Sample code for 30+ languages & platforms
PHP ActiveX

Get Google API Access Token using JSON Private Key

See more Google APIs Examples

Demonstrates how to get a Google API access token using a JSON service account private key.

Chilkat PHP ActiveX Downloads

PHP ActiveX
<?php

$success = 0;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// --------------------------------------------------------------------------------
// For a step-by-step guide for setting up your Google Workspace service account,
// see Setup Google Workspace Account for Sending SMTP GMail from a Service Account
// --------------------------------------------------------------------------------

// First load the JSON key into a string.
$fac = new COM("Chilkat.FileAccess");
$jsonKey = $fac->readEntireTextFile('qa_data/googleApi/chilkat25-b4214220e565.json','utf-8');
if ($fac->LastMethodSuccess != 1) {
    print $fac->LastErrorText . "\n";
    exit;
}

// A Google service account JSON private key looks like this:

// {
//   "type": "service_account",
//   "project_id": "chilkat25",
//   "private_key_id": "b4214220f565881e19eeb97c2699bf5a0d1e3e0b",
//   "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQ...NXcM=\n-----END PRIVATE KEY-----\n",
//   "client_email": "chilkatsvc@chilkat25.iam.gserviceaccount.com",
//   "client_id": "109122032928932715958",
//   "auth_uri": "https://accounts.google.com/o/oauth2/auth",
//   "token_uri": "https://oauth2.googleapis.com/token",
//   "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
//   "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/chilkatsvc%40chilkat25.iam.gserviceaccount.com",
//   "universe_domain": "googleapis.com"
// }

$gAuth = new COM("Chilkat.AuthGoogle");
$gAuth->JsonKey = $jsonKey;

// Specify a scope.
$gAuth->Scope = 'https://mail.google.com/';

// Request an access token that is valid for this many seconds.
$gAuth->ExpireNumSeconds = 3600;

// When using a Google Workspace account with Gmail APIs, a service account can impersonate a user 
// via a process called domain-wide delegation — and the "sub" claim in the JWT is what enables this.
// Domain-wide delegation allows a Google Workspace administrator to authorize a service account to 
// act on behalf of any user in the domain, without user interaction.

// This is required for server-to-server access to user data — such as reading/sending Gmail from a background service.
// This is your company email address.
$gAuth->SubEmailAddress = 'info@chilkat.xyz';

// Connect to www.googleapis.com using TLS
$tlsSock = new COM("Chilkat.Socket");
$success = $tlsSock->Connect('www.googleapis.com',443,1,5000);
if ($success != 1) {
    print $tlsSock->LastErrorText . "\n";
    exit;
}

// Send the request to obtain the access token.
$success = $gAuth->ObtainAccessToken($tlsSock);
if ($success != 1) {
    print $gAuth->LastErrorText . "\n";
    exit;
}

// Examine the access token:
$accessToken = $gAuth->AccessToken;
print 'Access Token: ' . $accessToken . "\n";

// Sample output:
// ya29.a0AW4XtxjGTD67Z8 .... IRw0218

// The access token allows us to send unlimited emails while it's valid. Once it expires, we must obtain and use a new one.

// -----------------------------------------------------------------------
$mailman = new COM("Chilkat.MailMan");

// Set the properties for the GMail SMTP server:
$mailman->SmtpHost = 'smtp.gmail.com';
$mailman->SmtpPort = 587;
$mailman->StartTLS = 1;

$mailman->SmtpUsername = 'info@chilkat.xyz';
$mailman->OAuth2AccessToken = $accessToken;

// Create a new email object
$email = new COM("Chilkat.Email");

$email->Subject = 'This is a test';
$email->Body = 'This is a test';
$email->From = 'Chilkat Test <info@chilkat.xyz>';
$success = $email->AddTo('Chilkat Software','info@chilkatsoft.com');
// To add more recipients, call AddTo, AddCC, or AddBcc once per recipient.

$success = $mailman->SendEmail($email);
if ($success != 1) {
    print $mailman->LastErrorText . "\n";
    exit;
}

$success = $mailman->CloseSmtpConnection();
if ($success != 1) {
    print 'Connection to SMTP server not closed cleanly.' . "\n";
}

print 'Successfully sent email using Gmail with a service account key.' . "\n";

?>