Create and load persistent Google OAuth API authentication tokens on the command-line

Downloads in past


5213.0.210 years ago10 years agoMinified + gzip package size for googleauth in KB


Create and refresh a Google OAuth 2.0 authentication token for command-line apps
This module is based on ghauth which does the same thing for GitHub tokens
You can learn about Google tokens here
To use this you will need to:
  • have a google account
  • create a new application at the google developers console
  • enable an API on your new application (e.g. the gmail API)
  • create a new client ID for an "Installed application"
  • store the client ID and client secret in a secure location (you will need them to use googleauth)
  • for the API you want to access locate the scope URL. e.g. gmail's scope url for read-only is:

Example usage

$ npm install googleauth -g
$ googleauth --scope="" --client_id="foobar" --client_secret="mysecret"
Open the following URL in your browser, then paste the resulting authorization code below:

Google Authorization Code: weeeeeeeeee
{ access_token: 'foo', token_type: 'Bearer', expires_in: 3600, refresh_token: 'bar' }

Because the refresh token is persisted, the next time you run it there will be no prompts, and a fresh google token will be requested from google every time:
$ googleauth
{ access_token: 'freshtokenhere', token_type: 'Bearer', expires_in: 3600, refresh_token: 'bar' }

Resetting your token

A JSON file will be created when you first get a token at this location:
path.join(process.env.HOME || process.env.USERPROFILE, '.config', 'googleauth.json')

You can simply delete that file to make googleauth forget about you.
If you change token settings e.g. add/remove scopes you will have to delete this file first so that googleauth will prompt you for the authentication flow again.


Pass in args using this CLI syntax: googleauth --foo=bar. You can pass in multiple scope arguments.
  • clientid (required)
  • clientsecret (required)
  • scope (required) - authentication scope, googles are usually full URIs
  • redirecturi (default urn:ietf:wg:oauth:2.0:oob) - you shouldnt need to change this, the default is what makes google use the CLI login flow
  • configpath (default ~/.config/googleauth.json)

Options are only required for authentication. You don't need to pass them in to refresh a token.