edit this page
sffoauth

sffoauth

Request a new access_token using an existing refresh_token
(note access_tokens are required to view/mod/zap data but are seldom valid for
more than 1 hour)

    sffoauth -z wire/IMAP.GMAIL.OAUTH -c gmail_dotdot_feb17.json -t sff_dotdot -a
-D | tee /tmp/sffoAccess-x

Initial build - generate both refresh AND access (Manual process)
    sffoauth -z wire/IMAP.GMAIL.OAUTH -c gmail_dotdot_feb17.json -t sff_dotdot -1
-D | tee /tmp/sffoInit-x

Just checking - not much
    sffoauth -z wire/IMAP.GMAIL.OAUTH -c gmail_dotdot_feb17.json -t sff_dotdot -k
-D | tee /tmp/sffoChk-x

oauth parameters for imapwiressl webwiressl and ipbdcastssl
    use-oauth: yes/no   MUST be YES of course !     default: no
    oauth-credentials-file: (file in tables/cert)       default: none
    oauth-token-file: (name of file to be stored in /fip/fix/goauth     default: none

    oauth-scope: (list of one or more scopes, space sep)    default: none
        oauth-scope:openid https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/cloud-platform
https://www.googleapis.com/auth/appengine.admin
https://www.googleapis.com/auth/sqlservice.login
https://www.googleapis.com/auth/compute
https://www.googleapis.com/auth/accounts.reauth

    oauth-flavour:
or  oauth-flavor:
        G-Google or M-Microsoft     default: G
    oauth-refresh-script:
        oauth-refresh-script:/fip/bin/sffoauth -z wire/IMAP.GMAIL.OAUTH -c
gmail_dotdot_2022mar7.json -t sff_dotdotmar7 -a -D

These rarely change ...
    oauth-client-fiphdr (2 letter FipHdr code)      default: IC
    oauth-shared-fiphdr (2 letter FipHdr code)      default: IS
    oauth-access-fiphdr (2 letter FipHdr code)      default: IA
    oauth-refresh-fiphdr (2 letter FipHdr code)     default: IR
    oauth-expiry-fiphdr (2 letter FipHdr code)      default: IX
    oauth-tenant-fiphdr (2 letter FipHdr code)      default: IT
    oauth-scope-fiphdr (2 letter FipHdr code)       default: IV
    oauth-authhost-fiphdr (2 letter FipHdr code)        default: IH
    oauth-localhost-fiphdr (2 letter FipHdr code)       default: IL
    oauth-localport-fiphdr (2 letter FipHdr code)       default: IP

Input switches :
either
    -1 : get an access token from scratch (normally expects some manual
interaction using a browser to accept authentication)
or
    -a : get an access token using the refresh_token
others :
    -D : display the transactions               default: no
        otherwise the result will be logged in Fip ALL
    -n : name of a Parameter file in tables - you must specify subfolder and get
the case right eg wire/IMAPWIRE_GMAIL
    -w : flavor/flavour - Google (for Gmail) - default - or Microsoft (for
Office365)
        or use parameter "oauth-flavour:microsoft" or "oauth-flavor:google"
    -z : same as -n
    -v : version and exit

Parameter file may have the same contents as an tables/wire/(IMAP) file or
tables/mail/(SMTP) file
    Note that skip-balance-group and skip-balance-queue are used by 'sffoauth' to
balance any changes to the tokens

-- TROUBLE-SHOOTING

1. Google - refresh_token is zapped/disappears/is invalid

    - log into the Google Console for the Logon
    - second tab : https://myaccount.google.com/data-and-privacy
        - scroll down to 3rd party apps with account access
            REVOKE access to this particular App only

    - Cmd window - follow the instructions for generating a new refresh-token

Version Control
; 0a-n  18jan22  chj original version ;i 21sep22 added balance ;jkl 20dec22
added MS Office365 as a flavour ;mn timeout on thru_socks_proxy

(copyright) 2024 and previous years FingerPost Ltd.