CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/pypi-google-auth-oauthlib

Google Authentication Library - oauthlib integration for OAuth 2.0 flows.

83

1.05x
Overview
Eval results
Files

cli-tool.mddocs/

CLI Tool

Command-line tool for obtaining OAuth 2.0 credentials during development and testing. Provides an interactive authentication flow with options for credential storage and scope configuration.

Installation

The CLI tool requires additional dependencies:

pip install google-auth-oauthlib[tool]

Usage

google-oauthlib-tool --client-secrets CLIENT_SECRETS.json --scope SCOPE [OPTIONS]

Capabilities

Command-Line Interface

Interactive OAuth 2.0 credential acquisition tool for development workflows.

google-oauthlib-tool
  --client-secrets <client_secret_json_file>  # Required: Path to OAuth2 client secret JSON
  --scope <oauth2_scope>                      # Required: API scopes (multiple allowed)
  [--save]                                    # Optional: Save credentials to file
  [--credentials <oauth2_credentials>]        # Optional: Path to store credentials

Command Options

# CLI configuration constants
APP_NAME: str = "google-oauthlib-tool"
DEFAULT_CREDENTIALS_FILENAME: str = "credentials.json"

def main(
    client_secrets: str,      # Path to client secrets JSON file
    scope: tuple,             # Multiple scopes can be specified
    save: bool = False,       # Save credentials to file
    credentials: str = None   # Path to save credentials (default: app dir)
):
    """
    Main CLI function for OAuth credential acquisition.
    
    Performs OAuth 2.0 Authorization Code flow to obtain credentials
    for testing applications or development workflows.
    """

Usage Examples

Basic Usage

# Obtain credentials for BigQuery access
google-oauthlib-tool \
  --client-secrets client_secrets.json \
  --scope https://www.googleapis.com/auth/bigquery

Multiple Scopes

# Request multiple API scopes
google-oauthlib-tool \
  --client-secrets client_secrets.json \
  --scope https://www.googleapis.com/auth/cloud-platform \
  --scope https://www.googleapis.com/auth/userinfo.email

Save Credentials to File

# Save credentials for reuse
google-oauthlib-tool \
  --client-secrets client_secrets.json \
  --scope https://www.googleapis.com/auth/drive \
  --save \
  --credentials my_credentials.json

Custom Credentials Path

# Specify custom save location
google-oauthlib-tool \
  --client-secrets client_secrets.json \
  --scope https://www.googleapis.com/auth/storage \
  --save \
  --credentials /path/to/credentials.json

Workflow

  1. Load client secrets: Reads OAuth client configuration from JSON file
  2. Create flow: Sets up InstalledAppFlow with specified scopes
  3. Run local server: Launches local web server for OAuth redirect
  4. Browser authentication: Opens browser for user consent
  5. Token exchange: Exchanges authorization code for access tokens
  6. Output credentials: Prints or saves credential information

Output Formats

Console Output (default)

When --save is not specified, credentials are printed to stdout as JSON:

{
  "token": "ya29.a0AfH6SMC...",
  "refresh_token": "1//-0dGKGb...", 
  "token_uri": "https://oauth2.googleapis.com/token",
  "client_id": "your-client-id.apps.googleusercontent.com",
  "client_secret": "your-client-secret",
  "scopes": ["https://www.googleapis.com/auth/cloud-platform"]
}

File Output (with --save)

When --save is specified, credentials are saved to file without the access token:

{
  "refresh_token": "1//-0dGKGb...",
  "token_uri": "https://oauth2.googleapis.com/token", 
  "client_id": "your-client-id.apps.googleusercontent.com",
  "client_secret": "your-client-secret",
  "scopes": ["https://www.googleapis.com/auth/cloud-platform"]
}

Default Locations

Client Secrets

No default location - must be specified with --client-secrets

Saved Credentials

Default save location (when --credentials not specified):

  • Linux/macOS: ~/.config/google-oauthlib-tool/credentials.json
  • Windows: %APPDATA%\google-oauthlib-tool\credentials.json

Integration with Development Workflows

Python Scripts

# Load saved credentials in Python code
import json
from google.oauth2.credentials import Credentials

with open('credentials.json', 'r') as f:
    creds_data = json.load(f)

credentials = Credentials.from_authorized_user_info(creds_data, creds_data['scopes'])

# Use with Google API clients
from google.cloud import storage
client = storage.Client(credentials=credentials)

Environment Setup

# Create credentials for CI/CD or testing
google-oauthlib-tool \
  --client-secrets ci_client_secrets.json \
  --scope https://www.googleapis.com/auth/cloud-platform \
  --save \
  --credentials test_credentials.json

# Use in tests
export GOOGLE_APPLICATION_CREDENTIALS=test_credentials.json

Development Scripts

#!/bin/bash
# development_setup.sh

echo "Setting up OAuth credentials for development..."

google-oauthlib-tool \
  --client-secrets config/client_secrets.json \
  --scope https://www.googleapis.com/auth/cloud-platform \
  --scope https://www.googleapis.com/auth/bigquery \
  --save

echo "Credentials saved. Ready for development."

Error Handling

Common error scenarios:

  • Missing client secrets file: Tool exits with error message
  • Invalid client secrets format: JSON parsing or validation error
  • OAuth flow errors: Network issues, user denial, or invalid configuration
  • File permission errors: Cannot write to credentials save location

Security Notes

  • The tool is intended for development and testing only
  • Access tokens are short-lived and printed to console (unless --save used)
  • Refresh tokens are saved to file when using --save option
  • Protect client secrets and saved credential files appropriately
  • Consider using separate OAuth clients for development vs production

Install with Tessl CLI

npx tessl i tessl/pypi-google-auth-oauthlib

docs

cli-tool.md

helpers.md

index.md

interactive.md

oauth-flows.md

tile.json