Description:
binary to obtain and refresh Google OAuth 2.0 user tokens from the command line
Owner:
Murilo Ijanc'
Last Change:
Clone URL:
ssh://anon@ijanc.org/got.gst

Commit Briefs

c51929ed26 Murilo Ijanc

build vendored rlibs through a single pattern rule (main)

The two recipes were near-duplicates; collapse them into \$(BUILD)/lib%.rlib: vendor/%.rs and use a target-scoped export so that HTTP_VERSION is set only when building libhttp.rlib.

diff | patch | tree

b03e969704 Murilo Ijanc

regenerate VENDOR via marmita(1)

The manifest is now produced and refreshed by marmita(1) using the format documented there. While here, correct the jackson origin URL (the upstream path is /jackson, not /json/jackson) and bump http to 72e29eb.

diff | patch | tree

a5d0ad4ab8 Murilo Ijanc

Use vendored http library for HTTPS.

- replace the libtls Conn, the inline HTTP formatter, the chunked decoder, and the URL parser with http::get and http::post - drop parse_http_response, decode_chunked, header_value, parse_https_url, and the local percent_encode/decode/url_form - shrink mod ffi to just the crypto primitives needed for PKCE (SHA256, arc4random_buf) - vendor http at ssh://ijanc@ijanc.org/http commit ebd3a89

diff | patch | tree

feb508df94 Murilo Ijanc

Initial import.

diff | patch | tree

Branches

main
summary | commit briefs | commits

Tags

This repository contains no tags

Tree

.gitignorecommits | blame
.rustfmt.tomlcommits | blame
LICENSEcommits | blame
Makefilecommits | blame
README.mdcommits | blame
SETUP.mdcommits | blame
gst.1commits | blame
gst.rscommits | blame
vendor/

README.md

gst - Google Shit Token
=======================
gst is a minimal binary to obtain and refresh Google OAuth 2.0 user
tokens from the command line.


Requirements
------------
In order to build gst you need rustc and libtls (LibreSSL).
gst also links against libcrypto for SHA-256 (PKCE) and uses
arc4random_buf(3) for randomness.

On systems that ship LibreSSL alongside OpenSSL (e.g. Arch Linux,
where LibreSSL lives at /usr/lib/libressl to avoid conflicts),
the Makefile picks up the LibreSSL prefix automatically.  Set
LIBRESSL_PREFIX to override.


Installation
------------
Edit Makefile to match your local setup (gst is installed into
the /usr/local/bin namespace by default).

Afterwards enter the following command to build and install gst:

    make clean install


First run
---------
See SETUP.md for the one-time Google Cloud setup, the initial
authorization flow, multiple-account and revocation workflows,
and troubleshooting.

The short version:

    gst -i -c client_secret.json -f token.json \
        https://www.googleapis.com/auth/gmail.send


Daily use
---------
Print the current access token, refreshing it transparently when
fewer than 60 seconds remain until expiry:

    gst -p -f token.json

The expected pattern is to call gst -p inline in scripts:

    curl -H "Authorization: Bearer $(gst -p -f token.json)" \
        https://www.googleapis.com/gmail/v1/users/me/profile

Refresh the token without printing it; with -F the refresh is
forced regardless of remaining lifetime:

    gst -r -f token.json
    gst -rF -f token.json

Revoke the refresh token at the authorization server and delete
the token file:

    gst -R -f token.json

Print the version:

    gst -V


PKCE
----
gst always uses Proof Key for Code Exchange (RFC 7636) with the
S256 challenge method.  No flag turns it off.


Download
--------
    got clone ssh://ijanc@ijanc.org/gst


License
-------
ISC — see LICENSE.