I need a service to manipulate emails in a gmail account within a project developed in PHP Symfony…
I found this example : https://github.com/googleapis/google-api-php-client/blob/main/docs/oauth-server.md But more confusing than helping…
I wrote this code :
src/Service/Gmail.php
JavaScript
x
<?phpnamespace AppService;use GoogleClient;class Gmail{ private GoogleServiceGmail $api; private function getGoogleClient(): Client { $credentialsPath = getenv('GOOGLE_APPLICATION_CREDENTIALS'); if (empty($credentialsPath)) { throw new Exception('You need to set env var GOOGLE_APPLICATION_CREDENTIALS'); } if (!file_exists($credentialsPath)) { throw new Exception('Credentials file path ' . getenv('GOOGLE_APPLICATION_CREDENTIALS') . ' set in GOOGLE_APPLICATION_CREDENTIALS does not exist'); } $client = new Client(); $client->useApplicationDefaultCredentials(); return $client; } private function getApi(): GoogleServiceGmail { if (!isset($this->api)) { $this->api = new GoogleServiceGmail($this->getGoogleClient()); } return $this->api; } public function getUserMessages($userId): GoogleServiceGmailListMessagesResponse { return $this->getApi()->users_messages->listUsersMessages($userId); }}Then I followed the steps described in Google Workspace for developers :
- Create a new project : https://developers.google.com/workspace/guides/create-project?hl=en
- Enable Gmail API : https://developers.google.com/workspace/guides/enable-apis?hl=en
- Create credentials for web application server-side : https://developers.google.com/workspace/guides/create-credentials?hl=en
But at this point I have no idea what type of credentials I need : “OAuth client ID” or a “Service account” ??? If I choose “Oauth client ID” I suppose I have to use the application type “Web application” with server side url ? Or do I choose “Service account” ?
With service account I got this error :
JavaScript
In REST.php line 134: { "error": { "code": 401, "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers. google.com/identity/sign-in/web/devconsole-project.", "errors": [ { "message": "Login Required.", "domain": "global", "reason": "required", "location": "Authorization", "locationType": "header" } ], "status": "UNAUTHENTICATED", "details": [ { "@type": "type.googleapis.com/google.rpc.ErrorInfo", "reason": "CREDENTIALS_MISSING", "domain": "googleapis.com", "metadata": { "service": "gmail.googleapis.com", "method": "caribou.api.proto.MailboxService.ListMessages" } } ] } }Advertisement
Answer
You have not proeprly authorized your service account to delegate to a user on your domain.
JavaScript
require_once('../../vendor/autoload.php');// Some user within your workspace domain$user_to_impersonate = "your@domain.com";$sender = $user_to_impersonate;$to = 'another@domain.com';$subject = 'Hello';$messageText = 'How are you doing?';// The path to your service account credentials goes here.putenv("GOOGLE_APPLICATION_CREDENTIALS=credentials.json");$client = new Google_Client();$client->useApplicationDefaultCredentials();$client->setSubject($sender);$client->setApplicationName("Quickstart");$client->setScopes(["https://mail.google.com/"]);$service = new Google_Service_Gmail($client);