-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathget_token.py
More file actions
executable file
·79 lines (62 loc) · 2.27 KB
/
get_token.py
File metadata and controls
executable file
·79 lines (62 loc) · 2.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
#!/usr/bin/env -S uv run --script
#
# /// script
# requires-python = ">=3.14"
# dependencies = [
# "google-auth",
# "google-auth-httplib2",
# "google-auth-oauthlib",
# "requests",
# ]
# ///
"""
get_token.py
============
Heavily inspired by the code in this blog:
https://linsnotes.com/posts/sending-email-from-raspberry-pi-using-msmtp-with-gmail-oauth2/
I just added some flexibility for multiple accounts.
"""
import pathlib
import sys
import argparse
from google.oauth2.credentials import Credentials
from google.auth.transport.requests import Request
BASE_DIR = pathlib.Path(__file__).resolve().parent
DEFAULT_TOKEN_FILE = BASE_DIR / "credentials.json" # produced by authorize.py
SCOPES = ["https://mail.google.com/"] # full Gmail SMTP scope
def parse_args() -> argparse.Namespace:
"""Parse command-line arguments."""
parser = argparse.ArgumentParser(
prog="get_token.py",
description="Return a fresh OAuth 2.0 access-token for Gmail SMTP.",
formatter_class=argparse.ArgumentDefaultsHelpFormatter,
)
parser.add_argument(
"-c",
"--credentials-file",
type=pathlib.Path,
default=DEFAULT_TOKEN_FILE,
help="Path to credentials.json file (default: %(default)s)",
)
return parser.parse_args()
def fresh_token(token_file: pathlib.Path) -> str:
"""
Return a valid access-token, refreshing credentials if required.
Exits with an error message (non-zero code) if no usable refresh-token
is present.
"""
if not token_file.exists():
sys.exit(f"{token_file} missing – run authorize.py first")
creds = Credentials.from_authorized_user_file(token_file, SCOPES)
if not creds.valid:
if creds.expired and creds.refresh_token:
# Refresh
creds.refresh(Request())
token_file.write_text(creds.to_json())
else:
sys.exit("No valid refresh-token – re-run authorize.py")
return creds.token
# ─── CLI entry point ──────────────────────────────────────────────────────
if __name__ == "__main__":
# msmtp reads whatever is printed to stdout.
print(fresh_token(parse_args().credentials_file))