I need a service to manipulate emails in a gmail account within a project developed in PHP Symfony…
I found this example : https://github.com/googleapis/google-api-php-client/blob/main/docs/oauth-server.md But more confusing than helping…
I wrote this code :
src/Service/Gmail.php
<?php namespace AppService; use GoogleClient; class Gmail { private GoogleServiceGmail $api; private function getGoogleClient(): Client { $credentialsPath = getenv('GOOGLE_APPLICATION_CREDENTIALS'); if (empty($credentialsPath)) { throw new Exception('You need to set env var GOOGLE_APPLICATION_CREDENTIALS'); } if (!file_exists($credentialsPath)) { throw new Exception('Credentials file path ' . getenv('GOOGLE_APPLICATION_CREDENTIALS') . ' set in GOOGLE_APPLICATION_CREDENTIALS does not exist'); } $client = new Client(); $client->useApplicationDefaultCredentials(); return $client; } private function getApi(): GoogleServiceGmail { if (!isset($this->api)) { $this->api = new GoogleServiceGmail($this->getGoogleClient()); } return $this->api; } public function getUserMessages($userId): GoogleServiceGmailListMessagesResponse { return $this->getApi()->users_messages->listUsersMessages($userId); } }
Then I followed the steps described in Google Workspace for developers :
- Create a new project : https://developers.google.com/workspace/guides/create-project?hl=en
- Enable Gmail API : https://developers.google.com/workspace/guides/enable-apis?hl=en
- Create credentials for web application server-side : https://developers.google.com/workspace/guides/create-credentials?hl=en
But at this point I have no idea what type of credentials I need : “OAuth client ID” or a “Service account” ??? If I choose “Oauth client ID” I suppose I have to use the application type “Web application” with server side url ? Or do I choose “Service account” ?
With service account I got this error :
In REST.php line 134: { "error": { "code": 401, "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers. google.com/identity/sign-in/web/devconsole-project.", "errors": [ { "message": "Login Required.", "domain": "global", "reason": "required", "location": "Authorization", "locationType": "header" } ], "status": "UNAUTHENTICATED", "details": [ { "@type": "type.googleapis.com/google.rpc.ErrorInfo", "reason": "CREDENTIALS_MISSING", "domain": "googleapis.com", "metadata": { "service": "gmail.googleapis.com", "method": "caribou.api.proto.MailboxService.ListMessages" } } ] } }
Advertisement
Answer
You have not proeprly authorized your service account to delegate to a user on your domain.
require_once('../../vendor/autoload.php'); // Some user within your workspace domain $user_to_impersonate = "your@domain.com"; $sender = $user_to_impersonate; $to = 'another@domain.com'; $subject = 'Hello'; $messageText = 'How are you doing?'; // The path to your service account credentials goes here. putenv("GOOGLE_APPLICATION_CREDENTIALS=credentials.json"); $client = new Google_Client(); $client->useApplicationDefaultCredentials(); $client->setSubject($sender); $client->setApplicationName("Quickstart"); $client->setScopes(["https://mail.google.com/"]); $service = new Google_Service_Gmail($client);