Sample code for 30+ languages & platforms
AutoIt

Get Google API Access Token using JSON Private Key

See more Google APIs Examples

Demonstrates how to get a Google API access token using a JSON service account private key.

Chilkat AutoIt Downloads

AutoIt
Local $bSuccess = False

; This example requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.

; --------------------------------------------------------------------------------
; For a step-by-step guide for setting up your Google Workspace service account,
; see Setup Google Workspace Account for Sending SMTP GMail from a Service Account
; --------------------------------------------------------------------------------

; First load the JSON key into a string.
$oFac = ObjCreate("Chilkat.FileAccess")
Local $sJsonKey = $oFac.ReadEntireTextFile("qa_data/googleApi/chilkat25-b4214220e565.json","utf-8")
If ($oFac.LastMethodSuccess <> True) Then
    ConsoleWrite($oFac.LastErrorText & @CRLF)
    Exit
EndIf

; A Google service account JSON private key looks like this:

; {
;   "type": "service_account",
;   "project_id": "chilkat25",
;   "private_key_id": "b4214220f565881e19eeb97c2699bf5a0d1e3e0b",
;   "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQ...NXcM=\n-----END PRIVATE KEY-----\n",
;   "client_email": "chilkatsvc@chilkat25.iam.gserviceaccount.com",
;   "client_id": "109122032928932715958",
;   "auth_uri": "https://accounts.google.com/o/oauth2/auth",
;   "token_uri": "https://oauth2.googleapis.com/token",
;   "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
;   "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/chilkatsvc%40chilkat25.iam.gserviceaccount.com",
;   "universe_domain": "googleapis.com"
; }

$oGAuth = ObjCreate("Chilkat.AuthGoogle")
$oGAuth.JsonKey = $sJsonKey

; Specify a scope.
$oGAuth.Scope = "https://mail.google.com/"

; Request an access token that is valid for this many seconds.
$oGAuth.ExpireNumSeconds = 3600

; When using a Google Workspace account with Gmail APIs, a service account can impersonate a user 
; via a process called domain-wide delegation — and the "sub" claim in the JWT is what enables this.
; Domain-wide delegation allows a Google Workspace administrator to authorize a service account to 
; act on behalf of any user in the domain, without user interaction.

; This is required for server-to-server access to user data — such as reading/sending Gmail from a background service.
; This is your company email address.
$oGAuth.SubEmailAddress = "info@chilkat.xyz"

; Connect to www.googleapis.com using TLS
$oTlsSock = ObjCreate("Chilkat.Socket")
$bSuccess = $oTlsSock.Connect("www.googleapis.com",443,True,5000)
If ($bSuccess <> True) Then
    ConsoleWrite($oTlsSock.LastErrorText & @CRLF)
    Exit
EndIf

; Send the request to obtain the access token.
$bSuccess = $oGAuth.ObtainAccessToken($oTlsSock)
If ($bSuccess <> True) Then
    ConsoleWrite($oGAuth.LastErrorText & @CRLF)
    Exit
EndIf

; Examine the access token:
Local $sAccessToken = $oGAuth.AccessToken
ConsoleWrite("Access Token: " & $sAccessToken & @CRLF)

; Sample output:
; ya29.a0AW4XtxjGTD67Z8 .... IRw0218

; The access token allows us to send unlimited emails while it's valid. Once it expires, we must obtain and use a new one.

; -----------------------------------------------------------------------
$oMailman = ObjCreate("Chilkat.MailMan")

; Set the properties for the GMail SMTP server:
$oMailman.SmtpHost = "smtp.gmail.com"
$oMailman.SmtpPort = 587
$oMailman.StartTLS = True

$oMailman.SmtpUsername = "info@chilkat.xyz"
$oMailman.OAuth2AccessToken = $sAccessToken

; Create a new email object
$oEmail = ObjCreate("Chilkat.Email")

$oEmail.Subject = "This is a test"
$oEmail.Body = "This is a test"
$oEmail.From = "Chilkat Test <info@chilkat.xyz>"
$bSuccess = $oEmail.AddTo("Chilkat Software","info@chilkatsoft.com")
; To add more recipients, call AddTo, AddCC, or AddBcc once per recipient.

$bSuccess = $oMailman.SendEmail($oEmail)
If ($bSuccess <> True) Then
    ConsoleWrite($oMailman.LastErrorText & @CRLF)
    Exit
EndIf

$bSuccess = $oMailman.CloseSmtpConnection()
If ($bSuccess <> True) Then
    ConsoleWrite("Connection to SMTP server not closed cleanly." & @CRLF)
EndIf

ConsoleWrite("Successfully sent email using Gmail with a service account key." & @CRLF)