Connect Gmail

Shrike connects directly to Gmail — there is no Shrike server in the middle. It signs in with Google OAuth and then speaks IMAP (to read) and SMTP (to send) over an encrypted connection, authenticated with XOAUTH2. Your credentials never pass through anyone else’s infrastructure.

Signing in

When a build ships with OAuth credentials baked in, connecting is just:

1. Launch Shrike and choose Connect a Google account.
2. Your browser opens Google’s sign-in. Approve access.
3. Shrike syncs your mail into its local store and you’re in.

You can add more than one account and read them as a unified inbox.

Where your tokens live

OAuth tokens are written to a private file under the app’s data directory, with 0600 permissions (owner-read/write only) — the same approach the gcloud and gh CLIs take:

~/Library/Application Support/com.govpilot.shrike/primary.tokens.json

Tokens are stored in a file rather than the macOS Keychain because the Keychain’s “Always Allow” ACL is keyed to the binary’s code signature, which would re-prompt on every development rebuild. The token file lives outside the repository and is never committed.

Calendar needs a re-grant

If you connected an account before enabling calendar support, Google’s existing token won’t carry the calendar.events scope and calendar calls return 403. Reconnect the account to grant the new scope. See Calendar.

What’s next

• Triage your inbox →
• Add another account →