I’m managing a Google Workspace and need help with a Java app that sends emails as a specific user (like [email protected]). We’re moving from password auth to OAuth2 for Gmail.
My app sends emails from the server as this workspace user without any user interaction. I found a sample in the Gmail docs (SendMessage.java) that might work, but I’m unsure about setting up OAuth credentials.
Here’s what I think I need to do:
- Create a project in the Google API Console
- Obtain OAuth credentials (client_secret.json)
- Integrate these credentials in the sample code
My questions are:
- Is a redirect URI needed even when there’s no user authentication?
- Does the GOOGLE_APPLICATION_CREDENTIALS file refer to the client_secret.json, or should it include additional details?
Below is my current code example:
public void sendEmail(String to, String subject, String body) throws Exception {
Properties props = new Properties();
props.put("mail.smtp.host", smtpHost);
props.put("mail.smtp.auth", "true");
Session session = Session.getInstance(props, new Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(senderEmail, password);
}
});
Message message = new MimeMessage(session);
message.setFrom(new InternetAddress(senderEmail));
message.setRecipients(Message.RecipientType.TO, InternetAddress.parse(to));
message.setSubject(subject);
message.setText(body);
Transport.send(message);
}
Any help would be greatly appreciated. Thanks!
I’ve implemented something similar recently. You’re on the right track, but there are a few key points to consider. First, for server-side OAuth without user interaction, you’ll need to set up a service account. This is different from the client credentials you mentioned.
To do this, go to the Google Cloud Console, create a new service account, and download the JSON key. This becomes your GOOGLE_APPLICATION_CREDENTIALS file. You don’t need a redirect URI for this setup.
In your Google Workspace admin console, you’ll need to grant domain-wide delegation to this service account and specify the necessary API scopes (like https://www.googleapis.com/auth/gmail.send).
Your Java code will need to use the GoogleCredentials class to load the service account key and create a Gmail service object. Then you can use this to send emails on behalf of your workspace user.
It took me a bit of trial and error to get it working, but once set up, it’s quite reliable. Good luck with your implementation!
Server-side OAuth for Gmail requires using a service account with domain-wide delegation rather than traditional client credentials. In this configuration you create a service account through the Google Cloud Console, enable the Gmail API, and download its JSON key file. The service account key is then referenced via the GOOGLE_APPLICATION_CREDENTIALS setting, and no redirect URI is needed since there is no user authentication involved. For instance, you can use the Google Auth Library for Java to load the service account credentials, delegate access to the desired user, and initialize the Gmail service for sending emails. Be sure to configure domain-wide delegation in the Google Workspace admin console.
hey pete, try server-side oauth with a service acct. set it up on gcloud, enable the gmail api & download the json key. no redirect uri needed. dont forgt to enable domain-wde delegation so creds can be delegated.