feat: add OAuth 2.0 support for GSC monitoring

- Updated monitor.py to support both OAuth and Service Account
- Created setup-oauth-local.py for easy local authorization
- Created cronjob-oauth.yaml for OAuth-based deployment
- Updated README with both authentication options
- OAuth is now the recommended method (no key file needed)

scripts/gsc-monitoring/setup-oauth-local.py

@@ -0,0 +1,164 @@
+#!/usr/bin/env python3
+"""
+OAuth Setup for Google Search Console Monitoring
+Run this locally (not on the server) to generate OAuth credentials
+"""
+
+import os
+import json
+import webbrowser
+from pathlib import Path
+
+
+def setup_oauth():
+    """Interactive OAuth setup"""
+
+    print("=" * 70)
+    print("GOOGLE SEARCH CONSOLE - OAUTH 2.0 SETUP")
+    print("=" * 70)
+    print()
+    print("This method uses OAuth 2.0 (no service account key needed)")
+    print("You'll authenticate once with your Google account.")
+    print()
+
+    # Step 1: Enable API
+    print("STEP 1: Enable Search Console API")
+    print("-" * 70)
+    print("1. Go to: https://console.cloud.google.com")
+    print("2. Create/select project: manoonoils-monitoring")
+    print("3. Go to: APIs & Services → Library")
+    print("4. Search: 'Google Search Console API'")
+    print("5. Click: Enable")
+    print()
+    input("Press Enter when you've enabled the API...")
+
+    # Step 2: Create OAuth credentials
+    print()
+    print("STEP 2: Create OAuth Credentials")
+    print("-" * 70)
+    print("1. Go to: APIs & Services → Credentials")
+    print("2. Click: Create Credentials → OAuth client ID")
+    print("3. Click: Configure Consent Screen")
+    print("4. User Type: External")
+    print("5. App name: ManoonOils GSC Monitor")
+    print("6. User support email: your-email@manoonoils.com")
+    print("7. Developer contact: your-email@manoonoils.com")
+    print("8. Click: Save and Continue (3 times)")
+    print("9. Click: Back to Dashboard")
+    print()
+    print("10. Back on Credentials page:")
+    print("11. Click: Create Credentials → OAuth client ID")
+    print("12. Application type: Desktop app")
+    print("13. Name: GSC Desktop Client")
+    print("14. Click: Create")
+    print("15. Click: DOWNLOAD JSON")
+    print()
+
+    # Get the file path
+    json_path = input("Enter the path to the downloaded JSON file: ").strip()
+
+    if not os.path.exists(json_path):
+        print(f"❌ File not found: {json_path}")
+        return
+
+    # Load credentials
+    with open(json_path, "r") as f:
+        client_config = json.load(f)
+
+    # Step 3: Install dependencies and run auth
+    print()
+    print("STEP 3: Install Dependencies")
+    print("-" * 70)
+    print("Run these commands:")
+    print()
+    print(
+        "  pip3 install google-auth google-auth-oauthlib google-auth-httplib2 google-api-python-client"
+    )
+    print()
+    input("Press Enter after installing...")
+
+    # Step 4: Authorization
+    print()
+    print("STEP 4: Authorize Application")
+    print("-" * 70)
+    print("Running authorization...")
+
+    # Import here so we can check if installed
+    try:
+        from google_auth_oauthlib.flow import InstalledAppFlow
+        from google.auth.transport.requests import Request
+        import pickle
+    except ImportError:
+        print("❌ Please install the required packages first (Step 3)")
+        return
+
+    SCOPES = ["https://www.googleapis.com/auth/webmasters.readonly"]
+
+    # Create flow
+    flow = InstalledAppFlow.from_client_secrets_file(
+        json_path,
+        SCOPES,
+        redirect_uri="urn:ietf:wg:oauth:2.0:oob",  # For console-based auth
+    )
+
+    # Get authorization URL
+    auth_url, _ = flow.authorization_url(prompt="consent")
+
+    print()
+    print("📱 Open this URL in your browser:")
+    print(auth_url)
+    print()
+
+    # Try to open browser automatically
+    try:
+        webbrowser.open(auth_url)
+        print("(Browser should open automatically)")
+    except:
+        pass
+
+    # Get the code
+    print()
+    code = input("Enter the authorization code from the browser: ").strip()
+
+    # Exchange code for credentials
+    flow.fetch_token(code=code)
+    creds = flow.credentials
+
+    # Save credentials
+    creds_info = {
+        "token": creds.token,
+        "refresh_token": creds.refresh_token,
+        "token_uri": creds.token_uri,
+        "client_id": creds.client_id,
+        "client_secret": creds.client_secret,
+        "scopes": creds.scopes,
+    }
+
+    output_file = "gsc-oauth-credentials.json"
+    with open(output_file, "w") as f:
+        json.dump(creds_info, f, indent=2)
+
+    print()
+    print("=" * 70)
+    print("✅ SUCCESS! OAuth credentials saved to:", output_file)
+    print("=" * 70)
+    print()
+    print("NEXT STEPS:")
+    print("1. Copy this file to your server:")
+    print(f"   scp {output_file} doorwaysftw:/tmp/")
+    print()
+    print("2. Create Kubernetes secret:")
+    print("   ssh doorwaysftw")
+    print("   kubectl create secret generic gsc-oauth-credentials \\")
+    print("     --namespace=manoonoils \\")
+    print("     --from-file=oauth-credentials.json=/tmp/gsc-oauth-credentials.json")
+    print()
+    print("3. Deploy monitoring:")
+    print("   kubectl apply -f scripts/gsc-monitoring/cronjob-oauth.yaml")
+    print()
+    print("Your refresh token is valid indefinitely (until revoked).")
+    print("The monitoring will run automatically every day!")
+
+
+if __name__ == "__main__":
+    setup_oauth()