fix: googlechat gog oauth token loading
This commit is contained in:
iHildy
parent
abe242a3bb
commit
3c1114d0e8
@ -77,16 +77,17 @@ If you already use `gog` for Google Workspace, you can reuse its OAuth client +
|
|||||||
- For headless systems, switch to file keyring + password (see `gog` docs). citeturn6view0
|
- For headless systems, switch to file keyring + password (see `gog` docs). citeturn6view0
|
||||||
4) Verify `gog` is visible to the gateway user:
|
4) Verify `gog` is visible to the gateway user:
|
||||||
```bash
|
```bash
|
||||||
gog auth tokens --json
|
gog auth tokens list --json
|
||||||
```
|
```
|
||||||
If this fails, install `gog` on the gateway host and ensure the keyring is accessible.
|
If this fails, install `gog` on the gateway host and ensure the keyring is accessible.
|
||||||
|
For non-interactive services, set `GOG_KEYRING_PASSWORD` in the gateway environment so `gog` can unlock the keyring.
|
||||||
|
|
||||||
Clawdbot reads `gog` OAuth client files from:
|
Clawdbot reads `gog` OAuth client files from:
|
||||||
- `~/.config/gogcli/credentials.json`
|
- `~/.config/gogcli/credentials.json`
|
||||||
- `~/.config/gogcli/credentials-<client>.json`
|
- `~/.config/gogcli/credentials-<client>.json`
|
||||||
- `~/.config/gogcli/credentials-<domain>.json` (or macOS equivalent) citeturn9view0
|
- `~/.config/gogcli/credentials-<domain>.json` (or macOS equivalent) citeturn9view0
|
||||||
|
|
||||||
Clawdbot queries `gog auth tokens --json` to reuse the stored refresh token. If this fails, set `oauthRefreshToken` manually.
|
Clawdbot queries `gog auth tokens list --json` (and falls back to `gog auth tokens export --json`) to reuse the stored refresh token. If this fails, set `oauthRefreshToken` manually.
|
||||||
|
|
||||||
### Option B: Manual OAuth
|
### Option B: Manual OAuth
|
||||||
1) Configure OAuth consent + create OAuth client credentials in your Google Cloud project (desktop app recommended). citeturn6view0
|
1) Configure OAuth consent + create OAuth client credentials in your Google Cloud project (desktop app recommended). citeturn6view0
|
||||||
|
|||||||
@ -543,6 +543,16 @@ export const googlechatPlugin: ChannelPlugin<ResolvedGoogleChatAccount> = {
|
|||||||
const configured = entry.configured === true;
|
const configured = entry.configured === true;
|
||||||
if (!enabled || !configured) return [];
|
if (!enabled || !configured) return [];
|
||||||
const issues = [];
|
const issues = [];
|
||||||
|
if (entry.oauthFromGog && entry.userCredentialSource === "none") {
|
||||||
|
issues.push({
|
||||||
|
channel: "googlechat",
|
||||||
|
accountId,
|
||||||
|
kind: "auth",
|
||||||
|
message:
|
||||||
|
"Google Chat OAuth is set to reuse gog, but no gog OAuth credentials were detected.",
|
||||||
|
fix: "Ensure gog is installed and the keyring is unlocked (set GOG_KEYRING_PASSWORD), or set oauthRefreshToken/oauthClientFile manually.",
|
||||||
|
});
|
||||||
|
}
|
||||||
if (!entry.audience) {
|
if (!entry.audience) {
|
||||||
issues.push({
|
issues.push({
|
||||||
channel: "googlechat",
|
channel: "googlechat",
|
||||||
@ -584,6 +594,8 @@ export const googlechatPlugin: ChannelPlugin<ResolvedGoogleChatAccount> = {
|
|||||||
enabled: account.enabled,
|
enabled: account.enabled,
|
||||||
configured: account.credentialSource !== "none",
|
configured: account.credentialSource !== "none",
|
||||||
credentialSource: account.credentialSource,
|
credentialSource: account.credentialSource,
|
||||||
|
oauthFromGog: account.config.oauthFromGog ?? false,
|
||||||
|
userCredentialSource: account.userCredentialSource,
|
||||||
audienceType: account.config.audienceType,
|
audienceType: account.config.audienceType,
|
||||||
audience: account.config.audience,
|
audience: account.config.audience,
|
||||||
webhookPath: account.config.webhookPath,
|
webhookPath: account.config.webhookPath,
|
||||||
|
|||||||
@ -109,25 +109,37 @@ export function readGogRefreshTokenSync(params: {
|
|||||||
const cached = tokenCache.get(cacheKey);
|
const cached = tokenCache.get(cacheKey);
|
||||||
if (cached) return cached;
|
if (cached) return cached;
|
||||||
|
|
||||||
let stdout = "";
|
const env = {
|
||||||
try {
|
...process.env,
|
||||||
stdout = execFileSync("gog", ["auth", "tokens", "--json"], {
|
...(params.gogAccount?.trim() ? { GOG_ACCOUNT: params.gogAccount.trim() } : {}),
|
||||||
encoding: "utf8",
|
...(params.gogClient?.trim() ? { GOG_CLIENT: params.gogClient.trim() } : {}),
|
||||||
stdio: ["ignore", "pipe", "pipe"],
|
};
|
||||||
});
|
|
||||||
} catch {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
let parsed: unknown;
|
const runGogJson = (args: string[]): unknown | null => {
|
||||||
try {
|
try {
|
||||||
parsed = JSON.parse(stdout);
|
const stdout = execFileSync("gog", ["--no-input", ...args], {
|
||||||
} catch {
|
encoding: "utf8",
|
||||||
return null;
|
stdio: ["ignore", "pipe", "pipe"],
|
||||||
}
|
timeout: 3000,
|
||||||
|
env,
|
||||||
|
});
|
||||||
|
return JSON.parse(stdout);
|
||||||
|
} catch {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
const parsed = runGogJson(["auth", "tokens", "list", "--json"]);
|
||||||
const tokens: GogTokenEntry[] = [];
|
const tokens: GogTokenEntry[] = [];
|
||||||
collectTokens(parsed, tokens);
|
if (parsed) {
|
||||||
|
collectTokens(parsed, tokens);
|
||||||
|
}
|
||||||
|
if (tokens.length === 0) {
|
||||||
|
const exported = runGogJson(["auth", "tokens", "export", "--json"]);
|
||||||
|
if (exported) {
|
||||||
|
collectTokens(exported, tokens);
|
||||||
|
}
|
||||||
|
}
|
||||||
if (tokens.length === 0) return null;
|
if (tokens.length === 0) return null;
|
||||||
|
|
||||||
const target = params.gogAccount?.trim().toLowerCase();
|
const target = params.gogAccount?.trim().toLowerCase();
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user