Instructions Unclear

[kylegoetz]

Instructions say first time you have to attach terminal and run a specific command. However, the container immediately dies the first time you run it, so it's impossible to attach a terminal to it to run the specific command. It is unclear how you are supposed to accomplish this step.

[kylegoetz]

for anyone who comes around, i ended up:

docker run -it -v data-volume-for-gmail-backup:/data gmvault-docker sh

and then ran the expected command to get the oauth2 data, then Ctrl-C once the backup started, then exit from within the container.

Then I recreated the container the appropriate way (mounted ssmtp.conf, mounted data volume, env variables set, etc.) (which I do with docker-compose)

[aztazt]

Thank you @kylegoetz
This command worked for me
docker run -it -v /path/to/data-volume-for-gmail-backup:/data aubertg/gmvault-docker sh

But when I put the generated URL into my browser (after being logged in), I get an error from Google :

"La fonctionnalité "Se connecter avec Google" a été désactivée temporairement pour cette application
Cette application n'a pas encore été validée par Google et ne peut pas bénéficier de la fonctionnalité Google Sign-In."

If I try to translate it into english, says :

"The feature "Connect with Google" has been temporarily disabled for this application. This application has not yet been validated by Google and can't be used for Google Sign-In".

I haven't found any solutions so far. Maybe it's because my account is 2FA protected.

[nicolabeghin]

You can use an App password just for gmvault: https://support.google.com/mail/answer/185833?hl=en then start gmvault like this

su -c 'gmvault sync --passwd --store-passwd -d /data [email protected]' gmvault

Please note: you also need to comment out the OAuth token file existence in the /app/start.sh bash script

[ares1977]

The problem with gmvault and oauth2 is that its token has been forbidden by gmail a long time ago. In order for it to work you must generate your own token and replace the default one in /data/gmvault_defaults.conf

First you need to generate your own token following these instructions. There are some things that changed since those instructions were created:

1. You must choose External App, except if you use G-Suite.
2. Application Type: choose Desktop app
3. Application is considered to be on testing, so you will have to give yourself access to it: Oauth consent screen -> Add Users -> Type your gmail address and press save
4. I never used the last step (gmvault check --renew-oauth2-tok [email protected])

IMPORTANT This docker image is running version 1.9.1 of gmvault, so be sure to change the conf_version as suggested in the previous link, otherwise your oauth credentials will be replaces with the default ones.

After you run for the first time the following command:

su -c 'gmvault sync -d /data [email protected]' gmvault

gmvault_defaults.conf will be created in the data folder. Open it and replace the Client ID and Secret with the ones provided by google.

Run your container and run the command once again. Follow the instructions to get your final approval by google and start syncing.

[gboudreau]

@ares1977 Quick FYI, I updated the instructions you point to in light of recent changes to the OAuth consent flow.

[guillaumeaubert]

I've updated the README to account for the new change in OAuth flow. Please don't hesitate to send a pull request if you notice missing steps or find a way to make the instructions clearer. Thank you!

[ares1977]

@gboudreau It seems that there is a way to circumvent the 7 days expiration for the refresh token. You have to publish the application and then skip sending any verification details. Just clicking the publish button and creating a new refresh token is enough (sometimes you need to recreate again after 7 days in order for it to work) It would be great if you could update your instructions to reflect that. Thanks!

[piotrkochan]

You could simply provide a template for this config file without the need to do this all command-weird-voodoo.