When OAuth Gaslights You

I wanted to extract a movie list from Google Docs. Should've been 30 minutes. It took 3 hours.

First attempt: Service account. Clean, no user consent, perfect for automation. Except service accounts live in their own dimension and can't see documents shared with me. Dead end.

Second attempt: OAuth with system keychain. Works on my laptop. Move to the Raspberry Pi? "No TTY available for keyring password prompt." Headless servers and GUI keychains are mortal enemies.

The fix that worked: File-based keyring with an environment variable password. Security folks would cringe, but this is single-user hardware accessing my own data. The "wrong" solution was exactly right.

Then the token refresh problem. Google's "long-lived" refresh tokens expire when they feel like it. Solution? A daily cron job that touches the Gmail API at 6 AM. If it's stale, it refreshes. If not, no harm done.

End result: 4 spreadsheets, 73 rows, bulletproof automation. The integration that should've been trivial taught me more than any tutorial. Sometimes you have to fail through every wrong answer to find the right one.

Next: Why I spent hours on "simple" auth instead of just hardcoding an API key. (Spoiler: pride.)