11

Specifically, I'd like to use the Gmail API to access my own mail only. Is there a way to do this without OAuth and just an API key and/or client id and secret?

Using an API key like:

require('googleapis').gmail('v1').users.messages.list({ auth: '<KEY>', userId: '<EMAIL>') });

yields the following error:

{ errors: 
   [ { domain: 'global',
       reason: 'required',
       message: 'Login Required',
       locationType: 'header',
       location: 'Authorization' } ],
  code: 401,
  message: 'Login Required' }

I suppose that message means they want a valid OAuth "Authorization" header. I would do that but I suppose that's not possible without presenting a webpage.

pinoyyid
  • 21,499
  • 14
  • 64
  • 115
Brandon Zacharie
  • 2,320
  • 2
  • 24
  • 29

2 Answers2

11

The strict answer to "Is there a way to do this without OAuth and just an API key and/or client id and secret?" is no.

However, you can achieve what you are looking for using OAuth. You simply need to store a Refresh Token, which you can then use any time to request an Auth Token to access your gmail.

In order to get the refresh token, you can either write a simple web app to do a one time auth, or follow the steps here How do I authorise an app (web or installed) without user intervention? (canonical ?) which allows you to do the whole auth flow using the Oauth Playground.

Community
  • 1
  • 1
pinoyyid
  • 21,499
  • 14
  • 64
  • 115
  • 5
    The problem is that Google OAuth 2.0 requires you to designate your project as either "Testing" or "Published." OAuth 2.0 tokens issued for "testing" projects are only valid for one week, after which the user must complete the OAuth consent process again. And OAuth 2.0 tokens issued for "published" projects are permanent, but publishing requires submitting your project to Google for review and approval, with a video and a written explanation of your security policy... etc. In short, Google has screwed up its entire service for regular users and the API is functionally unavailable to us. – David Stein Mar 12 '22 at 12:26
1

The question is rather old, but the problem is not. For now Google API has an option to create service accounts. I think it suits for everybody who wants "just connect application to its own google workspace" and not to do some actions on users behalf. Google documentation writes about it:

Typically, an application uses a service account when the application uses Google APIs to work with its own data rather than a user's data. For example, an application that uses Google Cloud Datastore for data persistence would use a service account to authenticate its calls to the Google Cloud Datastore API.

Here is the example in Java (there was no JS, but the meaning is clear):

import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.services.sqladmin.SQLAdminScopes;
      
        
GoogleCredential credential = GoogleCredential.fromStream(new FileInputStream("MyProject-1234.json"))
            .createScoped(Collections.singleton(SQLAdminScopes.SQLSERVICE_ADMIN));
    
SQLAdmin sqladmin =
        new SQLAdmin.Builder(httpTransport, JSON_FACTORY, credential).build();
SQLAdmin.Instances.List instances =
        sqladmin.instances().list("exciting-example-123").execute();
dablDev
  • 61
  • 4