Create project and OAUTH client for Gmail/Google Workspace OAUTH - Tutorial¶
Because Gmail/Google Workspace has disabled basic authentication in SMTP/POP/IMAP services, you have to use modern authentication (OAUTH) to login Gmail SMTP/POP/IMAP service.
To use OAUTH, the access token is required. There are two ways to retrieve the access token from Google server:
- User login the account by web browser, the application uses the returned authorization code to request the access token. This way requires user interactive attending, it is not suitable for server-side application.
- Create a service account, and the administrator grants the access to the project, the application uses the client secret to request the access token directly. This way doesn’t require user attending, it is suitable for background service, it only works with Google Workspace account.
This tutorial introduces the first way which requires user login by web browser.
Create project in Google Developers Console¶
To use Gmail OAuth in your application, you should create a project in the Google Cloud Console, go to Menu > IAM & Admin > Create a Project:
- Create your project at https://console.cloud.google.com/projectcreate.
- In the Project Name field, enter a descriptive name for your project.
- In the Location field, click Browse to display potential locations for your project. Then, click Select.
- After the project is created, select it from projects list as current project.
OAuth consent screen¶
In the Google Cloud console, go to Menu ->APIs & Services->Dashboard->OAuth consent screen, selectInternal or Externaluser type, input necessary information and click Save.
- Internal: Only available to users within your organization. You will not need to submit your app for verification.
- External: Available to any user with a Google Account (Any Gmail personal account or Google Workspace account).
If you only want to use the project for internal users (Google Workspace accounts), Internal type is recommended.
- Select the user type for your app, then click Create.
- Complete the app registration form, then click Save and Continue.
- After selecting the scopes required by your app, you can edit scopes later, click Save and Continue.
- Add test users, then click Save and Continue.
Create credentials (OAuth client id)¶
- Click
APIs & Services->Dashboard->Credentials
- Click
Credentials->Create Credentials->OAuth client ID->Web applicationorOther (Desktop Application). It depends on your application type.
Please select Other (Desktop Application) if you are using EA Oauth Service.
- Input a name for your application, input your web application url to receive authorization code at Authorized Redirect URIs. Desktop Application doesn’t require this step.
- Click
"Create", you will getclient idandclient secret, download and save them for later use.
Enable Gmail API¶
- Enable Gmail API in
"Library"-> Search"Gmail", then click"Gmail API"and enable it.
Edit scopes¶
- Now you need to edit the API scopes for your project at
"OAuth consent screen"->"Edit App". - Add
.../auth/userinfo.email,.../auth/userinfo.profile,openidandhttps://mail.google.com/scopes inOAuth consent screen->Edit App->Scopes->Add or remove scopes.
Authorized Redirect URIs¶
If you use OAuth in a web application, you should use a web page or controller to
get authorization code from Google OAuth Server.
So, you need to add your page or web application routing path to Authorized Redirect URIs in APIs & Services -> Dashboard -> Credentials ->
OAuth 2.0 Client IDs -> Your Client ID.
To use the OAUTH in EA Oauth Service, you don’t need to add redirect URIs.
Test and publish your app¶
By default, your app is in test mode, you should add the user email address to the test users, then the user can test your app.
Go to OAuth consent screen -> Test users -> Add users -> input the user email address.
If you want to publish your app, you should submit your app for verification by clicking “Publish”. For internal type project, you don’t need to submit your app for verification.
If you only use your project with limited users, you don’t have to publish your app, just add the user email address to the test users.
If your users are seeing the “unverified app” screen, it is because your OAuth request includes additional scopes that haven’t been approved. The user can still choose to proceed with the request, but the app will be limited in the number of users that can grant permission to your app when requesting unapproved sensitive or restricted scopes.
Learn more detail from: https://developers.google.com/workspace/guides/create-project.
Use client secret in third-party application (EA Oauth Service)¶
You can use the client id, client secret in third-party application that supports OAUTH.
If you have a legacy email application doesn’t support OAUTH, the following third-party application can use the
client id, client secret value and tenant to help your application to connect Gmail.
Free Email Support¶
Not enough? Please contact our technical support team.
Remarks
We usually reply emails within 24hours. The reason for getting no response is likely that your SMTP server bounced our reply. In this case, please try to use another email address to contact us. Your Gmail, Hotmail or Office 365 email account is recommended.