Sample code for 30+ languages & platforms
Delphi DLL

Get GMail IMAP OAuth2 Access Token for Desktop App

See more GMail SMTP/IMAP/POP Examples

Demonstrates how to get a GMail IMAP OAuth2 access token from a desktop application or script, which can be used with the XOAUTH2 authentication method.

This example requires a browser window to be displayed to allow the GMail account owner to authorize the access. The code for displaying the web browser is omitted. Suggestions for a few programming languages are provided in code comments. You'll need to find out how to display a web browser and navigate to the URL returned by the call to oauth2.StartAuth.

Chilkat Delphi DLL Downloads

Delphi DLL
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, OAuth2, StringBuilder;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
oauth2: HCkOAuth2;
url: PWideChar;
numMsWaited: Integer;
sbJson: HCkStringBuilder;

begin
success := False;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

oauth2 := CkOAuth2_Create();

// For Google OAuth2, set the listen port equal to the port used
// in the Authorized Redirect URL for the Client ID.
// For example, in this case the Authorized Redirect URL would be http://localhost:3017/
// Your app should choose a port not likely not used by any other application.
CkOAuth2_putListenPort(oauth2,3017);

CkOAuth2_putAuthorizationEndpoint(oauth2,'https://accounts.google.com/o/oauth2/v2/auth');
CkOAuth2_putTokenEndpoint(oauth2,'https://www.googleapis.com/oauth2/v4/token');

// Replace these with actual values.
CkOAuth2_putClientId(oauth2,'GOOGLE-CLIENT-ID');
CkOAuth2_putClientSecret(oauth2,'GOOGLE-CLIENT-SECRET');

CkOAuth2_putCodeChallenge(oauth2,True);
CkOAuth2_putCodeChallengeMethod(oauth2,'S256');

// This is the full-permissions scope for GMail, which would allow full IMAP read/write access.
CkOAuth2_putScope(oauth2,'https://mail.google.com/');

// Begin the OAuth2 three-legged flow.  This returns a URL that should be loaded in a browser.
url := CkOAuth2__startAuth(oauth2);
if (CkOAuth2_getLastMethodSuccess(oauth2) = False) then
  begin
    Memo1.Lines.Add(CkOAuth2__lastErrorText(oauth2));
    Exit;
  end;

// Launch the system's default browser navigated to the URL.
success := CkOAuth2_LaunchBrowser(oauth2,url);
if (success = False) then
  begin
    Memo1.Lines.Add(CkOAuth2__lastErrorText(oauth2));
    Exit;
  end;

// Now wait for the authorization.
// We'll wait for a max of 30 seconds.
numMsWaited := 0;
while (numMsWaited < 30000) and (CkOAuth2_getAuthFlowState(oauth2) < 3) do
  begin
    CkOAuth2_SleepMs(oauth2,100);
    numMsWaited := numMsWaited + 100;
  end;

// If there was no response from the browser within 30 seconds, then 
// the AuthFlowState will be equal to 1 or 2.
// 1: Waiting for Redirect. The OAuth2 background thread is waiting to receive the redirect HTTP request from the browser.
// 2: Waiting for Final Response. The OAuth2 background thread is waiting for the final access token response.
// In that case, cancel the background task started in the call to StartAuth.
if (CkOAuth2_getAuthFlowState(oauth2) < 3) then
  begin
    CkOAuth2_Cancel(oauth2);
    Memo1.Lines.Add('No response from the browser!');
    Exit;
  end;

// Check the AuthFlowState to see if authorization was granted, denied, or if some error occurred
// The possible AuthFlowState values are:
// 3: Completed with Success. The OAuth2 flow has completed, the background thread exited, and the successful JSON response is available in AccessTokenResponse property.
// 4: Completed with Access Denied. The OAuth2 flow has completed, the background thread exited, and the error JSON is available in AccessTokenResponse property.
// 5: Failed Prior to Completion. The OAuth2 flow failed to complete, the background thread exited, and the error information is available in the FailureInfo property.
if (CkOAuth2_getAuthFlowState(oauth2) = 5) then
  begin
    Memo1.Lines.Add('OAuth2 failed to complete.');
    Memo1.Lines.Add(CkOAuth2__failureInfo(oauth2));
    Exit;
  end;

if (CkOAuth2_getAuthFlowState(oauth2) = 4) then
  begin
    Memo1.Lines.Add('OAuth2 authorization was denied.');
    Memo1.Lines.Add(CkOAuth2__accessTokenResponse(oauth2));
    Exit;
  end;

if (CkOAuth2_getAuthFlowState(oauth2) <> 3) then
  begin
    Memo1.Lines.Add('Unexpected AuthFlowState:' + IntToStr(CkOAuth2_getAuthFlowState(oauth2)));
    Exit;
  end;

// Save the full JSON access token response to a file.
sbJson := CkStringBuilder_Create();
CkStringBuilder_Append(sbJson,CkOAuth2__accessTokenResponse(oauth2));
CkStringBuilder_WriteFile(sbJson,'qa_data/tokens/_gmailFullAccess.json','utf-8',False);

// The saved JSON response looks like this:

// 	{
// 	 "access_token": "ya39.Ci-XA_C5bGgRDC3UaD-h0_NeL-DVIQnI2gHtABCHkZzrwlARkwX6R3O0PCDEzRlfaQ",
// 	 "token_type": "Bearer",
// 	 "expires_in": 3600,
// 	 "refresh_token": "1/r_2c_7jddspcdfesrrfKqfXtqo08D6Q-gUU0DsdfVMsx0c"
// 	}
// 
Memo1.Lines.Add('OAuth2 authorization granted!');
Memo1.Lines.Add('Access Token: ' + CkOAuth2__accessToken(oauth2));

CkOAuth2_Dispose(oauth2);
CkStringBuilder_Dispose(sbJson);

end;