Skill341 repo starsupdated today

google-account-login

google-account-login conducts OAuth browser-based authentication for a single Google account and registers it with a unique tag and dedicated config directory. Use this skill after the google-workspace-oauth connector is initialized to enable multi-account Google Workspace access, typically invoked by google-workspace-setup rather than directly by users. The skill handles account re-authentication and session adoption through optional parameters.

View source Repository: gini-agent

Install in Claude Code

Copy

git clone --depth 1 https://github.com/Lilac-Labs/gini-agent /tmp/google-account-login && cp -r /tmp/google-account-login/skills/google/google-account-login ~/.claude/skills/google-account-login

Then start a new Claude Code session; the skill loads automatically.

Definition

SKILL.md

# Google Account Login

Signs **one** Google account into its own `gws` config dir and registers it as a tagged account. One OAuth client (held by the `google-workspace-oauth` connector) can authorize many accounts — each lives in its own config dir selected via `GOOGLE_WORKSPACE_CLI_CONFIG_DIR`. This skill is the login step for that multi-account model.

This skill is **normally invoked by `google-workspace-setup`**, not called directly by users. Run it only **after** the `google-workspace-oauth` connector exists (so the client id/secret are injected into the script's env).

It ships one script, `scripts/account-login.ts`, invoked through `skill_run`:

```text
skill_run {
  skill: "google-account-login",
  script: "account-login",
  args: { tag: "personal", services: ["drive","gmail","calendar","docs","sheets","meet","forms"] }
}
```

The script mints a gini-managed config dir under `~/.gini/google-accounts/<id>`, runs `gws auth login` (it opens the user's browser to the Google consent screen and waits for them to finish), then confirms the session and registers the tagged account with the local gateway. The user's default browser pops automatically — sign-in is a human-in-the-loop step; never type the user's email or password.

## Arguments (stdin JSON)

- `tag` (string, required) — short label for this account, e.g. `"personal"` or `"work"`. Tags are unique across accounts.
- `services` (string[], optional) — `gws` service names to request. Defaults to all seven: `["drive","gmail","calendar","docs","sheets","meet","forms"]`.
- `readonly` (boolean, optional) — request read-only scopes for the chosen services.
- `scopes` (string[], optional) — explicit full scope URLs; overrides `services`. Use only when the user names a specific scope shape `-s` can't express (e.g. full Gmail `https://mail.google.com/`).
- `configDir` (string, optional) — run the login into a **specific existing** config dir instead of minting a new one. Use it to **re-auth** an account whose session expired: pass that account's stored `configDir` (or `"~/.config/gws"` for the default-dir session) so the account keeps its id and tag. When omitted, a new gini-managed dir is minted. Ignored when `adopt: true`.
- `adopt` (boolean, optional) — register the **already-signed-in** session in the default config dir (`~/.config/gws`) without a fresh login. No browser opens; fails if that dir has no live session.

## Result (stdout JSON)

On success:

```json
{ "ok": true, "id": "gacct_ab12cd34", "tag": "personal", "email": "me@example.com",
  "configDir": "/Users/me/.gini/google-accounts/gacct_ab12cd34",
  "scopes": ["https://www.googleapis.com/auth/gmail.modify", "..."] }
```

On failure: `{ "ok": false, "error": "<reason>" }` (and a non-zero exit). Common reasons: `"gws never printed the consent URL"`, `"Login did not produce a valid session."`, `"No signed-in Google session in the default gws config dir to adopt."`, or the gateway's register error.