PowerShell
PowerShell
Get Google API Access Token using JSON Private Key
See more Google APIs Examples
Demonstrates how to get a Google API access token using a JSON service account private key.Chilkat PowerShell Downloads
Add-Type -Path "C:\chilkat\ChilkatDotNet47-x64\ChilkatDotNet47.dll"
$success = $false
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# --------------------------------------------------------------------------------
# For a step-by-step guide for setting up your Google Workspace service account,
# see Setup Google Workspace Account for Sending SMTP GMail from a Service Account
# --------------------------------------------------------------------------------
# First load the JSON key into a string.
$fac = New-Object Chilkat.FileAccess
$jsonKey = $fac.ReadEntireTextFile("qa_data/googleApi/chilkat25-b4214220e565.json","utf-8")
if ($fac.LastMethodSuccess -ne $true) {
$($fac.LastErrorText)
exit
}
# A Google service account JSON private key looks like this:
# {
# "type": "service_account",
# "project_id": "chilkat25",
# "private_key_id": "b4214220f565881e19eeb97c2699bf5a0d1e3e0b",
# "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQ...NXcM=\n-----END PRIVATE KEY-----\n",
# "client_email": "chilkatsvc@chilkat25.iam.gserviceaccount.com",
# "client_id": "109122032928932715958",
# "auth_uri": "https://accounts.google.com/o/oauth2/auth",
# "token_uri": "https://oauth2.googleapis.com/token",
# "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
# "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/chilkatsvc%40chilkat25.iam.gserviceaccount.com",
# "universe_domain": "googleapis.com"
# }
$gAuth = New-Object Chilkat.AuthGoogle
$gAuth.JsonKey = $jsonKey
# Specify a scope.
$gAuth.Scope = "https://mail.google.com/"
# Request an access token that is valid for this many seconds.
$gAuth.ExpireNumSeconds = 3600
# When using a Google Workspace account with Gmail APIs, a service account can impersonate a user
# via a process called domain-wide delegation — and the "sub" claim in the JWT is what enables this.
# Domain-wide delegation allows a Google Workspace administrator to authorize a service account to
# act on behalf of any user in the domain, without user interaction.
# This is required for server-to-server access to user data — such as reading/sending Gmail from a background service.
# This is your company email address.
$gAuth.SubEmailAddress = "info@chilkat.xyz"
# Connect to www.googleapis.com using TLS
$tlsSock = New-Object Chilkat.Socket
$success = $tlsSock.Connect("www.googleapis.com",443,$true,5000)
if ($success -ne $true) {
$($tlsSock.LastErrorText)
exit
}
# Send the request to obtain the access token.
$success = $gAuth.ObtainAccessToken($tlsSock)
if ($success -ne $true) {
$($gAuth.LastErrorText)
exit
}
# Examine the access token:
$accessToken = $gAuth.AccessToken
$("Access Token: " + $accessToken)
# Sample output:
# ya29.a0AW4XtxjGTD67Z8 .... IRw0218
# The access token allows us to send unlimited emails while it's valid. Once it expires, we must obtain and use a new one.
# -----------------------------------------------------------------------
$mailman = New-Object Chilkat.MailMan
# Set the properties for the GMail SMTP server:
$mailman.SmtpHost = "smtp.gmail.com"
$mailman.SmtpPort = 587
$mailman.StartTLS = $true
$mailman.SmtpUsername = "info@chilkat.xyz"
$mailman.OAuth2AccessToken = $accessToken
# Create a new email object
$email = New-Object Chilkat.Email
$email.Subject = "This is a test"
$email.Body = "This is a test"
$email.From = "Chilkat Test <info@chilkat.xyz>"
$success = $email.AddTo("Chilkat Software","info@chilkatsoft.com")
# To add more recipients, call AddTo, AddCC, or AddBcc once per recipient.
$success = $mailman.SendEmail($email)
if ($success -ne $true) {
$($mailman.LastErrorText)
exit
}
$success = $mailman.CloseSmtpConnection()
if ($success -ne $true) {
$("Connection to SMTP server not closed cleanly.")
}
$("Successfully sent email using Gmail with a service account key.")