Tcl
Tcl
OAuth2 for a GMail using a JSON Service Account Key
See more GMail SMTP/IMAP/POP Examples
This example shows how to obtain an OAuth2 access token for Gmail using a Google Service Account and a JSON private key. Once acquired, the access token can be used to send emails. Remember, upon token expiration, this process needs to be repeated to obtain a new token. Note: This procedure is specific to OAuth2 with Google Service Account keys.Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# --------------------------------------------------------------------------------
# For a step-by-step guide for setting up your Google Workspace service account,
# see Setup Google Workspace Account for Sending SMTP GMail from a Service Account
# --------------------------------------------------------------------------------
# First load the JSON key into a string.
set fac [new_CkFileAccess]
set jsonKey [CkFileAccess_readEntireTextFile $fac "qa_data/googleApi/chilkat25-b4214220e565.json" "utf-8"]
if {[CkFileAccess_get_LastMethodSuccess $fac] != 1} then {
puts [CkFileAccess_lastErrorText $fac]
delete_CkFileAccess $fac
exit
}
# A Google service account JSON private key looks like this:
# {
# "type": "service_account",
# "project_id": "chilkat25",
# "private_key_id": "b4214220f565881e19eeb97c2699bf5a0d1e3e0b",
# "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQ...NXcM=\n-----END PRIVATE KEY-----\n",
# "client_email": "chilkatsvc@chilkat25.iam.gserviceaccount.com",
# "client_id": "109122032928932715958",
# "auth_uri": "https://accounts.google.com/o/oauth2/auth",
# "token_uri": "https://oauth2.googleapis.com/token",
# "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
# "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/chilkatsvc%40chilkat25.iam.gserviceaccount.com",
# "universe_domain": "googleapis.com"
# }
set gAuth [new_CkAuthGoogle]
CkAuthGoogle_put_JsonKey $gAuth $jsonKey
# Specify a scope.
CkAuthGoogle_put_Scope $gAuth "https://mail.google.com/"
# Request an access token that is valid for this many seconds.
CkAuthGoogle_put_ExpireNumSeconds $gAuth 3600
# When using a Google Workspace account with Gmail APIs, a service account can impersonate a user
# via a process called domain-wide delegation � and the "sub" claim in the JWT is what enables this.
# Domain-wide delegation allows a Google Workspace administrator to authorize a service account to
# act on behalf of any user in the domain, without user interaction.
# This is required for server-to-server access to user data � such as reading/sending Gmail from a background service.
# This is your company email address.
CkAuthGoogle_put_SubEmailAddress $gAuth "info@chilkat.xyz"
# Connect to www.googleapis.com using TLS
set tlsSock [new_CkSocket]
set success [CkSocket_Connect $tlsSock "www.googleapis.com" 443 1 5000]
if {$success != 1} then {
puts [CkSocket_lastErrorText $tlsSock]
delete_CkFileAccess $fac
delete_CkAuthGoogle $gAuth
delete_CkSocket $tlsSock
exit
}
# Send the request to obtain the access token.
set success [CkAuthGoogle_ObtainAccessToken $gAuth $tlsSock]
if {$success != 1} then {
puts [CkAuthGoogle_lastErrorText $gAuth]
delete_CkFileAccess $fac
delete_CkAuthGoogle $gAuth
delete_CkSocket $tlsSock
exit
}
# Examine the access token:
set accessToken [CkAuthGoogle_accessToken $gAuth]
puts "Access Token: $accessToken"
# Sample output:
# ya29.a0AW4XtxjGTD67Z8 .... IRw0218
# The access token allows us to send unlimited emails while it's valid. Once it expires, we must obtain and use a new one.
# -----------------------------------------------------------------------
set mailman [new_CkMailMan]
# Set the properties for the GMail SMTP server:
CkMailMan_put_SmtpHost $mailman "smtp.gmail.com"
CkMailMan_put_SmtpPort $mailman 587
CkMailMan_put_StartTLS $mailman 1
CkMailMan_put_SmtpUsername $mailman "info@chilkat.xyz"
CkMailMan_put_OAuth2AccessToken $mailman $accessToken
# Create a new email object
set email [new_CkEmail]
CkEmail_put_Subject $email "This is a test"
CkEmail_put_Body $email "This is a test"
CkEmail_put_From $email "Chilkat Test <info@chilkat.xyz>"
set success [CkEmail_AddTo $email "Chilkat Software" "info@chilkatsoft.com"]
# To add more recipients, call AddTo, AddCC, or AddBcc once per recipient.
set success [CkMailMan_SendEmail $mailman $email]
if {$success != 1} then {
puts [CkMailMan_lastErrorText $mailman]
delete_CkFileAccess $fac
delete_CkAuthGoogle $gAuth
delete_CkSocket $tlsSock
delete_CkMailMan $mailman
delete_CkEmail $email
exit
}
set success [CkMailMan_CloseSmtpConnection $mailman]
if {$success != 1} then {
puts "Connection to SMTP server not closed cleanly."
}
puts "Successfully sent email using Gmail with a service account key."
delete_CkFileAccess $fac
delete_CkAuthGoogle $gAuth
delete_CkSocket $tlsSock
delete_CkMailMan $mailman
delete_CkEmail $email