Sample code for 30+ languages & platforms
Perl

Get Google API Access Token using JSON Private Key

See more Google APIs Examples

Demonstrates how to get a Google API access token using a JSON service account private key.

Chilkat Perl Downloads

Perl
use chilkat();

$success = 0;

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# --------------------------------------------------------------------------------
# For a step-by-step guide for setting up your Google Workspace service account,
# see Setup Google Workspace Account for Sending SMTP GMail from a Service Account
# --------------------------------------------------------------------------------

# First load the JSON key into a string.
$fac = chilkat::CkFileAccess->new();
$jsonKey = $fac->readEntireTextFile("qa_data/googleApi/chilkat25-b4214220e565.json","utf-8");
if ($fac->get_LastMethodSuccess() != 1) {
    print $fac->lastErrorText() . "\r\n";
    exit;
}

# A Google service account JSON private key looks like this:

# {
#   "type": "service_account",
#   "project_id": "chilkat25",
#   "private_key_id": "b4214220f565881e19eeb97c2699bf5a0d1e3e0b",
#   "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQ...NXcM=\n-----END PRIVATE KEY-----\n",
#   "client_email": "chilkatsvc@chilkat25.iam.gserviceaccount.com",
#   "client_id": "109122032928932715958",
#   "auth_uri": "https://accounts.google.com/o/oauth2/auth",
#   "token_uri": "https://oauth2.googleapis.com/token",
#   "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
#   "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/chilkatsvc%40chilkat25.iam.gserviceaccount.com",
#   "universe_domain": "googleapis.com"
# }

$gAuth = chilkat::CkAuthGoogle->new();
$gAuth->put_JsonKey($jsonKey);

# Specify a scope.
$gAuth->put_Scope("https://mail.google.com/");

# Request an access token that is valid for this many seconds.
$gAuth->put_ExpireNumSeconds(3600);

# When using a Google Workspace account with Gmail APIs, a service account can impersonate a user 
# via a process called domain-wide delegation — and the "sub" claim in the JWT is what enables this.
# Domain-wide delegation allows a Google Workspace administrator to authorize a service account to 
# act on behalf of any user in the domain, without user interaction.

# This is required for server-to-server access to user data — such as reading/sending Gmail from a background service.
# This is your company email address.
$gAuth->put_SubEmailAddress('info@chilkat.xyz');

# Connect to www.googleapis.com using TLS
$tlsSock = chilkat::CkSocket->new();
$success = $tlsSock->Connect("www.googleapis.com",443,1,5000);
if ($success != 1) {
    print $tlsSock->lastErrorText() . "\r\n";
    exit;
}

# Send the request to obtain the access token.
$success = $gAuth->ObtainAccessToken($tlsSock);
if ($success != 1) {
    print $gAuth->lastErrorText() . "\r\n";
    exit;
}

# Examine the access token:
$accessToken = $gAuth->accessToken();
print "Access Token: " . $accessToken . "\r\n";

# Sample output:
# ya29.a0AW4XtxjGTD67Z8 .... IRw0218

# The access token allows us to send unlimited emails while it's valid. Once it expires, we must obtain and use a new one.

# -----------------------------------------------------------------------
$mailman = chilkat::CkMailMan->new();

# Set the properties for the GMail SMTP server:
$mailman->put_SmtpHost("smtp.gmail.com");
$mailman->put_SmtpPort(587);
$mailman->put_StartTLS(1);

$mailman->put_SmtpUsername('info@chilkat.xyz');
$mailman->put_OAuth2AccessToken($accessToken);

# Create a new email object
$email = chilkat::CkEmail->new();

$email->put_Subject("This is a test");
$email->put_Body("This is a test");
$email->put_From('Chilkat Test <info@chilkat.xyz>');
$success = $email->AddTo("Chilkat Software",'info@chilkatsoft.com');
# To add more recipients, call AddTo, AddCC, or AddBcc once per recipient.

$success = $mailman->SendEmail($email);
if ($success != 1) {
    print $mailman->lastErrorText() . "\r\n";
    exit;
}

$success = $mailman->CloseSmtpConnection();
if ($success != 1) {
    print "Connection to SMTP server not closed cleanly." . "\r\n";
}

print "Successfully sent email using Gmail with a service account key." . "\r\n";