(Node.js) OAuth2 for a GMail using a JSON Service Account Key

This example shows how to obtain an OAuth2 access token for Gmail using a Google Service Account and a JSON private key. Once acquired, the access token can be used to send emails. Remember, upon token expiration, this process needs to be repeated to obtain a new token. Note: This procedure is specific to OAuth2 with Google Service Account keys.

Install Chilkat for Node.js and Electron using npm at Chilkat npm packages for Node.js Chilkat npm packages for Electron on Windows, Linux, MacOS

var os = require('os');
if (os.platform() == 'win32') {  
  var chilkat = require('@chilkat/ck-node23-win64'); 
} else if (os.platform() == 'linux') {
    if (os.arch() == 'arm') {
        var chilkat = require('@chilkat/ck-node23-linux-arm');
    } else if (os.arch() == 'arm64') {
        var chilkat = require('@chilkat/ck-node23-linux-arm64');
    } else {
        var chilkat = require('@chilkat/ck-node23-linux-x64');
    }
} else if (os.platform() == 'darwin') {
  var chilkat = require('@chilkat/ck-node23-mac-universal');
}

function chilkatExample() {

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // --------------------------------------------------------------------------------
    // For a step-by-step guide for setting up your Google Workspace service account,
    // see Setup Google Workspace Account for Sending SMTP GMail from a Service Account
    // --------------------------------------------------------------------------------

    // First load the JSON key into a string.
    var fac = new chilkat.FileAccess();
    var jsonKey = fac.ReadEntireTextFile("qa_data/googleApi/chilkat25-b4214220e565.json","utf-8");
    if (fac.LastMethodSuccess !== true) {
        console.log(fac.LastErrorText);
        return;
    }

    // A Google service account JSON private key looks like this:

    // {
    //   "type": "service_account",
    //   "project_id": "chilkat25",
    //   "private_key_id": "b4214220f565881e19eeb97c2699bf5a0d1e3e0b",
    //   "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQ...NXcM=\n-----END PRIVATE KEY-----\n",
    //   "client_email": "chilkatsvc@chilkat25.iam.gserviceaccount.com",
    //   "client_id": "109122032928932715958",
    //   "auth_uri": "https://accounts.google.com/o/oauth2/auth",
    //   "token_uri": "https://oauth2.googleapis.com/token",
    //   "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
    //   "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/chilkatsvc%40chilkat25.iam.gserviceaccount.com",
    //   "universe_domain": "googleapis.com"
    // }

    var gAuth = new chilkat.AuthGoogle();
    gAuth.JsonKey = jsonKey;

    // Specify a scope.
    gAuth.Scope = "https://mail.google.com/";

    // Request an access token that is valid for this many seconds.
    gAuth.ExpireNumSeconds = 3600;

    // When using a Google Workspace account with Gmail APIs, a service account can impersonate a user 
    // via a process called domain-wide delegation � and the "sub" claim in the JWT is what enables this.
    // Domain-wide delegation allows a Google Workspace administrator to authorize a service account to 
    // act on behalf of any user in the domain, without user interaction.

    // This is required for server-to-server access to user data � such as reading/sending Gmail from a background service.
    // This is your company email address.
    gAuth.SubEmailAddress = "info@chilkat.xyz";

    // Connect to www.googleapis.com using TLS
    var tlsSock = new chilkat.Socket();
    var success = tlsSock.Connect("www.googleapis.com",443,true,5000);
    if (success !== true) {
        console.log(tlsSock.LastErrorText);
        return;
    }

    // Send the request to obtain the access token.
    success = gAuth.ObtainAccessToken(tlsSock);
    if (success !== true) {
        console.log(gAuth.LastErrorText);
        return;
    }

    // Examine the access token:
    var accessToken = gAuth.AccessToken;
    console.log("Access Token: " + accessToken);

    // Sample output:
    // ya29.a0AW4XtxjGTD67Z8 .... IRw0218

    // The access token allows us to send unlimited emails while it's valid. Once it expires, we must obtain and use a new one.

    // -----------------------------------------------------------------------
    var mailman = new chilkat.MailMan();

    // Set the properties for the GMail SMTP server:
    mailman.SmtpHost = "smtp.gmail.com";
    mailman.SmtpPort = 587;
    mailman.StartTLS = true;

    mailman.SmtpUsername = "info@chilkat.xyz";
    mailman.OAuth2AccessToken = accessToken;

    // Create a new email object
    var email = new chilkat.Email();

    email.Subject = "This is a test";
    email.Body = "This is a test";
    email.From = "Chilkat Test <info@chilkat.xyz>";
    success = email.AddTo("Chilkat Software","info@chilkatsoft.com");
    // To add more recipients, call AddTo, AddCC, or AddBcc once per recipient.

    success = mailman.SendEmail(email);
    if (success !== true) {
        console.log(mailman.LastErrorText);
        return;
    }

    success = mailman.CloseSmtpConnection();
    if (success !== true) {
        console.log("Connection to SMTP server not closed cleanly.");
    }

    console.log("Successfully sent email using Gmail with a service account key.");

}

chilkatExample();