gst - Google Shit Token
=======================
gst is a minimal binary to obtain and refresh Google OAuth 2.0 user
tokens from the command line.
Requirements
------------
In order to build gst you need rustc and libtls (LibreSSL).
gst also links against libcrypto for SHA-256 (PKCE) and uses
arc4random_buf(3) for randomness.
On systems that ship LibreSSL alongside OpenSSL (e.g. Arch Linux,
where LibreSSL lives at /usr/lib/libressl to avoid conflicts),
the Makefile picks up the LibreSSL prefix automatically. Set
LIBRESSL_PREFIX to override.
Installation
------------
Edit Makefile to match your local setup (gst is installed into
the /usr/local/bin namespace by default).
Afterwards enter the following command to build and install gst:
make clean install
First run
---------
See SETUP.md for the one-time Google Cloud setup, the initial
authorization flow, multiple-account and revocation workflows,
and troubleshooting.
The short version:
gst -i -c client_secret.json -f token.json \
https://www.googleapis.com/auth/gmail.send
Daily use
---------
Print the current access token, refreshing it transparently when
fewer than 60 seconds remain until expiry:
gst -p -f token.json
The expected pattern is to call gst -p inline in scripts:
curl -H "Authorization: Bearer $(gst -p -f token.json)" \
https://www.googleapis.com/gmail/v1/users/me/profile
Refresh the token without printing it; with -F the refresh is
forced regardless of remaining lifetime:
gst -r -f token.json
gst -rF -f token.json
Revoke the refresh token at the authorization server and delete
the token file:
gst -R -f token.json
Print the version:
gst -V
PKCE
----
gst always uses Proof Key for Code Exchange (RFC 7636) with the
S256 challenge method. No flag turns it off.
Download
--------
got clone ssh://ijanc@ijanc.org/gst
License
-------
ISC — see LICENSE.
