Sample code for 30+ languages & platforms
Pascal (Lazarus/Delphi)

OAuth2 for a GMail using a JSON Service Account Key

See more GMail SMTP/IMAP/POP Examples

This example shows how to obtain an OAuth2 access token for Gmail using a Google Service Account and a JSON private key. Once acquired, the access token can be used to send emails. Remember, upon token expiration, this process needs to be repeated to obtain a new token. Note: This procedure is specific to OAuth2 with Google Service Account keys.

Chilkat Pascal (Lazarus/Delphi) Downloads

Pascal (Lazarus/Delphi)
program ChilkatDemo;

// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.

{$IFDEF FPC}
  {$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}

uses
  {$IFDEF UNIX}
  cthreads,
  {$ENDIF}
  SysUtils,
  CkDllLoader,
  Chilkat.MailMan,
  Chilkat.FileAccess,
  Chilkat.AuthGoogle,
  Chilkat.Email,
  Chilkat.Socket;

// ---------------------------------------------------------------------------

procedure RunDemo;
var
  success: Boolean;
  fac: TFileAccess;
  jsonKey: string;
  gAuth: TAuthGoogle;
  tlsSock: TSocket;
  accessToken: string;
  mailman: TMailMan;
  email: TEmail;

begin
  success := False;

  //  This example requires the Chilkat API to have been previously unlocked.
  //  See Global Unlock Sample for sample code.

  //  --------------------------------------------------------------------------------
  //  For a step-by-step guide for setting up your Google Workspace service account,
  //  see Setup Google Workspace Account for Sending SMTP GMail from a Service Account
  //  --------------------------------------------------------------------------------

  //  First load the JSON key into a string.
  fac := TFileAccess.Create;
  jsonKey := fac.ReadEntireTextFile('qa_data/googleApi/chilkat25-b4214220e565.json','utf-8');
  if (fac.LastMethodSuccess <> True) then
    begin
      WriteLn(fac.LastErrorText);
      Exit;
    end;

  //  A Google service account JSON private key looks like this:

  //  {
  //    "type": "service_account",
  //    "project_id": "chilkat25",
  //    "private_key_id": "b4214220f565881e19eeb97c2699bf5a0d1e3e0b",
  //    "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQ...NXcM=\n-----END PRIVATE KEY-----\n",
  //    "client_email": "chilkatsvc@chilkat25.iam.gserviceaccount.com",
  //    "client_id": "109122032928932715958",
  //    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  //    "token_uri": "https://oauth2.googleapis.com/token",
  //    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  //    "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/chilkatsvc%40chilkat25.iam.gserviceaccount.com",
  //    "universe_domain": "googleapis.com"
  //  }

  gAuth := TAuthGoogle.Create;
  gAuth.JsonKey := jsonKey;

  //  Specify a scope.
  gAuth.Scope := 'https://mail.google.com/';

  //  Request an access token that is valid for this many seconds.
  gAuth.ExpireNumSeconds := 3600;

  //  When using a Google Workspace account with Gmail APIs, a service account can impersonate a user 
  //  via a process called domain-wide delegation � and the "sub" claim in the JWT is what enables this.
  //  Domain-wide delegation allows a Google Workspace administrator to authorize a service account to 
  //  act on behalf of any user in the domain, without user interaction.

  //  This is required for server-to-server access to user data � such as reading/sending Gmail from a background service.
  //  This is your company email address.
  gAuth.SubEmailAddress := 'info@chilkat.xyz';

  //  Connect to www.googleapis.com using TLS
  tlsSock := TSocket.Create;
  success := tlsSock.Connect('www.googleapis.com',443,True,5000);
  if (success <> True) then
    begin
      WriteLn(tlsSock.LastErrorText);
      Exit;
    end;

  //  Send the request to obtain the access token.
  success := gAuth.ObtainAccessToken(tlsSock);
  if (success <> True) then
    begin
      WriteLn(gAuth.LastErrorText);
      Exit;
    end;

  //  Examine the access token:
  accessToken := gAuth.AccessToken;
  WriteLn('Access Token: ' + accessToken);

  //  Sample output:
  //  ya29.a0AW4XtxjGTD67Z8 .... IRw0218

  //  The access token allows us to send unlimited emails while it's valid. Once it expires, we must obtain and use a new one.

  //  -----------------------------------------------------------------------
  mailman := TMailMan.Create;

  //  Set the properties for the GMail SMTP server:
  mailman.SmtpHost := 'smtp.gmail.com';
  mailman.SmtpPort := 587;
  mailman.StartTLS := True;

  mailman.SmtpUsername := 'info@chilkat.xyz';
  mailman.OAuth2AccessToken := accessToken;

  //  Create a new email object
  email := TEmail.Create;

  email.Subject := 'This is a test';
  email.Body := 'This is a test';
  email.From := 'Chilkat Test <info@chilkat.xyz>';
  success := email.AddTo('Chilkat Software','info@chilkatsoft.com');
  //  To add more recipients, call AddTo, AddCC, or AddBcc once per recipient.

  success := mailman.SendEmail(email);
  if (success <> True) then
    begin
      WriteLn(mailman.LastErrorText);
      Exit;
    end;

  success := mailman.CloseSmtpConnection();
  if (success <> True) then
    begin
      WriteLn('Connection to SMTP server not closed cleanly.');
    end;

  WriteLn('Successfully sent email using Gmail with a service account key.');


  fac.Free;
  gAuth.Free;
  tlsSock.Free;
  mailman.Free;
  email.Free;

end;

// ---------------------------------------------------------------------------

begin

  try
    RunDemo;
  except
    on E: Exception do
      WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
  end;

  WriteLn;
  {$IFDEF MSWINDOWS}
  WriteLn('Press Enter to exit...');
  ReadLn;
  {$ENDIF}
end.