gmailctl: Cant get an OAuth token if my publish status is "In production"

First up thanks for this project!

I have it working in testing mode but I cant get it working if I publish my app. Tried 3 times, following the instructions as per gmailctl init.

When visiting the authorisation link I get the following from the google oauth page:

Error 400: invalid_request

You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy for keeping apps secure.

You can let the app developer know that this app doesn't comply with one or more Google validation rules.
Request Details
The content in this section has been provided by the app developer. This content has not been reviewed or verified by Google.
If you’re the app developer, make sure that these request details comply with Google policies.
redirect_uri: urn:ietf:wg:oauth:2.0:oob

Not sure if this is a recent change or not. I’ve followed the init instructions to the letter, from what I can tell. Any ideas?

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 20 (8 by maintainers)

Commits related to this issue

Most upvoted comments

I just tried with a fresh GCP project, new credentials and all that and I don’t have any problem using gmailctl.

One weird thing that happened this time is that the redirect URL failed miserably, because it was pointing to http://localhost/, but I was able to copy the authorization code from a URL parameter.

In any case, I cannot reproduce the problem. Are you sure you’re using the last version and the app is not submitted for verification?

Thank you for looking into this @mbrt.

Re #232 (comment): You can use gmailctl export to generate the XML to import manually in the Gmail settings.

If I’m following correctly, I’m with you on going from gmailctl to XML. I’m looking into going from XML to gmailctl format so I can use gmailctl as a sort of offline declarative editor. I’m hoping to avoid doing it all by hand 😬😅

This timing is wild @dabeeeenster, I ran into the same experience getting set up today. It does seem like permissions were locked down further since these instructions were written. Is there a way around it?

If not, is there a way to use this declarative tooling in a “manual mode”?

I’m thinking I:

  • manually download my existing filters
  • import them into gmailctl format
  • export them
  • manually delete existing filters & re-upload

I’d be fine with that level of manual work to get my filters under control. Thanks again for this inspiring project 🌟