Log in

No account? Create an account
entries friends calendar profile My Website Previous Previous Next Next
Anthony Bailey's blog
GoogleCL authentication with accounts that use non-Google email addresses

logoGoogleCL is a command line tool that uses the Google Data APIs, so that you can interact with your personal wisp of the Google cloud from your shell. I approve: many thanks to the Google devs who run this project in their spare time.

However, there's an authentication issue for Google accounts registered under non-Google email addresses. This blog post describes a workaround that solved the problem for my anthonybailey.net account - but I'll use example.com as the domain name throughout to avoid personalizing the report. (I was clued in to this workaround through a forum comment by someone I can only credit as "sjoub..."..)

So: you have a Google account under an email address in a domain that you own: mail@example.com. You have signed your example.com account up for Google Apps, and installed GoogleCL. When you run it, you'll have to grant it access permissions. This is what you do:

  1. First, sign in to your mail@example.com Google account in your browser.
  2. Run your GoogleCL command, specifying this account, and telling it to ignore any previous failed attempts to authenticate:
    % google calendar list --user mail@example.com --force-auth
  3. GoogleCL will say: Please log in and/or grant access via your browser at https://www.google.com/accounts/OAuthAuthorizeToken?oauth_token=10n9_r4nd0m_Ex4mp13_70k3n_5tr1n9&hd=example.com then hit enter.
  4. (Your browser will probably open up that URL, follow some 302 redirects to a https://www.google.com/a/example.com/ServiceLogin2 page, and report "Sorry, you've reached a login page for a domain that isn't using Google Apps".)
  5. Visit the URL that GoogleCL suggested, but with the "&hd=example.com" part at the end chopped off. This makes Google correctly use the default example.com hosted domain for the logged-in account. You'll get to a https://www.google.com/accounts/b/0/OAuthAuthorizeToken page where you "Grant Access" to the GoogleCL application.
  6. Press enter back in the GoogleCL shell and see the successful results of your command.
  7. Check that GoogleCl is permanently permitted (and has remembered you as the default user) by running again and getting the same results without any need to do special arguments or the browser / cut-and-paste dance:
    % google calendar list

(You'll have to do this for each Google service you access: each one needs to give GoogleCL access permissions. For some services you have to copy a token back from the authentication page to the shell.)

"But", you exclaim, "wasn't this you being dumb? You shouldn't have given mail@example.com as the username - you just needed to give example.com, the domain that Google Apps knows about!"

Alas, no. This doesn't work:

% google calendar list --user example.com
You do indeed get to grant access without any cut-and-paste dance. But Google Apps ends up granting access to the primary name for the account, mail@example.com. And GoogleCL quite reasonably but pointlessly reports:
You specified account example.com but granted access for mail@example.com. Please log out of mail@example.com and grant access with example.com.

I may have missed a trick, but I didn't find any sequence of attempts that worked without the URL-hacking.

"Why didn't you just sign up with a Gmail address in the first place? The system broke because you did something complicated."

Maybe so. But although I love Google services, I like to use my own domain for my identity and my email address. I had the email address before Gmail came along, and I want to be able to carry on using it without having to ask everyone to update their address books, even if I switch away from the Google service.

1 comment or Leave a comment
From: (Anonymous) Date: January 11th, 2012 06:27 pm (UTC) (Link)
!!!!!!!!! worked!!!!!! thx
1 comment or Leave a comment