gtask talks to your account through a Google OAuth client that you create once. After it is in place, every login is just a browser authorization that gtask caches.
Install
Section titled “Install”Install gtask as a system wide command:
git clone git@github.com:thesouldev/gtask-cli.gitcd gtask-climake install # via pipx, or falls back to install.shCheck it is on your PATH:
gtask --helpOne-time OAuth client
Section titled “One-time OAuth client”Do these in a browser signed in to the account that holds your tasks. The console now calls this the Google Auth Platform.
- Create or pick a project at the Google Cloud console.
- Enable the Tasks API.
- Open Google Auth Platform, click Get started, and fill in the app name, choose the External audience, and add your contact email.
- Open Clients, create an OAuth client of type Desktop, and download its JSON.
- Save it as
~/.config/gtask/credentials.json.
The scope gtask requests is https://www.googleapis.com/auth/tasks, tasks
only. It cannot access Gmail, Drive, or Calendar.
gtask loginA browser opens once. Authorize, and the token is cached at
~/.config/gtask/token.json. Later commands reuse it silently.
Configuration
Section titled “Configuration”gtask keeps everything under ~/.config/gtask/:
| File | Purpose |
|---|---|
credentials.json | the OAuth client you create once |
token.json | the cached token, written after the first login |
ls_cache.json | maps the numbers shown by ls to task ids |
Set GTASK_CONFIG_DIR to move that directory elsewhere. The scope is
https://www.googleapis.com/auth/tasks; to revoke access, delete token.json
and remove the app from your Google account permissions.
Distributing to others
Section titled “Distributing to others”Each user brings their own OAuth client and runs gtask login. There is no
shared secret and no verification to maintain. Shipping one shared client would
require Google’s verification for the sensitive Tasks scope, so bring your own
credentials is the clean path.