Prepare official Google OAuth setup

Status	File	+	-
M	`README.md`	19	9
M	`src/cli.rs`	52	6
M	`src/config.rs`	21	13
M	`src/providers.rs`	26	1

README.mdmodified

  rcal providers google auth logout --account ID
  rcal providers google auth inspect --account ID
  rcal providers google calendars list --account ID
 -rcal providers google setup --account ID --client-id ID [--client-secret SECRET] [--calendar ID]
 +rcal providers google setup --account ID [--client-id ID] [--client-secret SECRET] [--calendar ID]
  rcal providers google sync [--account ID]
  rcal providers google status
  rcal reminders run [--events-file PATH] [--state-file PATH] [--once]
  Google Calendar support is also cache-first. You refresh remote data explicitly:
  ```sh
 -rcal providers google setup --account personal --client-id GOOGLE_CLIENT_ID
 +rcal providers google setup --account personal
  rcal
  ```
 -Google setup currently needs your own Google OAuth Desktop client ID. If Google
 -also gives you a client secret, pass `--client-secret GOOGLE_CLIENT_SECRET`.
 -The setup flow opens browser auth, selects your default editable calendar,
 +The setup flow uses rcal's official Google OAuth Desktop client when the build
 +includes one. It opens browser auth, selects your default editable calendar,
  writes `~/.config/rcal/config.toml`, performs the first sync, and sets new
  event creation to Google by default. User tokens are stored in the OS keychain.
  [[providers.google.accounts]]
  id = "personal"
 -client_id = "GOOGLE_CLIENT_ID"
 -# client_secret = "GOOGLE_CLIENT_SECRET"
 +# client_id = "GOOGLE_CLIENT_ID"         # optional custom OAuth client
 +# client_secret = "GOOGLE_CLIENT_SECRET" # optional custom OAuth client secret
  redirect_port = 8766
  calendars = ["primary"]
  ```
 +Advanced custom-client setup remains available for development builds or for
 +users who want their own Google OAuth quota/project:
++
 +```sh
 +rcal providers google setup \
 +  --account personal \
 +  --client-id GOOGLE_CLIENT_ID \
 +  --client-secret GOOGLE_CLIENT_SECRET
 +```
++
  The Google provider syncs configured calendars through the Calendar API,
  caches selected events separately from the local events JSON, and routes
  create/edit/delete/copy operations for Google events back through Google
  - CalDAV and other non-Microsoft/non-Google providers are not implemented yet.
  - Provider sync is manual and cache-first; there is no background provider
    sync daemon yet.
 -- Google currently requires a user-supplied OAuth Desktop client ID; rcal does
 -  not yet ship an official Google OAuth client.
 +- Google official OAuth client registration and verification are still in
 +  progress; until those constants are filled for a release build, use the
 +  advanced custom-client setup above.
  ## Development

src/cli.rsmodified

      "  rcal providers google auth logout --account ID\n",
      "  rcal providers google auth inspect --account ID\n",
      "  rcal providers google calendars list --account ID\n",
 -    "  rcal providers google setup --account ID --client-id ID [--client-secret SECRET] [--calendar ID]\n",
 +    "  rcal providers google setup --account ID [--client-id ID] [--client-secret SECRET] [--calendar ID]\n",
      "  rcal providers google sync [--account ID]\n",
      "  rcal providers google status\n\n",
      "  rcal reminders run [--events-file PATH] [--state-file PATH] [--once]\n",
  pub enum GoogleCliAction {
      Setup {
          account: String,
 -        client_id: String,
 +        client_id: Option<String>,
          client_secret: Option<String>,
          calendar: Option<String>,
          config_path: PathBuf,
      Ok(CliAction::Providers(ProviderCliAction::Google(
          GoogleCliAction::Setup {
              account: account.ok_or(CliError::MissingProviderAccount)?,
 -            client_id: client_id.ok_or(CliError::MissingProviderClientId)?,
 +            client_id,
              client_secret,
              calendar,
              config_path,
              config_path,
              config,
          } => (|| {
 -            let account_config =
 -                GoogleAccountConfig::new(account.clone(), client_id.clone(), client_secret.clone());
 +            let account_config = match &client_id {
 +                Some(client_id) => GoogleAccountConfig::new(
 +                    account.clone(),
 +                    client_id.clone(),
 +                    client_secret.clone(),
 +                ),
 +                None => {
 +                    let mut account_config = GoogleAccountConfig::new_official(account.clone())?;
 +                    if client_secret.is_some() {
 +                        account_config.client_secret = client_secret.clone();
 +                    }
 +                    account_config
 +                }
 +            };
              login_google_browser(&account_config, &http, &token_store, stdout)?;
              let calendars = list_google_calendars(&account_config, &http, &token_store)?;
              let calendar = choose_google_setup_calendar(&calendars, calendar.as_deref())?;
              action,
              CliAction::Providers(ProviderCliAction::Google(GoogleCliAction::Setup {
                  account: "personal".to_string(),
 -                client_id: "google-client".to_string(),
 +                client_id: Some("google-client".to_string()),
                  client_secret: Some("google-secret".to_string()),
                  calendar: Some("primary".to_string()),
                  config_path,
          );
+     }
 +    #[test]
 +    fn google_setup_command_allows_official_client_defaults() {
 +        let today = date(2026, Month::April, 23);
 +        let user_config = UserConfig::empty();
 +        let google = user_config.providers.google.clone();
 +        let config_path = PathBuf::from("/tmp/rcal/google-official-setup-config.toml");
++
 +        let action = parse_args_with_config(
 +            [
 +                arg("providers"),
 +                arg("google"),
 +                arg("setup"),
 +                arg("--account"),
 +                arg("personal"),
 +            ],
 +            today.into(),
 +            user_config,
 +            Some(config_path.clone()),
 +        )
 +        .expect("setup parses");
++
 +        assert_eq!(
 +            action,
 +            CliAction::Providers(ProviderCliAction::Google(GoogleCliAction::Setup {
 +                account: "personal".to_string(),
 +                client_id: None,
 +                client_secret: None,
 +                calendar: None,
 +                config_path,
 +                config: google,
 +            }))
 +        );
 +    }
++
      #[test]
      fn microsoft_setup_command_parses_with_calendar_and_config_path() {
          let today = date(2026, Month::April, 23);

src/config.rsmodified

      providers::{
          GoogleAccountConfig, GoogleProviderConfig, MICROSOFT_DEFAULT_TENANT,
          MICROSOFT_OFFICIAL_CLIENT_ID, MicrosoftAccountConfig, MicrosoftProviderConfig,
 -        ProviderConfig, ProviderCreateTarget,
 +        ProviderConfig, ProviderCreateTarget, google_official_client_config,
      },
  };
  [providers.google]
  # Google Calendar provider.
 -# For now, create a Google OAuth Desktop client and paste its client_id here.
 -# Some Google clients also provide a client_secret; include it in the account
 -# block if token exchange requires it.
 +# rcal release builds can ship an official Google OAuth Desktop client.
 +# Advanced users may override client_id/client_secret inside an account block.
  enabled = false
  default_account = "personal"
  sync_past_days = 30
  [[providers.google.accounts]]
  id = "personal"
 -client_id = ""
 -# client_secret = ""
 +# client_id = "GOOGLE_CLIENT_ID"
 +# client_secret = "GOOGLE_CLIENT_SECRET"
  redirect_port = 8766
  calendars = []
  #[derive(Debug, Clone, PartialEq, Eq)]
  pub struct GoogleSetupConfig {
      pub account_id: String,
 -    pub client_id: String,
 +    pub client_id: Option<String>,
      pub client_secret: Option<String>,
      pub calendar_id: String,
      pub calendar_name: String,
              "sync_future_days = {sync_future_days}\n\n",
              "[[providers.google.accounts]]\n",
              "id = {account}\n",
 -            "client_id = {client_id}\n",
          ),
          account = toml_string(&setup.account_id),
          calendar = toml_string(&setup.calendar_id),
 -        client_id = toml_string(&setup.client_id),
          sync_past_days = setup.sync_past_days.max(0),
          sync_future_days = setup.sync_future_days.max(1),
      ));
 +    if let Some(client_id) = &setup.client_id {
 +        body.push_str(&format!("client_id = {}\n", toml_string(client_id)));
 +    }
      if let Some(client_secret) = &setup.client_secret {
          body.push_str(&format!("client_secret = {}\n", toml_string(client_secret)));
+     }
  #[serde(deny_unknown_fields)]
  struct RawGoogleAccountConfig {
      id: String,
 -    client_id: String,
 +    client_id: Option<String>,
      client_secret: Option<String>,
      redirect_port: Option<u16>,
      calendars: Option<Vec<String>>,
  impl RawGoogleAccountConfig {
      fn into_config(self) -> GoogleAccountConfig {
 +        let uses_official_client = self.client_id.is_none();
 +        let official_client = uses_official_client
 +            .then(google_official_client_config)
 +            .flatten();
 +        let official_client_id = official_client
 +            .as_ref()
 +            .map(|(client_id, _)| client_id.clone());
 +        let official_client_secret = official_client.and_then(|(_, client_secret)| client_secret);
          GoogleAccountConfig {
              id: self.id,
 -            client_id: self.client_id,
 -            client_secret: self.client_secret,
 +            client_id: self.client_id.or(official_client_id).unwrap_or_default(),
 +            client_secret: self.client_secret.or(official_client_secret),
              redirect_port: self.redirect_port.unwrap_or(8766),
              calendars: self.calendars.unwrap_or_default(),
+         }
              Some(path.clone()),
              &GoogleSetupConfig {
                  account_id: "personal".to_string(),
 -                client_id: "google-client".to_string(),
 +                client_id: Some("google-client".to_string()),
                  client_secret: Some("google-secret".to_string()),
                  calendar_id: "primary".to_string(),
                  calendar_name: "Calendar".to_string(),

src/providers.rsmodified

  const GOOGLE_CALENDAR_BASE_URL: &str = "https://www.googleapis.com/calendar/v3";
  const GOOGLE_AUTH_URL: &str = "https://accounts.google.com/o/oauth2/v2/auth";
  const GOOGLE_TOKEN_URL: &str = "https://oauth2.googleapis.com/token";
 -const GOOGLE_SCOPES: &str = "https://www.googleapis.com/auth/calendar";
 +const GOOGLE_SCOPES: &str = concat!(
 +    "https://www.googleapis.com/auth/calendar.calendarlist.readonly",
 +    " ",
 +    "https://www.googleapis.com/auth/calendar.events"
 +);
  const GOOGLE_KEYRING_SERVICE: &str = "rcal.google";
  pub const MICROSOFT_OFFICIAL_CLIENT_ID: &str = "9a49eaac-422b-4192-a65d-82dc8f43c11d";
  pub const MICROSOFT_DEFAULT_TENANT: &str = "common";
 +pub const GOOGLE_OFFICIAL_CLIENT_ID: &str = "";
 +pub const GOOGLE_OFFICIAL_CLIENT_SECRET: &str = "";
  #[derive(Debug, Clone, PartialEq, Eq)]
  pub struct ProviderConfig {
+         }
+     }
 +    pub fn new_official(id: impl Into<String>) -> Result<Self, ProviderError> {
 +        let Some((client_id, client_secret)) = google_official_client_config() else {
 +            return Err(ProviderError::Config(
 +                "this rcal build does not include an official Google OAuth client yet; pass --client-id and --client-secret or finish the official Google client registration".to_string(),
 +            ));
 +        };
 +        Ok(Self::new(id, client_id, client_secret))
 +    }
++
      fn redirect_uri(&self) -> String {
          format!("http://127.0.0.1:{}/callback", self.redirect_port)
+     }
+ }
 +pub fn google_official_client_config() -> Option<(String, Option<String>)> {
 +    let client_id = GOOGLE_OFFICIAL_CLIENT_ID.trim();
 +    if client_id.is_empty() {
 +        return None;
 +    }
 +    let client_secret = (!GOOGLE_OFFICIAL_CLIENT_SECRET.trim().is_empty())
 +        .then(|| GOOGLE_OFFICIAL_CLIENT_SECRET.to_string());
 +    Some((GOOGLE_OFFICIAL_CLIENT_ID.to_string(), client_secret))
 +}
++
  pub fn default_microsoft_cache_file() -> PathBuf {
      if let Some(cache_home) = env::var_os("XDG_CACHE_HOME") {
          return PathBuf::from(cache_home)

tenseleyflow/rcal / `18935ad`

4 changed files