Reputation: 127
Gmail API client credential flow for Java rest service
I am really trying hard to find a solution for this.
Mine is a notification service application which send email to multiple clients. Some of our clients are using Outlook accounts and some of our clients are using Google accounts. For outlook clients, we have implemented client credential flow(Which does not have any human intervention for authorisation) thorough MS graph and it works very well
Now we need to use Google API for Google client. I am not able to get the proper guide and document to setup the same. Could any one please help me on this. Please find my requirement summary below
its a Java rest API
we have around 100 different clients, currently we are keeping
credentials in DB and using it accordinglyWe have get the tokens from client one time and we need to use it
through the java application without any manual intervention
Please help me with the configuration and java implementation sample for the same.
Upvotes: 0
Views: 664
Answers (1)
Reputation: 116958
The only way to access gmail API without user intervention and showing a consent screen is through Google workspace domain accounts and configuring domain wide deligation to a service account
if the account you are connecting from is a standard gmail google account then you need to authorize the user using oauth2 and display the consent screen. there is no other way you can store the refresh token in your database and request a new Access token after that the user need only authorize your application once. unfortunately there is no other option.
With the possible exception of going through the smtp / IMAP server using an apps password from a Gmail account with 2fa enabled. Personally I question the security ramifications of giving third party appliances an apps password to my Gmail account. that said I thought I should mention the option.
Example
This is the Google drive sample I have for authorization with a service account using domain wide delegation.
Again domain wide delegation with a service account can only be done though a google workspace account with delegation configured by the workspace admin.
Note that setServiceAccountUser is the user on your domain which you would like the service account to impersonate.
private GoogleCredential authorize1() {
GoogleCredential credential = null;
HttpTransport = GoogleNetHttpTransport.newTrustedTransport();
JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();
try {
InputStream jsonFileStream =
DriveSample.class.getClassLoader().getResourceAsStream("client_secrets.json");
GoogleCredential readJsonFile = GoogleCredential
.fromStream(jsonFileStream, httpTransport, JSON_FACTORY).createScoped(DriveScopes.all());
credential = new GoogleCredential.Builder().setTransport(readJsonFile.getTransport())
.setJsonFactory(readJsonFile.getJsonFactory())
.setServiceAccountId(readJsonFile.getServiceAccountId())
.setServiceAccountUser(userEmail)
.setServiceAccountScopes(readJsonFile.getServiceAccountScopes())
.setServiceAccountPrivateKey(readJsonFile.getServiceAccountPrivateKey()).build();
} catch (IOException exception) {
exception.printStackTrace();
}
return credential;
}
Upvotes: 1
Related Questions
- Gmail API setting up service account and reading/sending mails on behalf of user
- GMail REST API: Using Google Credentials Without Impersonate
- GMail API Server to Server Authentication
- Sending automated emails using Gmail API with Java and Oauth authentication
- Create service account credentials for gmail API
- Gmail Java API with ServiceAccount error 401
- Gmail API: Credentials for Gmail API
- Gmail API Java Implementation Error (Credentials not found)
- Gmail username and password authentication
- Google Gmail API request with service credential returning 400 using Java SDK