background
For two years I’ve been happily accessing my Gmail accounts with neomutt
.
I’m sync’ing between neomutt
locally and my online Gmail account with mbsync
and a “2-Step Verification” app password (Sign in with App Passwords).
sending email with msmtp, until now
To send a Gmail with neomutt
is trickier, because msmtp
requires an unexpired token from the Gmail API
. Fortunately GitHub user tenllado provided the only working open-source solution that I’ve been able to find, his script oauth2token. I adapted it as oauth2tool.sh. The steps for this to function are:
1 prepare – get my Gmail OAuth 2.0 credentials
- Use Gmail API’s Python Quickstart to get my credentials, which look like this:
- my Client ID:
xxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
- my Client Secret:
xxxxxxxxxxxxxxxxxxxxxxxx
- my Client ID:
- Grab a copy of
oauth2.py
(Code “the refresh token lasts indefinitely”). - Get the immortal refresh token:
$ python2 oauth2.py --user=my@gmail.com --client_id=<myCI> --client_secret=<myCS> --generate_oauth2_token
and follow the instructions. It looks like this:- refresh token:
1//03xxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxx
- refresh token:
2 prepare – configure msmtprc
account my
auth oauthbearer
host smtp.gmail.com
port 587
from my@gmail.com
user my@gmail.com
passwordeval bash oauth2tool.sh my
3 use – send emails from the command line, until now
Then, when I send an email echo "test" | msmtp -a my <target_email>
, my oauth2tool.sh
pulls up a valid token. The way it does this is it grabs the token with pass
if it’s not expired, otherwise it grabs a new one with python2 oauth2.py --user=my@gmail.com --client_id=<myCI> --client_secret=<myCS> --refresh_token=<myRT>
.
With all this, I could easily send emails from my Gmail accounts from the command line, until now.
now, oob is no longer allowed
Now my once immortal refresh tokens are being expired, and I can’t renew them because Gmail’s oauth2.py
is using redirect_uri = urn:ietf:wg:oauth:2.0:oob
, which is deprecated.
Making Google OAuth interactions safer by using more secure OAuth flows “OAuth
out-of-band (oob) flow will be deprecated”.
How to continue sending with msmtp?
OAuth 2.0 for Mobile & Desktop Apps “Loopback IP address (macOS, Linux, Windows desktop)” seems to be the way forward, but I’d need a few weeks of free time, which I don’t have, to figure out how. Any ideas out there?
Related question: Google Cloud: OAuth clients in test mode that are using the OAuth OOB flow.