Sample code for 30+ languages & platforms
Unicode C

Get Google API Access Token using JSON Private Key

See more Google APIs Examples

Demonstrates how to get a Google API access token using a JSON service account private key.

Chilkat Unicode C Downloads

Unicode C
#include <C_CkFileAccessW.h>
#include <C_CkAuthGoogleW.h>
#include <C_CkSocketW.h>
#include <C_CkMailManW.h>
#include <C_CkEmailW.h>

void ChilkatSample(void)
    {
    BOOL success;
    HCkFileAccessW fac;
    const wchar_t *jsonKey;
    HCkAuthGoogleW gAuth;
    HCkSocketW tlsSock;
    const wchar_t *accessToken;
    HCkMailManW mailman;
    HCkEmailW email;

    success = FALSE;

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // --------------------------------------------------------------------------------
    // For a step-by-step guide for setting up your Google Workspace service account,
    // see Setup Google Workspace Account for Sending SMTP GMail from a Service Account
    // --------------------------------------------------------------------------------

    // First load the JSON key into a string.
    fac = CkFileAccessW_Create();
    jsonKey = CkFileAccessW_readEntireTextFile(fac,L"qa_data/googleApi/chilkat25-b4214220e565.json",L"utf-8");
    if (CkFileAccessW_getLastMethodSuccess(fac) != TRUE) {
        wprintf(L"%s\n",CkFileAccessW_lastErrorText(fac));
        CkFileAccessW_Dispose(fac);
        return;
    }

    // A Google service account JSON private key looks like this:

    // {
    //   "type": "service_account",
    //   "project_id": "chilkat25",
    //   "private_key_id": "b4214220f565881e19eeb97c2699bf5a0d1e3e0b",
    //   "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQ...NXcM=\n-----END PRIVATE KEY-----\n",
    //   "client_email": "chilkatsvc@chilkat25.iam.gserviceaccount.com",
    //   "client_id": "109122032928932715958",
    //   "auth_uri": "https://accounts.google.com/o/oauth2/auth",
    //   "token_uri": "https://oauth2.googleapis.com/token",
    //   "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
    //   "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/chilkatsvc%40chilkat25.iam.gserviceaccount.com",
    //   "universe_domain": "googleapis.com"
    // }

    gAuth = CkAuthGoogleW_Create();
    CkAuthGoogleW_putJsonKey(gAuth,jsonKey);

    // Specify a scope.
    CkAuthGoogleW_putScope(gAuth,L"https://mail.google.com/");

    // Request an access token that is valid for this many seconds.
    CkAuthGoogleW_putExpireNumSeconds(gAuth,3600);

    // When using a Google Workspace account with Gmail APIs, a service account can impersonate a user 
    // via a process called domain-wide delegation — and the "sub" claim in the JWT is what enables this.
    // Domain-wide delegation allows a Google Workspace administrator to authorize a service account to 
    // act on behalf of any user in the domain, without user interaction.

    // This is required for server-to-server access to user data — such as reading/sending Gmail from a background service.
    // This is your company email address.
    CkAuthGoogleW_putSubEmailAddress(gAuth,L"info@chilkat.xyz");

    // Connect to www.googleapis.com using TLS
    tlsSock = CkSocketW_Create();
    success = CkSocketW_Connect(tlsSock,L"www.googleapis.com",443,TRUE,5000);
    if (success != TRUE) {
        wprintf(L"%s\n",CkSocketW_lastErrorText(tlsSock));
        CkFileAccessW_Dispose(fac);
        CkAuthGoogleW_Dispose(gAuth);
        CkSocketW_Dispose(tlsSock);
        return;
    }

    // Send the request to obtain the access token.
    success = CkAuthGoogleW_ObtainAccessToken(gAuth,tlsSock);
    if (success != TRUE) {
        wprintf(L"%s\n",CkAuthGoogleW_lastErrorText(gAuth));
        CkFileAccessW_Dispose(fac);
        CkAuthGoogleW_Dispose(gAuth);
        CkSocketW_Dispose(tlsSock);
        return;
    }

    // Examine the access token:
    accessToken = CkAuthGoogleW_accessToken(gAuth);
    wprintf(L"Access Token: %s\n",accessToken);

    // Sample output:
    // ya29.a0AW4XtxjGTD67Z8 .... IRw0218

    // The access token allows us to send unlimited emails while it's valid. Once it expires, we must obtain and use a new one.

    // -----------------------------------------------------------------------
    mailman = CkMailManW_Create();

    // Set the properties for the GMail SMTP server:
    CkMailManW_putSmtpHost(mailman,L"smtp.gmail.com");
    CkMailManW_putSmtpPort(mailman,587);
    CkMailManW_putStartTLS(mailman,TRUE);

    CkMailManW_putSmtpUsername(mailman,L"info@chilkat.xyz");
    CkMailManW_putOAuth2AccessToken(mailman,accessToken);

    // Create a new email object
    email = CkEmailW_Create();

    CkEmailW_putSubject(email,L"This is a test");
    CkEmailW_putBody(email,L"This is a test");
    CkEmailW_putFrom(email,L"Chilkat Test <info@chilkat.xyz>");
    success = CkEmailW_AddTo(email,L"Chilkat Software",L"info@chilkatsoft.com");
    // To add more recipients, call AddTo, AddCC, or AddBcc once per recipient.

    success = CkMailManW_SendEmail(mailman,email);
    if (success != TRUE) {
        wprintf(L"%s\n",CkMailManW_lastErrorText(mailman));
        CkFileAccessW_Dispose(fac);
        CkAuthGoogleW_Dispose(gAuth);
        CkSocketW_Dispose(tlsSock);
        CkMailManW_Dispose(mailman);
        CkEmailW_Dispose(email);
        return;
    }

    success = CkMailManW_CloseSmtpConnection(mailman);
    if (success != TRUE) {
        wprintf(L"Connection to SMTP server not closed cleanly.\n");
    }

    wprintf(L"Successfully sent email using Gmail with a service account key.\n");


    CkFileAccessW_Dispose(fac);
    CkAuthGoogleW_Dispose(gAuth);
    CkSocketW_Dispose(tlsSock);
    CkMailManW_Dispose(mailman);
    CkEmailW_Dispose(email);

    }