Kio-gdrive: using custom google.provider works, but access tokens expire or go missing after a few days

smammy · May 21, 2025, 8:01pm

I’m using a custom ~/.local/share/accounts/providers/google.provider that enables access to Google Drive. It’s tied to an OAuth client that I set up on my Google account. Against all odds, this works, which is nice.

Here's the config

<?xml version="1.0" encoding="UTF-8"?>
<provider id="google">
  <name>Google</name>

  <description>Sync files, calendars, contacts, and tasks, and upload videos to YouTube in supported apps</description>
  <icon>im-google</icon>
  <translations>kaccounts-providers</translations>
  <domains>.*google\.com</domains>

  <template>
    <group name="auth">
      <setting name="method">oauth2</setting>
      <setting name="mechanism">web_server</setting>
      <group name="oauth2">
        <group name="web_server">
          <setting name="Host">accounts.google.com</setting>
          <setting name="AuthPath">o/oauth2/auth?access_type=offline&amp;approval_prompt=force</setting>
          <setting name="TokenPath">o/oauth2/token</setting>
          <setting name="RedirectUri">http://localhost/oauth2callback</setting>

          <setting name="ResponseType">code</setting>
          <setting type="as" name="Scope">[
              'https://www.googleapis.com/auth/userinfo.email',
              'https://www.googleapis.com/auth/userinfo.profile',
              'https://www.googleapis.com/auth/calendar',
              'https://www.googleapis.com/auth/tasks',
              'https://www.google.com/m8/feeds/',
              'https://www.googleapis.com/auth/drive',
              'https://www.googleapis.com/auth/youtube.upload'
          ]</setting>
          <setting type="as" name="AllowedSchemes">['https']</setting>
          <setting name="ClientId">REDACTED</setting>
          <setting name="ClientSecret">REDACTED</setting>
          <setting type="b" name="ForceClientAuthViaRequestBody">true</setting>
        </group>
      </group>
    </group>
  </template>
</provider>

At first, I can log in as myself, access files, etc. However, after a week or two of not using it, I get this error in Dolphin when I try to open the drive:

Expired or missing access tokens for account REDACTED

I seem to remember seeing a notification the first time this happened that told me to reauthenticate in the Online Accounts kcm, but there’s no indication that the account is broken and no option (that I can find) to reauthenticate.

The first time this happened, I removed and re-added the account, but it has now happened again and I’m wondering if there’s a way to avoid this altogether. Thanks!

meven · May 22, 2025, 8:23am

This might not be handled properly by kio-gdrive, the reauthentication process.
Reauthentication should be normal business.

smammy · May 22, 2025, 2:22pm

This might not be handled properly by kio-gdrive

Yeah, given that the shipped google.provider is broken to begin with, I don’t imagine this code has gotten much testing lately

I did find this random stackoverflow answer, which suggests replacing approval_prompt=force with prompt=consent. So I did that (in AuthPath) and removed/re-added the account. I guess in a week or two I’ll find out if that made any difference!

emk2203 · May 22, 2025, 3:13pm

Please update with your results! This is a issue with a lot of interest. In our Linux user group, half a dozen people tried to fight with the broken provider, the best we could come up with was a terminal solution via rclone.

smammy · May 23, 2025, 4:58pm

I added a little howto about setting up your own Google Cloud OAuth client keys and making Plasma use them:

smammy · June 2, 2025, 2:48pm

Sadly, replacing approval_prompt=force with prompt=consent didn’t prevent the account from breaking after a week or so. I still had to remove/re-add the account. Not looking forward to doing this every week or two. UGH!

For the record, here’s what I did to get it working again:

Open System Settings.
Select Online Accounts.
Remove my Google account (red “X” button).
Re-add my Google account.
Rename my account (pencil button) to match what it was before. (This will keep any existing URLs/shortcuts/favorites valid.)

One thing I noticed is that after I did this, I had to open a new Dolphin window to access the drive. Windows that were already open still gave the token expiration error.