0

I need my customers to forward me the emails received on their Gmail account from certain email addresses.

To avoid them to setup these rule manually, I was wondering to use Gmail APIs to create a path where user just select the Gmail account and delegate us to setup the forwarding filter.

This works well, I can create/delete/list filters,
Problem arise when the forwarding email address is not already set, i.e. always:

To setup Forwarding address, domain-wide-delegation is required, and here starts my problems:

first of all is the meaning of domain-wide-delegation that makes me wonder:

domain would be gmail.com and clearly I'm not an admin of such domain

That means that what I'm trying to achieve it is not possible?

furthermore, I have another issue:

I created a Service Account and I have the
Email,
Key ID,
Client ID
service_account.json file with private key
and Domain Wide Delegation is set as Enabled

but I have not understood how to change the original routine in way of using Service Account instead of oAuth 2.0

I can imagine I have to change from using OAuth 2.0 Client IDs to service account

Can someone explain how to use service account instead of oAuth?

Joe
  • 1,033
  • 1
  • 16
  • 39
  • Might be helpful: https://stackoverflow.com/questions/61915432/google-oauth-using-domain-wide-delegation-and-service-account/61932919#61932919 (you didn't specify language but here's how to do it with a JWT and node – Rafa Guillermo Feb 19 '21 at 16:57
  • Thanks Rafa.. I forgot to set PHP as language. Will check JWT solution, but if you have some PHP suggestion, would be appreciated – Joe Feb 19 '21 at 20:33
  • I'm not super familiar with PHP, though have used it from time to time. Can take a look on Monday if you're still stuck from just the JWT solution, lmk :) – Rafa Guillermo Feb 20 '21 at 21:20
  • OK, I got Access_Token using JWT solution (but with empty subject!), but it is the whole procedure I have not understood: I imagine I have to enter the gmail account in subject, but since I do not know such info I have to ask user to authenticate (and authorize) and then call again to get access_token Furthermore to create a forward address it is stated that `Operations guarded by this scope are restricted to administrative use only. They are only available to Google Workspace customers using a service account with domain-wide delegation` Therefore have to add also such option? Thanks – Joe Feb 22 '21 at 17:43
  • I suggest to ask a new question for further clarification. Maybe there is some useful information [here](https://stackoverflow.com/questions/61744176/creating-google-calendar-events-with-a-gcp-service-account/61778053#61778053) – Rafa Guillermo Feb 26 '21 at 12:52
  • Thanks for the answer.. I will try to make a new question, but from what I've understood I need a Google Workspace account and all users has to be part of this workspace to be able to create the forward address via API. Furthermore, what is meant for "domain"? is it real domain uri? i.e.: gmail.com because I have to generate forwarding address for gmail users.. therefore if domain is gmail.. I cannot be the manager.. Thanks – Joe Feb 26 '21 at 17:03

0 Answers0