Access gMail via domain-wide delegation of authority
Marek Dopiera
marek at dopiera.pl
Sun May 9 22:57:32 BST 2021
Hi,
I just started using offlineimap and I love it. It took me a while,
however, to set it up to access gMail via a service key and domain-wide
delegation of authority and I thought I'd share somewhere how to do it, as
I don't think it's documented anywhere. Therefore, I have two questions:
would you care for such a howto and which is the right place for it?
My use case is to back up a couple of Google Workspace accounts to an
external storage. Therefore, I don't want every user to give me (the admin)
the consent (i.e. the documented OAuth flow), nor do I want to manage their
passwords for obvious reasons.
The solution is to create a service account with Google and delegate
domain-wide authority to that service account (as per
https://developers.google.com/admin-sdk/directory/v1/guides/delegation).
OfflineIMAP doesn't seem to allow for using such a service key directly,
but I made it work by abusing *oauth2_access_token_eval* to call a ~10-line
python script, which generates the access token from the service key.
Thanks for a great piece of software
--
Marek Dopiera
marek at dopiera.pl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/offlineimap-project/attachments/20210509/590f5416/attachment.htm>
More information about the OfflineIMAP-project
mailing list