Sample code for 30+ languages & platforms
Delphi ActiveX

Get POP3 GMail OAuth2 Access Token for Desktop App

See more GMail SMTP/IMAP/POP Examples

Demonstrates how to get a POP3 GMail OAuth2 access token from a desktop application or script.

This example requires a browser window to be displayed to allow the GMail account owner to authorize the access. The code for displaying the web browser is omitted. Suggestions for a few programming languages are provided in code comments. To complete this example, you will need to find out how to display a web browser and navigate to the URL returned by the call to oauth2.StartAuth.

Chilkat Delphi ActiveX Downloads

Delphi ActiveX
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Chilkat_TLB;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Integer;
oauth2: TChilkatOAuth2;
url: WideString;
numMsWaited: Integer;
sbJson: TChilkatStringBuilder;

begin
success := 0;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

oauth2 := TChilkatOAuth2.Create(Self);

// For Google OAuth2, set the listen port equal to the port used
// in the Authorized Redirect URL for the Client ID.
// For example, in this case the Authorized Redirect URL would be http://localhost:55568/
// Your app should choose a port not likely not used by any other application.
oauth2.ListenPort := 55568;

oauth2.AuthorizationEndpoint := 'https://accounts.google.com/o/oauth2/v2/auth';
oauth2.TokenEndpoint := 'https://www.googleapis.com/oauth2/v4/token';

// Replace these with actual values.
oauth2.ClientId := 'GOOGLE-CLIENT-ID';
oauth2.ClientSecret := 'GOOGLE-CLIENT-SECRET';

oauth2.CodeChallenge := 1;
oauth2.CodeChallengeMethod := 'S256';

// See https://developers.google.com/gmail/api/auth/scopes for a list of GMail scopes.
// This is the full-permissions scope for GMail, which is sufficient for all POP3 operations to pop.gmail.com
oauth2.Scope := 'https://mail.google.com/';

// Important note about GMail scope for sending email:
// If the SMTP protocol is used for sending, then the full GMail scope is required: "https://mail.google.com/"
// Here is an example that sends GMail via the SMTP protocol:  Send GMail using SMTP
// If the GMail REST API is used, then the more restrictive Gmail scope can be used:  "https://www.googleapis.com/auth/gmail.send"
// Here is an example that sends GMail using the GMail REST API: Send GMail using REST API

// Begin the OAuth2 three-legged flow.  This returns a URL that should be loaded in a browser.
url := oauth2.StartAuth();
if (oauth2.LastMethodSuccess = 0) then
  begin
    Memo1.Lines.Add(oauth2.LastErrorText);
    Exit;
  end;

// Launch the system's default browser navigated to the URL.
success := oauth2.LaunchBrowser(url);
if (success = 0) then
  begin
    Memo1.Lines.Add(oauth2.LastErrorText);
    Exit;
  end;

// Now wait for the authorization.
// We'll wait for a max of 30 seconds.
numMsWaited := 0;
while (numMsWaited < 30000) and (oauth2.AuthFlowState < 3) do
  begin
    oauth2.SleepMs(100);
    numMsWaited := numMsWaited + 100;
  end;

// If there was no response from the browser within 30 seconds, then 
// the AuthFlowState will be equal to 1 or 2.
// 1: Waiting for Redirect. The OAuth2 background thread is waiting to receive the redirect HTTP request from the browser.
// 2: Waiting for Final Response. The OAuth2 background thread is waiting for the final access token response.
// In that case, cancel the background task started in the call to StartAuth.
if (oauth2.AuthFlowState < 3) then
  begin
    oauth2.Cancel();
    Memo1.Lines.Add('No response from the browser!');
    Exit;
  end;

// Check the AuthFlowState to see if authorization was granted, denied, or if some error occurred
// The possible AuthFlowState values are:
// 3: Completed with Success. The OAuth2 flow has completed, the background thread exited, and the successful JSON response is available in AccessTokenResponse property.
// 4: Completed with Access Denied. The OAuth2 flow has completed, the background thread exited, and the error JSON is available in AccessTokenResponse property.
// 5: Failed Prior to Completion. The OAuth2 flow failed to complete, the background thread exited, and the error information is available in the FailureInfo property.
if (oauth2.AuthFlowState = 5) then
  begin
    Memo1.Lines.Add('OAuth2 failed to complete.');
    Memo1.Lines.Add(oauth2.FailureInfo);
    Exit;
  end;

if (oauth2.AuthFlowState = 4) then
  begin
    Memo1.Lines.Add('OAuth2 authorization was denied.');
    Memo1.Lines.Add(oauth2.AccessTokenResponse);
    Exit;
  end;

if (oauth2.AuthFlowState <> 3) then
  begin
    Memo1.Lines.Add('Unexpected AuthFlowState:' + IntToStr(oauth2.AuthFlowState));
    Exit;
  end;

// Save the full JSON access token response to a file.
sbJson := TChilkatStringBuilder.Create(Self);
sbJson.Append(oauth2.AccessTokenResponse);
sbJson.WriteFile('qa_data/tokens/gmail_pop3.json','utf-8',0);

// The saved JSON response looks like this:

// 	{
// 	 "access_token": "ya39.Ci-XA_C5bGgRDC3UaD-h0_NeL-DVIQnI2gHtBBBHkZzrwlARkwX6R3O0PCDEzRlfaQ",
// 	 "token_type": "Bearer",
// 	 "expires_in": 3600,
// 	 "refresh_token": "1/r_2c_7jddspcdfesrrfKqfXtqo08D6Q-gUU0DsdfVMsx0c"
// 	}
// 
Memo1.Lines.Add('OAuth2 authorization granted!');
Memo1.Lines.Add('Access Token = ' + oauth2.AccessToken);
end;