Repeated re-authentication of `org-gcal` in Google account

Question

Repeated re-authentication of `org-gcal` in Google account

deen1 opened this issue 2 years ago · 2 comments

I decided to make this a separate issue to #213 for clarity.

I'm having a few issues with continually having to authenticate org-gcal and type in a passphrase.

I was using an older version of the package until recently as I think I'd set up org-gcal in testing/legacy mode before, but decided to upgrade.

I am using (setq plstore-cache-passphrase-for-symmetric-encryption t) as suggested, then re-authenticate org-gcal about every 48 hours after being redirected to my browser.

Here is the relevant part of my config:

(use-package org-gcal
  :ensure t
  :defer t
  :config
  (setq org-gcal-client-id "******"
	org-gcal-client-secret "*****"
	org-gcal-file-alist '(("*****@gmail.com" .  "~/Org/gcal.org")
			      ("*****.calendar.google.com" . "~/Org/gcal-2.org")))
  (org-gcal-reload-client-id-secret)
  
  (setq-default plstore-cache-passphrase-for-symmetric-encryption t)
  (add-hook 'org-agenda-mode-hook (lambda () (org-gcal-sync) ))
  (add-hook 'org-save-all-org-buffers (lambda () (org-gcal-sync) ))


  ;; Added to stop org-agenda from freezing after sync is locked
  (add-hook 'org-agenda-mode-hook (lambda () (org-gcal--sync-unlock)) 100) )

I don't have any specific oauth2-auto settings in my config.

I did have an associated problem where I kept having to type a passphrase on top of re-authenticating, as described in issue #217. But reading the discussion there, I found that my plstore-passphrase-alist was also nil, and changed (setq plstore-cache-passphrase-for-symmetric-encryption t) to use setq-default as mentioned, as well as adding (setq epg-pinentry-mode 'loopback).

Originally posted by @deen1 in #213 (comment)

Answer 1 · 2023-05-09T17:35:32.000Z

I recently discovered that plstore can use asymmetric GPG keys from gpg-agent and wrote some instructions on how to use it. It at least doesn't prompt me for passwords so much. Try setting this up and see if it works? #239

Answer 2 · 2023-09-18T18:08:36.000Z

Finally got around to trying this, after deep-cleaning my init.el, reinstalling org-gcal and removing various hooks. I think switching to asymmetric encryption helps a lot, there's less prompting, and even after restarting Emacs I've only had to re-authorize maybe once or twice a week now, though I haven't used it as often as before. I'm not sure if it gets much better than that; if you're getting about the same frequency of re-authentication demands, then go ahead and close this.