google-calendar: Support manual authorization using auth code.

This allows the integration to be run from non-interactive environments
or on devices without browsers, like remote servers.

Co-authored-by: Vedant Joshi <[email protected]>

Author: 2 people

zulip/integrations/google/get-google-credentials

@@ -15,7 +15,9 @@ CLIENT_SECRET_FILE = "client_secret.json"  # noqa: S105
 HOME_DIR = os.path.expanduser("~")
 
 
-def get_credentials(tokens_path: str, scopes: List[str]) -> Credentials:
+def get_credentials(
+    tokens_path: str, scopes: List[str], noauth_local_webserver: bool = False
+) -> Credentials:
     """
     Writes google tokens to a json file, using the client secret file (for the OAuth flow),
     and the refresh token.
@@ -27,6 +29,8 @@ def get_credentials(tokens_path: str, scopes: List[str]) -> Credentials:
 
     The OAuth2 flow needs the client secret file, and requires the user to grant access to
     the application via a browser authorization page, for the first run.
+    The authorization can be done either automatically using a local web server,
+    or manually by copy-pasting the auth code from the browser into the command line.
 
     The fetched tokens are written to storage in a json file, for reference by other scripts.
     """
@@ -44,8 +48,21 @@ def get_credentials(tokens_path: str, scopes: List[str]) -> Credentials:
                     client_secret_path,
                 )
                 sys.exit(1)
-            flow = InstalledAppFlow.from_client_secrets_file(client_secret_path, scopes)
-            creds = flow.run_local_server(port=0)
+            flow = InstalledAppFlow.from_client_secrets_file(
+                client_secret_path,
+                scopes,
+                redirect_uri="urn:ietf:wg:oauth:2.0:oob" if noauth_local_webserver else None,
+            )
+
+            if noauth_local_webserver:
+                auth_url, _ = flow.authorization_url(access_type="offline")
+                auth_code = input(
+                    f"Please visit this URL to authorize this application:\n{auth_url}\nEnter the authorization code: "
+                )
+                flow.fetch_token(code=auth_code)
+                creds = flow.credentials
+            else:
+                creds = flow.run_local_server(port=0)
         with open(tokens_path, "w") as token:
             token.write(creds.to_json())
     return creds

zulip/integrations/google/google-calendar

@@ -32,6 +32,7 @@ sys.path.append(os.path.dirname(__file__))
 usage = r"""google-calendar [--config-file PATH_TO_ZULIPRC_OF_BOT]
                        [--interval MINUTES] [--calendar CALENDAR_ID]
                        [--channel CHANNEL_NAME] [--topic TOPIC_NAME]
+                       [-n] [--noauth_local_webserver]
 
     This integration can be used to send Zulip messages as reminders for upcoming events from your Google Calendar.
 
@@ -62,6 +63,13 @@ parser.add_argument(
     help="The topic to which to send the reminders to. Ignored if --channel is unspecified. 'calendar-reminders' is used as the default topic name.",
     default="calendar-reminders",
 )
+parser.add_argument(
+    "-n",
+    "--noauth_local_webserver",
+    action="store_true",
+    default=False,
+    help="The default authorization process runs a local web server, which requires a browser on the same machine. For non-interactive environments and machines without browser access, e.g., remote servers, this option allows manual authorization. The authorization URL is printed, which the user can copy into a browser, copy the resulting authorization code, and paste back into the command line.",
+)
 options = parser.parse_args()
 
 zulip_client = zulip.init_from_options(options)
@@ -91,7 +99,7 @@ def get_credentials() -> Credentials:
     try:
         tokens_path = os.path.join(HOME_DIR, TOKENS_FILE)
         fetch_creds = runpy.run_path("./get-google-credentials")["get_credentials"]
-        return fetch_creds(tokens_path, SCOPES)
+        return fetch_creds(tokens_path, SCOPES, options.noauth_local_webserver)
     except Exception:
         logging.exception("Error getting google credentials")
         sys.exit(1)