|
|
(JavaScript) Get Google API Access Token using JSON Private Key
Demonstrates how to get a Google API access token using a JSON service account private key.
var success = false;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// --------------------------------------------------------------------------------
// For a step-by-step guide for setting up your Google Workspace service account,
// see Setup Google Workspace Account for Sending SMTP GMail from a Service Account
// --------------------------------------------------------------------------------
// First load the JSON key into a string.
var fac = new CkFileAccess();
var jsonKey = fac.ReadEntireTextFile("qa_data/googleApi/chilkat25-b4214220e565.json","utf-8");
if (fac.LastMethodSuccess !== true) {
console.log(fac.LastErrorText);
return;
}
// A Google service account JSON private key looks like this:
// {
// "type": "service_account",
// "project_id": "chilkat25",
// "private_key_id": "b4214220f565881e19eeb97c2699bf5a0d1e3e0b",
// "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQ...NXcM=\n-----END PRIVATE KEY-----\n",
// "client_email": "chilkatsvc@chilkat25.iam.gserviceaccount.com",
// "client_id": "109122032928932715958",
// "auth_uri": "https://accounts.google.com/o/oauth2/auth",
// "token_uri": "https://oauth2.googleapis.com/token",
// "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
// "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/chilkatsvc%40chilkat25.iam.gserviceaccount.com",
// "universe_domain": "googleapis.com"
// }
var gAuth = new CkAuthGoogle();
gAuth.JsonKey = jsonKey;
// Specify a scope.
gAuth.Scope = "https://mail.google.com/";
// Request an access token that is valid for this many seconds.
gAuth.ExpireNumSeconds = 3600;
// When using a Google Workspace account with Gmail APIs, a service account can impersonate a user
// via a process called domain-wide delegation — and the "sub" claim in the JWT is what enables this.
// Domain-wide delegation allows a Google Workspace administrator to authorize a service account to
// act on behalf of any user in the domain, without user interaction.
// This is required for server-to-server access to user data — such as reading/sending Gmail from a background service.
// This is your company email address.
gAuth.SubEmailAddress = "info@chilkat.xyz";
// Connect to www.googleapis.com using TLS
var tlsSock = new CkSocket();
success = tlsSock.Connect("www.googleapis.com",443,true,5000);
if (success !== true) {
console.log(tlsSock.LastErrorText);
return;
}
// Send the request to obtain the access token.
success = gAuth.ObtainAccessToken(tlsSock);
if (success !== true) {
console.log(gAuth.LastErrorText);
return;
}
// Examine the access token:
var accessToken = gAuth.AccessToken;
console.log("Access Token: " + accessToken);
// Sample output:
// ya29.a0AW4XtxjGTD67Z8 .... IRw0218
// The access token allows us to send unlimited emails while it's valid. Once it expires, we must obtain and use a new one.
// -----------------------------------------------------------------------
var mailman = new CkMailMan();
// Set the properties for the GMail SMTP server:
mailman.SmtpHost = "smtp.gmail.com";
mailman.SmtpPort = 587;
mailman.StartTLS = true;
mailman.SmtpUsername = "info@chilkat.xyz";
mailman.OAuth2AccessToken = accessToken;
// Create a new email object
var email = new CkEmail();
email.Subject = "This is a test";
email.Body = "This is a test";
email.From = "Chilkat Test <info@chilkat.xyz>";
success = email.AddTo("Chilkat Software","info@chilkatsoft.com");
// To add more recipients, call AddTo, AddCC, or AddBcc once per recipient.
success = mailman.SendEmail(email);
if (success !== true) {
console.log(mailman.LastErrorText);
return;
}
success = mailman.CloseSmtpConnection();
if (success !== true) {
console.log("Connection to SMTP server not closed cleanly.");
}
console.log("Successfully sent email using Gmail with a service account key.");
|
