GoogleCL is a command line tool that uses the Google Data APIs, so that you can interact with your personal wisp of the Google cloud from your shell. I approve: many thanks to the Google devs who run this project in their spare time.
However, there's an authentication issue for Google accounts registered under non-Google email addresses. This blog post describes a workaround that solved the problem for my
anthonybailey.net account - but I'll use
example.com as the domain name throughout to avoid personalizing the report.
(I was clued in to this workaround through a forum comment by someone I can only credit as "sjoub..."..)
So: you have a Google account under an email address in a domain that you own:
email@example.com. You have signed your
example.com account up for Google Apps, and installed GoogleCL. When you run it, you'll have to grant it access permissions. This is what you do:
- First, sign in to your
firstname.lastname@example.orgGoogle account in your browser.
- Run your GoogleCL command, specifying this account, and telling it to ignore any previous failed attempts to authenticate:
% google calendar list --user email@example.com --force-auth
- GoogleCL will say: Please log in and/or grant access via your browser at
https://www.google.com/accounts/OAuthAuthorizeToken?oauth_token=10n9_r4nd0m_Ex4mp13_70k3n_5tr1n9&hd=example.comthen hit enter.
- (Your browser will probably open up that URL, follow some 302 redirects to a
https://www.google.com/a/example.com/ServiceLogin2page, and report "Sorry, you've reached a login page for a domain that isn't using Google Apps".)
- Visit the URL that GoogleCL suggested, but with the "
&hd=example.com" part at the end chopped off. This makes Google correctly use the default
example.comhosted domain for the logged-in account. You'll get to a
https://www.google.com/accounts/b/0/OAuthAuthorizeTokenpage where you "Grant Access" to the GoogleCL application.
- Press enter back in the GoogleCL shell and see the successful results of your command.
- Check that GoogleCl is permanently permitted (and has remembered you as the default user) by running again and getting the same results without any need to do special arguments or the browser / cut-and-paste dance:
% google calendar list
(You'll have to do this for each Google service you access: each one needs to give GoogleCL access permissions. For some services you have to copy a token back from the authentication page to the shell.)
"But", you exclaim, "wasn't this you being dumb? You shouldn't have given
firstname.lastname@example.org as the username - you just needed to give
example.com, the domain that Google Apps knows about!"
Alas, no. This doesn't work:
% google calendar list --user example.comYou do indeed get to grant access without any cut-and-paste dance. But Google Apps ends up granting access to the primary name for the account,
email@example.com. And GoogleCL quite reasonably but pointlessly reports:
You specified account
example.combut granted access for
firstname.lastname@example.org. Please log out of
email@example.com grant access with
I may have missed a trick, but I didn't find any sequence of attempts that worked without the URL-hacking.
"Why didn't you just sign up with a Gmail address in the first place? The system broke because you did something complicated."
Maybe so. But although I love Google services, I like to use my own domain for my identity and my email address. I had the email address before Gmail came along, and I want to be able to carry on using it without having to ask everyone to update their address books, even if I switch away from the Google service.