Can I use GOOGLE_APPLICATION_CREDENTIALS instead of specific mail settings

Question

I'm trying to set up email confirmation through Flask-security and I was wondering if I could use the GOOGLE_APPLICATION_CREDENTIALS that I got from https://console.cloud.google.com/apis/credentials/serviceaccountkey instead of setting up mail settings (MAIL_SERVER, MAIL_PASSWORD, etc).

Here is my code:

class BaseConfig:
SQLALCHEMY_COMMIT_ON_TEARDOWN = True
SQLALCHEMY_RECORD_QUERIES = False
SQLALCHEMY_EXPIRE_ON_COMMIT = False

MARSHMALLOW_STRICT = True
MARSHMALLOW_DATEFORMAT = 'rfc'

SECRET_KEY = 'secret_key'
SECURITY_LOGIN_SALT = 'test'
SECURITY_PASSWORD_HASH = 'pbkdf2_sha512'
SECURITY_TRACKABLE = True
SECURITY_PASSWORD_SALT = 'something'
WTF_CSRF_ENABLED = False
SECURITY_REGISTERABLE = True
SECURITY_CONFIRMABLE = True
SECURITY_RECOVERABLE = True
SECURITY_TOKEN_AUTHENTICATION_HEADER = 'Authorization'
MAX_AGE = 86400
GOOGLE_APPLICATION_CREDENTIALS = '\google_credentials_etc.json' 

Thank you.

Answer 1

GOOGLE_APPLICATION_CREDENTIALS is used by the Google Client libraries, and only then, when set as an environment variable. It has no bearing on Flask, nor will the client libraries automatically pick it up from a Flask configuration.

You could json.loads the service account file and then extract the email, but there's no service information or relay server information in the credentials file.

More importantly, flask-mail doesn't connect over oauth2. It uses SMTP. I'm pretty Gmail relays are also SMTP. So even if you somehow got an oauth2 token from the service account, you wouldn't be able to use it to connect to the relay server.