I need a service to manipulate emails in a gmail account within a project developed in PHP Symfony…
I found this example : https://github.com/googleapis/google-api-php-client/blob/main/docs/oauth-server.md But more confusing than helping…
I wrote this code :
src/Service/Gmail.php
<?php
namespace AppService;
use GoogleClient;
class Gmail
{
private GoogleServiceGmail $api;
private function getGoogleClient(): Client
{
$credentialsPath = getenv('GOOGLE_APPLICATION_CREDENTIALS');
if (empty($credentialsPath)) {
throw new Exception('You need to set env var GOOGLE_APPLICATION_CREDENTIALS');
}
if (!file_exists($credentialsPath)) {
throw new Exception('Credentials file path ' . getenv('GOOGLE_APPLICATION_CREDENTIALS') . ' set in GOOGLE_APPLICATION_CREDENTIALS does not exist');
}
$client = new Client();
$client->useApplicationDefaultCredentials();
return $client;
}
private function getApi(): GoogleServiceGmail
{
if (!isset($this->api)) {
$this->api = new GoogleServiceGmail($this->getGoogleClient());
}
return $this->api;
}
public function getUserMessages($userId): GoogleServiceGmailListMessagesResponse
{
return $this->getApi()->users_messages->listUsersMessages($userId);
}
}
Then I followed the steps described in Google Workspace for developers :
- Create a new project : https://developers.google.com/workspace/guides/create-project?hl=en
- Enable Gmail API : https://developers.google.com/workspace/guides/enable-apis?hl=en
- Create credentials for web application server-side : https://developers.google.com/workspace/guides/create-credentials?hl=en
But at this point I have no idea what type of credentials I need : “OAuth client ID” or a “Service account” ??? If I choose “Oauth client ID” I suppose I have to use the application type “Web application” with server side url ? Or do I choose “Service account” ?
With service account I got this error :
In REST.php line 134:
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.
google.com/identity/sign-in/web/devconsole-project.",
"errors": [
{
"message": "Login Required.",
"domain": "global",
"reason": "required",
"location": "Authorization",
"locationType": "header"
}
],
"status": "UNAUTHENTICATED",
"details": [
{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "CREDENTIALS_MISSING",
"domain": "googleapis.com",
"metadata": {
"service": "gmail.googleapis.com",
"method": "caribou.api.proto.MailboxService.ListMessages"
}
}
]
}
}
Advertisement
Answer
You have not proeprly authorized your service account to delegate to a user on your domain.
require_once('../../vendor/autoload.php');
// Some user within your workspace domain
$user_to_impersonate = "your@domain.com";
$sender = $user_to_impersonate;
$to = 'another@domain.com';
$subject = 'Hello';
$messageText = 'How are you doing?';
// The path to your service account credentials goes here.
putenv("GOOGLE_APPLICATION_CREDENTIALS=credentials.json");
$client = new Google_Client();
$client->useApplicationDefaultCredentials();
$client->setSubject($sender);
$client->setApplicationName("Quickstart");
$client->setScopes(["https://mail.google.com/"]);
$service = new Google_Service_Gmail($client);