CODEWITHSUNDEEP
c#oauth-2.0gmail-apiservice-accounts
ratillo89
ratillo89

Reputation: 53

Gmail API service account

I want to read my gmail inbox using Gmail API. I need to use a service account due my application haven't user interaction. I get a following error on request:

"InnerException = {"Error:\"unauthorized_client\", Description:\"Unauthorized client or scope in request.\", Uri:\"\""} "

This is my code:

        string applicationName = "Gmail API .NET";
        string[] scopes = { GmailService.Scope.GmailReadonly };

        string certPath = "./XXXXXXXXXX.p12";
        string userEmail = "[email protected]";
        string serviceAccountEmail = "MYSERVICEACCOUNT...am.gserviceaccount.com";

        //Carga el certificado obtenido de 
        var certificate = new X509Certificate2(certPath, "notasecret", X509KeyStorageFlags.Exportable);

        ServiceAccountCredential credential = new ServiceAccountCredential(
            new ServiceAccountCredential.Initializer(serviceAccountEmail)
            {
                User = userEmail,
                Scopes = scopes
            }.FromCertificate(certificate)
        );

        if (credential.RequestAccessTokenAsync(CancellationToken.None).Result) <--- Here I get the error
        {
            GmailService gs = new GmailService(
                new BaseClientService.Initializer()
                {
                    ApplicationName = applicationName,
                    HttpClientInitializer = credential
                }
            );
        }

What am I doing wrong? Can anybody help me?

Regards

Upvotes: 0

Views: 4478

Answers (4)

ender
ender

Reputation: 311

You can only use a service account to send emails for a GSuite account and not a gmail account.

If you have a gmail account you can use 3-legged OAuth2 authentication Or turn on 2FA, generate an App Password and use that as seen here

If you ARE using a GSuite account you can use the ServiceAccount but you will have to make sure it has G Suite Domain-wide Delegation as described here and then you need to give access to the GSuite Domain as described here

Upvotes: 1

Brandon Jewett-Hall
Brandon Jewett-Hall

Reputation: 746

Service accounts cannot access @gmail.com mailboxes. You must use one of the other supported OAuth 2.0 authorization scenarios described at https://developers.google.com/identity/protocols/OAuth2.

See https://stackoverflow.com/a/39534420/3377170 for more details.

Upvotes: 0

KENdi
KENdi

Reputation: 7751

Try to check this documentation about service account in .NET libraries. This documentation also provides you a sample code that you can follow on how to setup service account. This link can also give you idea on how to access GMAIL API using Service Account.

Now, for the error that you receive, check this links if it can help you.

Upvotes: 1

Shannon Holsinger
Shannon Holsinger

Reputation: 2341

Have you tried the sample code from Google for this function?

  using Google.Apis.Gmail.v1;
 using Google.Apis.Gmail.v1.Data;

 // ...

 public class MyClass {

   // ...

 /// <summary>
 /// Retrieve a Message by ID.
 /// </summary>
 /// <param name="service">Gmail API service instance.</param>
 /// <param name="userId">User's email address. The special value "me"
 /// can be used to indicate the authenticated user.</param>
 /// <param name="messageId">ID of Message to retrieve.</param>
 public static Message GetMessage(GmailService service, String userId, String messageId)
 {
     try
     {
         return service.Users.Messages.Get(userId, messageId).Execute();
     }
     catch (Exception e)
     {
         Console.WriteLine("An error occurred: " + e.Message);
     }

     return null;
 }

 // ...

}

Have you tried the API explorer here: https://developers.google.com/gmail/api/v1/reference/users/messages/get#net and entered your request information? Did it work from the API page?

Upvotes: 0

Related Questions