Sample code for 30+ languages & platforms
Objective-C

OAuth2 for a GMail using a JSON Service Account Key

See more GMail SMTP/IMAP/POP Examples

This example shows how to obtain an OAuth2 access token for Gmail using a Google Service Account and a JSON private key. Once acquired, the access token can be used to send emails. Remember, upon token expiration, this process needs to be repeated to obtain a new token. Note: This procedure is specific to OAuth2 with Google Service Account keys.

Chilkat Objective-C Downloads

Objective-C
#import <CkoFileAccess.h>
#import <NSString.h>
#import <CkoAuthGoogle.h>
#import <CkoSocket.h>
#import <CkoMailMan.h>
#import <CkoEmail.h>

BOOL success = NO;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// --------------------------------------------------------------------------------
// For a step-by-step guide for setting up your Google Workspace service account,
// see Setup Google Workspace Account for Sending SMTP GMail from a Service Account
// --------------------------------------------------------------------------------

// First load the JSON key into a string.
CkoFileAccess *fac = [[CkoFileAccess alloc] init];
NSString *jsonKey = [fac ReadEntireTextFile: @"qa_data/googleApi/chilkat25-b4214220e565.json" charset: @"utf-8"];
if (fac.LastMethodSuccess != YES) {
    NSLog(@"%@",fac.LastErrorText);
    return;
}

// A Google service account JSON private key looks like this:

// {
//   "type": "service_account",
//   "project_id": "chilkat25",
//   "private_key_id": "b4214220f565881e19eeb97c2699bf5a0d1e3e0b",
//   "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQ...NXcM=\n-----END PRIVATE KEY-----\n",
//   "client_email": "chilkatsvc@chilkat25.iam.gserviceaccount.com",
//   "client_id": "109122032928932715958",
//   "auth_uri": "https://accounts.google.com/o/oauth2/auth",
//   "token_uri": "https://oauth2.googleapis.com/token",
//   "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
//   "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/chilkatsvc%40chilkat25.iam.gserviceaccount.com",
//   "universe_domain": "googleapis.com"
// }

CkoAuthGoogle *gAuth = [[CkoAuthGoogle alloc] init];
gAuth.JsonKey = jsonKey;

// Specify a scope.
gAuth.Scope = @"https://mail.google.com/";

// Request an access token that is valid for this many seconds.
gAuth.ExpireNumSeconds = [NSNumber numberWithInt:3600];

// When using a Google Workspace account with Gmail APIs, a service account can impersonate a user 
// via a process called domain-wide delegation � and the "sub" claim in the JWT is what enables this.
// Domain-wide delegation allows a Google Workspace administrator to authorize a service account to 
// act on behalf of any user in the domain, without user interaction.

// This is required for server-to-server access to user data � such as reading/sending Gmail from a background service.
// This is your company email address.
gAuth.SubEmailAddress = @"info@chilkat.xyz";

// Connect to www.googleapis.com using TLS
CkoSocket *tlsSock = [[CkoSocket alloc] init];
success = [tlsSock Connect: @"www.googleapis.com" port: [NSNumber numberWithInt: 443] ssl: YES maxWaitMs: [NSNumber numberWithInt: 5000]];
if (success != YES) {
    NSLog(@"%@",tlsSock.LastErrorText);
    return;
}

// Send the request to obtain the access token.
success = [gAuth ObtainAccessToken: tlsSock];
if (success != YES) {
    NSLog(@"%@",gAuth.LastErrorText);
    return;
}

// Examine the access token:
NSString *accessToken = gAuth.AccessToken;
NSLog(@"%@%@",@"Access Token: ",accessToken);

// Sample output:
// ya29.a0AW4XtxjGTD67Z8 .... IRw0218

// The access token allows us to send unlimited emails while it's valid. Once it expires, we must obtain and use a new one.

// -----------------------------------------------------------------------
CkoMailMan *mailman = [[CkoMailMan alloc] init];

// Set the properties for the GMail SMTP server:
mailman.SmtpHost = @"smtp.gmail.com";
mailman.SmtpPort = [NSNumber numberWithInt:587];
mailman.StartTLS = YES;

mailman.SmtpUsername = @"info@chilkat.xyz";
mailman.OAuth2AccessToken = accessToken;

// Create a new email object
CkoEmail *email = [[CkoEmail alloc] init];

email.Subject = @"This is a test";
email.Body = @"This is a test";
email.From = @"Chilkat Test <info@chilkat.xyz>";
success = [email AddTo: @"Chilkat Software" emailAddress: @"info@chilkatsoft.com"];
// To add more recipients, call AddTo, AddCC, or AddBcc once per recipient.

success = [mailman SendEmail: email];
if (success != YES) {
    NSLog(@"%@",mailman.LastErrorText);
    return;
}

success = [mailman CloseSmtpConnection];
if (success != YES) {
    NSLog(@"%@",@"Connection to SMTP server not closed cleanly.");
}

NSLog(@"%@",@"Successfully sent email using Gmail with a service account key.");