Sample code for 30+ languages & platforms
DataFlex

OAuth2 for GMail using a Service Account Key

Demonstrates how to use GMail with OAuth2 for a Google Service Account. The 1st step is to obtain a temporary access token from the Google OAuth 2.0 Authorization Server. This can be accomplished using Chilkat HTTP.

Once the access token is obtained, it may be used in IMAP XOAUTH2 authentication. The access token may be used while it remains valid to send as many emails as desired. Once it expires, a new access token needs to be obtained (using the same procedure).

Note: This is for OAuth2 using Google Service account keys.

Chilkat DataFlex Downloads

DataFlex
Use ChilkatAx-win32.pkg

Procedure Test
    Boolean iSuccess
    Variant vCert
    Handle hoCert
    String sIss
    String sScope
    String sSub
    Integer iNumSec
    Handle hoHttp
    String sAccessToken
    Handle hoImap
    String sTemp1
    Boolean bTemp1

    Move False To iSuccess

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // --------------------------------------------------------------------
    // Important:  In most cases, this example is not what you are looking for.
    // This example is for OAuth2 using a Google Service Account Key.
    // 
    // It is more likely that the example you actually need is here:
    // Get GMail IMAP OAuth2 Access Token 
    // --------------------------------------------------------------------

    // When a service account (Client ID) is created at https://code.google.com/apis/console/
    // Google will generate a P12 key.  This is a PKCS12 (PFX) file that you will download
    // and save.  The password to access the contents of this file is "notasecret".
    // NOTE: The Chilkat Pfx API provides the ability to load a PFX/P12 and re-save
    // with a different password.

    // Begin by loading the downloaded .p12 into a Chilkat certificate object:
    Get Create (RefClass(cComChilkatCert)) To hoCert
    If (Not(IsComObjectCreated(hoCert))) Begin
        Send CreateComObject of hoCert
    End
    Get ComLoadPfxFile Of hoCert "/myDir/API Project-1c43a291e2a1-notasecret.p12" "notasecret" To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoCert To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // The next (and final) step is to request the access token.  Chilkat internally
    // does all the work of forming the JWT header and JWT claim set, encoding and
    // signing the JWT, and sending the access token request.
    // The application need only provide the inputs: The iss, scope(s), sub, and the
    // desired duration with a max of 3600 seconds (1 hour).
    // 
    // Each of these inputs is defined as follows 
    // (see https://developers.google.com/accounts/docs/OAuth2ServiceAccount
    // iss: The email address of the service account.
    // scope: A space-delimited list of the permissions that the application requests.
    // sub: The email address of the user for which the application is requesting delegated access.
    //      The sub may be empty if there is no delegation. (This is typical.)
    // numSec: The number of seconds for which the access token will be valid (max 3600).

    Move "761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com" To sIss
    Move "https://mail.google.com/" To sScope
    Move "" To sSub
    Move 3600 To iNumSec

    Get Create (RefClass(cComChilkatHttp)) To hoHttp
    If (Not(IsComObjectCreated(hoHttp))) Begin
        Send CreateComObject of hoHttp
    End
    Get pvComObject of hoCert to vCert
    Get ComG_SvcOauthAccessToken Of hoHttp sIss sScope sSub iNumSec vCert To sAccessToken
    Get ComLastMethodSuccess Of hoHttp To bTemp1
    If (bTemp1 <> True) Begin
        Get ComLastErrorText Of hoHttp To sTemp1
        Showln sTemp1
        Procedure_Return
    End
    Else Begin
        Showln "access token: " sAccessToken
    End

    // Now that we have the access token, it may be used to authenticate via XOAUTH2 with GMail:

    Get Create (RefClass(cComChilkatImap)) To hoImap
    If (Not(IsComObjectCreated(hoImap))) Begin
        Send CreateComObject of hoImap
    End

    // GMail's IMAP service uses SSL and port 993.
    Set ComSsl Of hoImap To True
    Set ComPort Of hoImap To 993

    // Connect to the GMail IMAP server.
    Get ComConnect Of hoImap "imap.gmail.com" To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoImap To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Indicate that XOAUTH2 authentication is to be used:
    Set ComAuthMethod Of hoImap To "XOAUTH2"

    // Login
    // The username must be the email address used for the "sub" argument when getting
    // the access token.  Instead of using a password, pass the access token in the 2nd argument:
    Get ComLogin Of hoImap "user@your-domain.com" sAccessToken To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoImap To sTemp1
        Showln sTemp1
    End
    Else Begin
        Showln "Successfully authenticate with GMail IMAP using XOAUTH2!"
    End



End_Procedure