Google OAuth token works only once + HTTPS issue

[dajanchar]

Hi,

I am trying to setup a gphotos-sync application which will execute every day at at certain hour. However, the application works only the first time (when I am issued for authorizing it). Each next try, the app exits with a message that a token has expired. Token was generated one minute before the error occurred. Is there any detail I am missing? I have found that gphotos.token file is not present in destination file. If I setup this system on Windows platform, the gphotos.token file is present and it works without a problem. I am running the application on Raspberry Pi. Any help would be appritiated.

Additional question here is that I want to keep one token for a long time as the application will be ran as cronjob. Google wants to have a https redirect URIs in order to allow having a token, which does not expire in one week. If I provide a https URI into Google Console, following message occurs when I click allow on consent screen:

Is there any special procedure to create a HTTPS webserver which will be used for Google OAuth procedure?

[gilesknap]

Hi @dajanchar.

If you are using gphotos-sync 3.04 and follow the instructions for making the secrets file and initial token here then you should end up with a renewable token that automatically renews indefinitely.

Your error indicates that you don't have a refresh token required to renew expired tokens. There should be one present if you followed the above procedure correctly.

The second error you pasted indicates you are not using local auth flow. The only flow supported for applications (since deprecation of OOB flow) is localhost.

You should be able to get an indefinitely running token working on a raspberry pi. I have tested this myself.

[dajanchar]

Thanks for the fast reply @gilesknap. I am using gphotos-sync v3.0.3. I have solved the first issue by adding parameter &prompt=consent into URL query string when the application requires to authorize it.

Regarding the second issue, I am running pi headless (without GUI), so I cannot perform the authorization through a browser on the PI itself. Also, the authorization cannot be performed on another PC by copying the link provided, because the PI hosts the server only on 'localhost', which means that PC is unable to redirect back to the server as it effectively redirects to itself (resulting in page not found). Currently, I have managed to get the authorization working from PC by editing etc/hosts file on PI and PC, so that a dummy URL (krneki.com) points to the local IP of the PI. I will try to get similar thing done with localhost and will report back if it works. Thanks again.

[gilesknap]

For the headless use case
see this conversation.

#385 (comment)

[gilesknap]

sorry that should be v3.0.3 (3.04 is a badly versioned docker image)