Sample code for 30+ languages & platforms
Chilkat2-Python

OAuth2 for a GMail using a JSON Service Account Key

See more GMail SMTP/IMAP/POP Examples

This example shows how to obtain an OAuth2 access token for Gmail using a Google Service Account and a JSON private key. Once acquired, the access token can be used to send emails. Remember, upon token expiration, this process needs to be repeated to obtain a new token. Note: This procedure is specific to OAuth2 with Google Service Account keys.

Chilkat Chilkat2-Python Downloads

Chilkat2-Python
import sys
import chilkat2

success = False

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# --------------------------------------------------------------------------------
# For a step-by-step guide for setting up your Google Workspace service account,
# see Setup Google Workspace Account for Sending SMTP GMail from a Service Account
# --------------------------------------------------------------------------------

# First load the JSON key into a string.
fac = chilkat2.FileAccess()
jsonKey = fac.ReadEntireTextFile("qa_data/googleApi/chilkat25-b4214220e565.json","utf-8")
if (fac.LastMethodSuccess != True):
    print(fac.LastErrorText)
    sys.exit()

# A Google service account JSON private key looks like this:

# {
#   "type": "service_account",
#   "project_id": "chilkat25",
#   "private_key_id": "b4214220f565881e19eeb97c2699bf5a0d1e3e0b",
#   "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQ...NXcM=\n-----END PRIVATE KEY-----\n",
#   "client_email": "chilkatsvc@chilkat25.iam.gserviceaccount.com",
#   "client_id": "109122032928932715958",
#   "auth_uri": "https://accounts.google.com/o/oauth2/auth",
#   "token_uri": "https://oauth2.googleapis.com/token",
#   "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
#   "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/chilkatsvc%40chilkat25.iam.gserviceaccount.com",
#   "universe_domain": "googleapis.com"
# }

gAuth = chilkat2.AuthGoogle()
gAuth.JsonKey = jsonKey

# Specify a scope.
gAuth.Scope = "https://mail.google.com/"

# Request an access token that is valid for this many seconds.
gAuth.ExpireNumSeconds = 3600

# When using a Google Workspace account with Gmail APIs, a service account can impersonate a user 
# via a process called domain-wide delegation � and the "sub" claim in the JWT is what enables this.
# Domain-wide delegation allows a Google Workspace administrator to authorize a service account to 
# act on behalf of any user in the domain, without user interaction.

# This is required for server-to-server access to user data � such as reading/sending Gmail from a background service.
# This is your company email address.
gAuth.SubEmailAddress = "info@chilkat.xyz"

# Connect to www.googleapis.com using TLS
tlsSock = chilkat2.Socket()
success = tlsSock.Connect("www.googleapis.com",443,True,5000)
if (success != True):
    print(tlsSock.LastErrorText)
    sys.exit()

# Send the request to obtain the access token.
success = gAuth.ObtainAccessToken(tlsSock)
if (success != True):
    print(gAuth.LastErrorText)
    sys.exit()

# Examine the access token:
accessToken = gAuth.AccessToken
print("Access Token: " + accessToken)

# Sample output:
# ya29.a0AW4XtxjGTD67Z8 .... IRw0218

# The access token allows us to send unlimited emails while it's valid. Once it expires, we must obtain and use a new one.

# -----------------------------------------------------------------------
mailman = chilkat2.MailMan()

# Set the properties for the GMail SMTP server:
mailman.SmtpHost = "smtp.gmail.com"
mailman.SmtpPort = 587
mailman.StartTLS = True

mailman.SmtpUsername = "info@chilkat.xyz"
mailman.OAuth2AccessToken = accessToken

# Create a new email object
email = chilkat2.Email()

email.Subject = "This is a test"
email.Body = "This is a test"
email.From = "Chilkat Test <info@chilkat.xyz>"
success = email.AddTo("Chilkat Software","info@chilkatsoft.com")
# To add more recipients, call AddTo, AddCC, or AddBcc once per recipient.

success = mailman.SendEmail(email)
if (success != True):
    print(mailman.LastErrorText)
    sys.exit()

success = mailman.CloseSmtpConnection()
if (success != True):
    print("Connection to SMTP server not closed cleanly.")

print("Successfully sent email using Gmail with a service account key.")