Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Read gmail messages.

See original GitHub issue

I’m trying to fetch/read messages from gmail. The approach I’m using is server-to-server. My application runs on nodejs. My code look something like this:

var googleapis = require('googleapis'),
  JWT = googleapis.auth.JWT;

var serviceEmail = 'etc-etc@developer.gserviceaccount.com';
var serviceKeyFile = __dirname + '/key.pem';
var subject = '';

var authClient = new JWT(
  serviceEmail,
  serviceKeyFile,
  null,
  ['https://www.googleapis.com/auth/gmail.modify'],
  subject
);

authClient.authorize(function (err, tokens) {
  if (err) {
    console.log(err);
    return;
  }

  console.log(tokens);

  var gmail = googleapis.gmail({ auth: authClient, version: 'v1' });

  var emails = gmail.users.messages.list({
    includeSpamTrash: false,
    maxResults: 5,
    q: "",
    userId: "myemail@gmail.com"
  }, function (err, results) {
    console.log(err);
    console.log(results);
  });
});

I can see that the token si there and it look like:

{ access_token: 'lettersandnumbers-etc',
  token_type: 'Bearer',
  expiry_date: 1427231278000,
  refresh_token: 'jwt-placeholder' }

But I got this error.

{ [Error: Backend Error] code: 500 }
null

If I change subject=‘myemail@gmail.com’ I got { error: ‘unauthorized_client’, error_description: ‘Unauthorized client or scope in request.’ }

What should I do ?

Issue Analytics

  • State:closed
  • Created 8 years ago
  • Comments:17 (8 by maintainers)

github_iconTop GitHub Comments

5reactions
geezmocommented, Jun 3, 2015

@George02, the last parameter of JWT function should be the account you are authenticating on:

var authClient = new JWT(
serviceEmail,
serviceKeyFile,
null,
['https://www.googleapis.com/auth/gmail.modify'],
"myemail@gmail.com"
);

Also, you have to delegate domain-wide authority to the service account, like reported here: https://developers.google.com/identity/protocols/OAuth2ServiceAccount. Make sure you have provided the correct scopes for your client id. If everything is set up correctly, it should work. I actually tried with your code on my account and everything works as expected.

(who said you can’t use gmail api with JWT?)

3reactions
JustinBeckwithcommented, Apr 20, 2018

Greetings folks! There are really two ways to do this.

Domain delegation and service accounts

If you’re using G Suite, and you have access to the admin SDK, you can delegate G Suite domain wide authority to a service account. This is probably the “right way” to do things, and you can follow the domain delegation guide here: https://developers.google.com/admin-sdk/directory/v1/guides/delegation

You can find an example of using JWT and service account credentials to make API calls here: https://github.com/google/google-api-nodejs-client/blob/master/samples/jwt.js

Personal email accounts

If you’re using a personal email account, there’s another way you could do this 😃 You could perform a one time OAuth2 workflow, as outlined here: https://github.com/google/google-api-nodejs-client/blob/master/samples/oauth2.js

The very first time you walk through this workflow, the oauth2Client.getToken(qs.code) method is going to return an object with two tokens: the access_token and the refresh_token. The tokens can be set on any OAuth2 client, and re-used to make requests using the original user’s identity. Because of that… you’re going to want to be super careful with these tokens. DO NOT share them.

The access_token will expire, but as long as you have a refresh token that’s fine. After you get both of these from the original request, you can set them on new OAuth2 client objects:

oauth2Client.credentials = {
  access_token: 'abc123',
  refresh_token: 'not-a-token';
};

For as long as the refresh_token has access (until you revoke it), you’ll be able to make API calls on behalf of the user (yourself in this case).

Hopefully this helps. If y’all run into any problems, let me know!

Read more comments on GitHub >

github_iconTop Results From Across the Web

Inbox by Gmail - Google
Inbox by Gmail is going away at the end of March 2019. Use the new Gmail to help you get more done and...
Read more >
Request or return a read receipt - Gmail Help - Google Support
Request a read receipt · On your computer, open Gmail. · Click Compose. · Compose your email as you normally would. · At...
Read more >
Receiving and Reading Email in Gmail - InformIT
From the Gmail inbox, click the tab that contains the type of message you want to view. · Select the message you want...
Read more >
How to connect to Gmail, check my inbox and read my emails?
Access Gmail in a web browser (gmail.com portal) · open the page www.gmail.com · if asked, type the email address of your Gmail...
Read more >
How to Mark All Emails as Read in Gmail - RightInbox
Marking your Whole Inbox as Read in Gmail ... Step 3. In the message at the top of the page, click Select all...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Errors on grunt build using google-api-nodejs-client with webpack

Next page

Don't know How to save .docx file from google drive