2-Factor OAuth Login

[brandon15811]

Since I didn't see this implemented here: If you login with gpsoauth.perform_master_login using your regular username and password on an account with 2 factor auth enabled, it'll return a url, and after you open that url and finish logging in, it'll then redirect you to https://accounts.google.com/o/oauth2/programmatic_auth, and there's a cookie set named oauth_token, which includes the OAuth token.

The caveat here is that you can't use javascript (like a bookmarklet) to extract it, since the cookie is set HttpOnly, so you'll either have to manually extract it, use an extension, or something like Selenium.

You can also get that cookie by starting with the URL (in a browser) https://accounts.google.com/o/android/auth?&source=android&lang=en&langCountry=en_us&xoauth_display_name=Android%20Phone&cc=us&tmpl=new_account and logging in instead of https://android.clients.google.com/auth

[simon-weber]

Ah, yeah, I looked into this when first implementing the flow but never got around to supporting it: simon-weber/gmusicapi#168 (comment).

That's a bummer that the cookie is httponly. Sounds like that really pushes things towards option 2 in the linked comment.

[brandon15811]

When I was working on automating this with selenium a few months ago, for some reason I used the selector [id$=in], which finds all the forms with an ID that ends in "in" (like totpPin). Unfortunately, I don't remember why I did that.

But also, the url that's returned in the gpsoauth.perform_master_login response is also used for other purposes sometimes (like when a google apps account has SSO on, or when google wants a security check)

[simon-weber]

Cool; good to know.

[HoffmannP]

Go to appPasswords and create one. Use this as your password.

[B16f00t]

With selenium it's easy to get the Oauth2 token, but when I try to use it to get the google drive token, it doesn't work. Any method to get the google drive token from Oauth2?