gkeepapi.exception.LoginException: ('BadAuthentication', None)

[WiliTest]

I tried to run this code , it gives me the error above.

I tried with the Gmail login and password, then with my email login and an "app password" following these step:

1. Enable 2-step authentication in your Google settings.
2. Create an app password here: https://myaccount.google.com/apppasswords
3. Choose for the app other, I named it gkeepapi and I generated a password.
4. I user the generated password in the scrip instead of my Google password.

[JohnHoder]

I get the very same error, I am trying to login with my email address and password. Less secure apps are enables in my google settings.

Is there any solution for this?

File "/usr/local/lib/python3.7/site-packages/gkeepapi/init.py", line 693, in login
ret = auth.login(username, password, get_mac())
File "/usr/local/lib/python3.7/site-packages/gkeepapi/init.py", line 60, in login
res.get('Error'), res.get('ErrorDetail')
gkeepapi.exception.LoginException: ('BadAuthentication', None)

[alils]

I'm getting the same error with both account password without 2fa and app password with 2fa. Please help anyone??

I tried to modify script and get oauth token by "legal" ways of oauth2, but to use that token for API, that particular API must be enabled for your account account, and as Google Keep API is not supported officially, there is no way to enable it for the token.

Here is the error I'm getting while using oauth2

gkeepapi.exception.APIException: {'errors': [{'domain': 'usageLimits', 'reason': 'accessNotConfigured', 'message': 'Access Not Configured. Reminders API has not been used in project 1052062629689 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/reminders.googleapis.com/overview?project=1052062629689 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.', 'extendedHelp': 'https://console.developers.google.com/apis/api/reminders.googleapis.com/overview?project=1052062629689'}], 'code': 403, 'message': 'Access Not Configured. Reminders API has not been used in project 1052062629689 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/reminders.googleapis.com/overview?project=1052062629689 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.'}

[alils]

I'm getting the same error with both account password without 2fa and app password with 2fa. Please help anyone??

I tried to modify script and get oauth token by "legal" ways of oauth2, but to use that token for API, that particular API must be enabled for your account account, and as Google Keep API is not supported officially, there is no way to enable it for the token.

Here is the error I'm getting while using oauth2

gkeepapi.exception.APIException: {'errors': [{'domain': 'usageLimits', 'reason': 'accessNotConfigured', 'message': 'Access Not Configured. Reminders API has not been used in project 1052062629689 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/reminders.googleapis.com/overview?project=1052062629689 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.', 'extendedHelp': 'https://console.developers.google.com/apis/api/reminders.googleapis.com/overview?project=1052062629689'}], 'code': 403, 'message': 'Access Not Configured. Reminders API has not been used in project 1052062629689 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/reminders.googleapis.com/overview?project=1052062629689 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.'}

Here is the script I used to get API token (if anyone needs it)

import os
from google_auth_oauthlib.flow import InstalledAppFlow

CLIENT_SECRETS_FILE = "secrets.json"
SCOPES = ['https://www.googleapis.com/auth/memento', 'https://www.googleapis.com/auth/reminders']

if __name__ == '__main__':
    os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'
    flow = InstalledAppFlow.from_client_secrets_file(CLIENT_SECRETS_FILE, SCOPES)
    credentials = flow.run_console()
    print(flow.credentials.token)

[CodHeK]

@kiwiz gkeepapi has been working pretty fine for the last 3,4 weeks and now suddenly I got this error! Could anyone please suggest a fix for this, because my app really depends on gkeepapi, and without this working, its really affecting me!

[jason79]

I've been getting the same issue. does this mean a google keep api is coming?

[EthanArbuckle]

try using python3.7.7

[wilsonmfg]

also getting this, just now addressing it. last successful login was April 9. I've tried regenerating the app password, and also clean installing latest version on a different system. running python 3.5.3 on a pi3 for one install and 3.5.2 on an Xenial pine64 for the other. is 3.7 really the solution for this? doesn't seem like it should matter.

[djsudduth]

@wilsonmfg - see issue #86 to fix this.

[wilsonmfg]

I'm using python 3, and it's a new clean install. I'm not sure how that "fix" applies

[djsudduth]

@wilsonmfg - hmmmm.....I had the same issue. So what I did was upgrade my Anaconda install to Python 3.7.7 and also updated this library to the latest version (pip install --upgrade gkeepapi) and that fixed the issue.

[wilsonmfg]

which goes back to my question, is 3.7 actually needed or just 3.x? 3.7 is not an easy fix on a Pi.

[djsudduth]

agreed! seems the python version shouldn't make any difference. @kiwiz - any thoughts here?

[alysiahuggins]

@wilsonmfg - hmmmm.....I had the same issue. So what I did was upgrade my Anaconda install to Python 3.7.7 and also updated this library to the latest version (pip install --upgrade gkeepapi) and that fixed the issue.

This solved it for me, i used pyenv to manage the python versions and made sure the latest version of python was being used (3.8.5). https://opensource.com/article/19/5/python-3-default-macac was helpful - see the 'what we should do section in particular'

[wilsonmfg]

that link doesn't work.

[orjanv]

No luck here either.

[kiwiz]

Try testing on another system/another account to see if you can isolate the cause of the issues. As for why Py3 is being suggested, see #69 for more details.

[wilsonmfg]

I did. #81 (comment)

#69 doesn't answer why python 3.7 would work any better than 3.5

[kiwiz]

@wilsonmfg One potential cause for these issues is described here. Updating to a newer version of Python might change your TLS fingerprint enough to get through the check.

Additionally, try checking out the FAQ for other suggestions to maintain access.

[diallobakary4]

Installing a new python 3.7 env did solve it for me.

[givanse]

This didn't work for me with either 3.7.7, 3.9.0, 3.6.12

pyenv install x.x.x
pyenv shell x.x.x
pip install --upgrade gkeepapi

[djsudduth]

@givanse - when you did your tests - were you logged into your Google account on your default browser? And, did you try using the step to UnlockCaptcha manually link at all after you first authenticated? I tried a fresh Debian install recently and it worked fine.

[givanse]

• On my default browser, I am logged in with two different Google accounts.
• I did follow the UnlockCaptcha link manually and I'm pretty sure I did it with the right account.

Hadn't thought about the potential for issues if more than one account is logged in, I'll check on that, thanks.

[alexhuot1]

Got the same issue here... running on python 3.9, followed all instructions in the FAQ. Anything new?

EDIT: It doesn't work on macOS, but it does on linux (on python 3.8.6). Hope this can help.

[Roei639]

Has anyone found a solution? Also does not work

Logger: homeassistant.components.sensor
Source: custom_components/google_keep/sensor.py:39
Integration: חיישן (documentation, issues)
First occurred: 3:02:30 (1 occurrences)
Last logged: 3:02:30

Error while setting up google_keep platform for sensor
Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/helpers/entity_platform.py", line 199, in _async_setup_platform
    await asyncio.shield(task)
  File "/usr/local/lib/python3.8/concurrent/futures/thread.py", line 57, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/config/custom_components/google_keep/sensor.py", line 39, in setup_platform
    login_success = keep.login(username, password)
  File "/usr/local/lib/python3.8/site-packages/gkeepapi/__init__.py", line 693, in login
    ret = auth.login(username, password, get_mac())
  File "/usr/local/lib/python3.8/site-packages/gkeepapi/__init__.py", line 59, in login
    raise exception.LoginException(
gkeepapi.exception.LoginException: ('BadAuthentication', None)```

[callifo]

Mines intermittent, every 4 in 5 reboots of Home Assistant nets this error, however it does still work if I keep rebooting it enough. When it does succeed, it works completely fine. I've tried using 0.13.1 and it doesn't appeared to have made it any better.

[maximunited]

Having the same issue (using HA. Started seeing after upgrading to 0.118).
Tried running a python (Python 3.8.6) snippet to test:

import gkeepapi
keep = gkeepapi.Keep()
success = keep.login('[email protected]', 'barbarbarbar')

Using 2FA; I even created a new app password for testing reasons; Tried the Unlock Captcha idea - doesn't work:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.8/site-packages/gkeepapi/__init__.py", line 693, in login
    ret = auth.login(username, password, get_mac())
  File "/usr/local/lib/python3.8/site-packages/gkeepapi/__init__.py", line 59, in login
    raise exception.LoginException(
gkeepapi.exception.LoginException: ('BadAuthentication', None)

Shooting in the dark, as I'm not a python developer. Could there be an issue with the get_mac() function?

>>> get_mac()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
NameError: name 'get_mac' is not defined

[djsudduth]

Here's how I solved it for now for Windows 10 with Python >= 3.10.x without Docker. I used v3.9.1 to save the key in keyring and then reverted back to 3.10/3.11:

1. Already had default system install of Python 3.11.6 and then executed pip install gkeepapi keyring
2. Installed pyenv-win and then installed Python 3.9.1 -> pyenv install 3.9.1
3. Set the version with pyenv global 3.9.1
4. pip install gkeepapi keyring
   a) pinned urllib3==1.25.11 and gpsoauth==1.0.2 as noted above
5. Ran my python test app with the Google app pw that saves the token to the keyring
6. Uninstalled pyenv

Now all works in Python 3.10.x and 3.11.x when my app loads the token from keyring

(You could, of course, just use pyenv for multiple versions without all this rigamarole!) :)

[wilsxt]

Here's how I solved it for now for Windows 10 with Python >= 3.10.x without Docker. I used v3.9.1 to save the key in keyring and then reverted back to 3.10/3.11:

1. Already had default system install of Python 3.11.6 and then executed pip install gkeepapi keyring
2. Installed pyenv-win and then installed Python 3.9.1 -> pyenv install 3.9.1
3. Set the version with pyenv global 3.9.1
4. pip install gkeepapi keyring
   a) pinned urllib3==1.25.11 and gpsoauth==1.0.2 as noted above
5. Ran my python test app with the Google app pw that saves the token to the keyring
6. Uninstalled pyenv

Now all works in Python 3.10.x and 3.11.x when my app loads the token from keyring

(You could, of course, just use pyenv for multiple versions without all this rigamarole!) :)

Any chance you could expand on the keyring portion of this a bit? I am new to this authentication stuff, but it seems like it is just storing my password. Is there a credential/login token you are saving to keyring as well? I seem to have it semi-working but it will not log me in once I swap back to 3.11

Thank you!

[djsudduth]

@wilsxt - when you login with gkeepapi via Python 3.9 with the Google App pw, Keep returns a long token key. That is the value you want to save in the keystore via keyring. Then, retrieve that to login with 3.10+ versions. You only need the token and no pw from that point on.

[kiwiz]

A sample implementation for storing the master token can be found here.

I have a pending PR (simon-weber/gpsoauth#41) that I can update with (#137) in a couple of days.

[djsudduth]

@kiwiz - now caught in an unsuccessful loop. Authentication was working on python 3.9.x with the pinned gpsoauth and urllib3 packages. But, with your recent 0.15.1 change - gkeepapi doesn't run on python 3.9.x anymore. You can't get a token with python 3.10+ and the Google app pw - it just won't work (tried multiple debian and ubuntu images). So we're stuck now. Is there any way you can make 0.15.1 compatible with python 3.9 (is seems you're using the new python "|" that won't work on 3.9).

[kiwiz]

@djsudduth Given the persistent issues people have been experiencing with user/pass authentication, I'd like to deprecate it in favor of using keep.resume() (which requires passing in a master token). I'm still waiting on a release of gpsoauth, but in the meantime you could use something like the following:

sudo docker run --rm -it --entrypoint /bin/sh python:3 -c 'pip install git+https://github.com/simon-weber/gpsoauth.git@8a5212481f80312e06ba6e0a29fbcfca1f210fd1; python3 -c '\''print(__import__("gpsoauth").exchange_token(input("Email: "), input("OAuth Token: "), input("Android ID: ")))'\'

Instructions:

1. Visit https://accounts.google.com/EmbeddedSetup
2. Authenticate and go thru the flow. It should stay on the loading spinner
3. Obtain the value of the oauth_token cookie
4. Run the command and fill in the requested info
5. Extract the Token value

[n1klaus]

Any update here?

[djsudduth]

@kiwiz - got pretty far at this point - but the script you provided with Simon's package is asking for both an OAuth and an AndroidID - I got the OAuthID but which one is the AndroidID in the cookie?

Perhaps @rukins can answer this!

[kiwiz]

AndroidID can be whatever. You can make it MAC addressy if you want.

[rukins]

Yeah, right, it can be even empty.
Check this file, i described the api to obtain tokens here: https://github.com/rukins/gpsoauth-java/blob/master/server-endpoints.md

[djsudduth]

Thank you @rukins and @kiwiz - that worked. I really hope Google doesn't change it's auth again (or, finally moves the official Google Keep API for Workspace to public Keep users)

[djsudduth]

For others - here's the Docker image I created:
FROM ubuntu:22.04
RUN apt update
RUN apt install -y python-is-python3 python3-pip
RUN apt-get install -y git
RUN pip install git+https://github.com/simon-weber/gpsoauth.git@8a5212481f80312e06ba6e0a29fbcfca1f210fd1

Get an OAuth ID using @rukins "Second way" instructions: https://github.com/rukins/gpsoauth-java?tab=readme-ov-file - or log into your Google account via https://accounts.google.com/EmbeddedSetup and use the Chrome extension called "Cookie Tab Viewer" to retrieve the oauth_token

Log into the Docker image, paste this script, and run:
python -c 'print(__import__("gpsoauth").exchange_token(input("Email: "), input("OAuth Token: "), input("Android ID: ")))'

Enter your Google Email ID, the OAuth ID and any value for the Android ID (I used a fake Mac address)

The Keep Token will display at the top of the returned data array

[felixschndr]

Maybe its time to create A Dockerfile, for example with the content of @djsudduth, and add it to this repo or even dockerhub so not everyone has to create its own Dockerfile and find this issue.

What do you think about this?

[djsudduth]

@kiwiz - do you happen to know when gpsoauth commit 8a52124 will be packaged and in pypi? I'm assuming it will be in 1.0.5

[distbit0]

How can I make gkeepapi work for the time being before the relevant releases are made for its pip module and for gpsauth?

I have read through much but not all of the above thread and it was not clear how to proceed despite the fact that it seems a partial solution has been arrived at.

I have tried both running pip install git+https://github.com/kiwiz/gkeepapi.git#egg=gkeepapi and pip install gpsoauth==1.0.2 neither of which have solved the issue I am encountering, which is that I receive the following error when using keep.login() with either my account password or an app password which I created after enabling 2fa on my account:

Traceback (most recent call last):
  File "/home/pimania/dev/manageTodoList/keep.py", line 25, in <module>
    notes_text = fetch_notes_text(email, password)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/pimania/dev/manageTodoList/keep.py", line 7, in fetch_notes_text
    success = keep.login(email, password)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/pimania/.local/lib/python3.12/site-packages/gkeepapi/__init__.py", line 703, in login
    auth.login(email, password, device_id)
  File "/home/pimania/.local/lib/python3.12/site-packages/gkeepapi/__init__.py", line 58, in login
    raise exception.LoginException(res.get("Error"), res.get("ErrorDetail"))
gkeepapi.exception.LoginException: ('BadAuthentication', None)

many thx! :)

[djsudduth]

@distbit0 try installing only the latest gpsoauth from github in a fresh python 3.10+ venv (pip install git+https://github.com/simon-weber/gpsoauth.git@8a5212481f80312e06ba6e0a29fbcfca1f210fd1) using the manual instructions (@rukins "Second way" instructions: https://github.com/rukins/gpsoauth-java?tab=readme-ov-file) to get the Keep token in my comment above. Then install gkeepapi and use that token with your code.

[distbit0]

@distbit0 try installing only the latest gpsoauth from github in a fresh python 3.10+ venv (pip install git+https://github.com/simon-weber/gpsoauth.git@8a5212481f80312e06ba6e0a29fbcfca1f210fd1) using the manual instructions (@rukins "Second way" instructions: https://github.com/rukins/gpsoauth-java?tab=readme-ov-file) to get the Keep token in my comment above. Then install gkeepapi and use that token with your code.

Thanks that worked! Although only when I provided by google username (i.e. everything before @gmail.com) to the python command, and provided an empty string for android id.

However I am not sure how to actually "use that token with your code" given that the standard login function accepts a username and password rather than a master key. Would you mind elaborating on how to do this? many thx again :)

[distbit0]

Ah nvm I figured it out by looking at: https://github.com/kiwiz/gkeepapi/blob/main/examples/resume.py

keep.resume(
        "<USERNAME>",
        "<master key>",
)

[artur-pf]

Ah nvm I figured it out by looking at: https://github.com/kiwiz/gkeepapi/blob/main/examples/resume.py

keep.resume(
        "<USERNAME>",
        "<master key>",
)

This works.
Does the master token have an expiration time, and if so, what is the time limit?

[distbit0]

So far mine has lasted for several months without having to be updated @artur-pf. Seems to never expire

[djsudduth]

@kiwiz looks like gpsoauth 1.1.0 was released yesterday with the manual token exchange added - FYI!

https://github.com/simon-weber/gpsoauth/blob/master/CHANGELOG.md

I haven't tested it yet

[kiwiz]

I've released version 0.16.0, which deprecates Keep.login and encourages users to use the "alternative flow".

[kiwiz]

Closing this one out. If there are any new issues with authentication, please open an issue.