From 93owls at gmail.com Mon Jun 9 04:14:14 2025 From: 93owls at gmail.com (Philippe Meunier) Date: Mon, 9 Jun 2025 00:14:14 -0400 Subject: Mutt + Gmail + OAuth2, and Refresh Token Expiration Message-ID: Hi, I'm using Mutt with Gmail and OAuth2 with a Google Cloud project and the mutt_oauth2.py script and everything works fine (obviously). The only annoying thing is that the refresh token expires every seven days, so every seven days I have to manually re-run mutt_oauth2.py with --authorize and redo the whole authorization process. According to this web page: https://developers.google.com/identity/protocols/oauth2#expiration "A Google Cloud Platform project with an OAuth consent screen configured for an external user type and a publishing status of "Testing" is issued a refresh token expiring in 7 days". Indeed, when I go to my Google Cloud project and check the "Audience" menu, the "Publishing status" is "Testing". So here's my question to people using Mutt + Gmail + OAuth2: has anyone tried to publish their Google Cloud project? Then the refresh token would not expire after seven days anymore. A pop-up help screen for my project says: "Once you set your app status as 'In production', your app will be available to anyone with a Google Account. Depending on how you configure your OAuth screen, you may have to submit your app for verification". For the "available to anyone with a Google Account" part, I don't think it would matter because obviously I don't actually have an app to give to anyone else to use so, as long as I keep my project's OAuth2 client_id and client_secret secret then nobody else would be able to access anything through my published project. For the verification part, my Google Cloud project obviously uses the restricted "https://mail.google.com/" Gmail scope, which apparently would require verification when publishing my project. At the same time, this web page https://support.google.com/cloud/answer/13464323 indicates that "Personal Use apps: If the app is for your personal use (fewer than 100 users), you and your limited number of users can continue using the app without going through verification". Since I would be the only one using the "app", then I think I could skip verification. So has anyone tried to publish their Google Cloud project? Or does anyone have thoughts about this? Thanks. Philippe