a page where you "Grant Access" to the GoogleCL application.
  6. Press enter back in the GoogleCL shell and see the successful results of your command.
  7. Check that GoogleCl is permanently permitted (and has remembered you as the default user) by running again and getting the same results without any need to do special arguments or the browser / cut-and-paste dance:
    % google calendar list

(You'll have to do this for each Google service you access: each one needs to give GoogleCL access permissions. For some services you have to copy a token back from the authentication page to the shell.)

"But", you exclaim, "wasn't this you being dumb? You shouldn't have given as the username - you just needed to give, the domain that Google Apps knows about!"

Alas, no. This doesn't work:

% google calendar list --user
You do indeed get to grant access without any cut-and-paste dance. But Google Apps ends up granting access to the primary name for the account, And GoogleCL quite reasonably but pointlessly reports:
You specified account but granted access for Please log out of and grant access with

I may have missed a trick, but I didn't find any sequence of attempts that worked without the URL-hacking.

"Why didn't you just sign up with a Gmail address in the first place? The system broke because you did something complicated."

Maybe so. But although I love Google services, I like to use my own domain for my identity and my email address. I had the email address before Gmail came along, and I want to be able to carry on using it without having to ask everyone to update their address books, even if I switch away from the Google service.

  • Post a new comment


    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 1 comment