{"id":3904,"date":"2014-09-11T11:36:51","date_gmt":"2014-09-11T09:36:51","guid":{"rendered":"http:\/\/www.limilabs.com\/blog\/?p=3904"},"modified":"2023-03-09T14:55:36","modified_gmt":"2023-03-09T12:55:36","slug":"oauth2-gmail-imap-service-account","status":"publish","type":"post","link":"https:\/\/www.limilabs.com\/blog\/oauth2-gmail-imap-service-account","title":{"rendered":"OAuth 2.0 with Gmail over IMAP for service account"},"content":{"rendered":"\n<div class=\"well\">You can also read how to use:\n<p>&nbsp;<\/p>\n<ul>\n<li><a href=\"\/blog\/oauth2-gmail-imap-web-applications\">OAuth 2.0 with Gmail over IMAP for web applications (Google.Apis)<\/a><\/li>\n<li><a href=\"\/blog\/oauth2-gmail-imap-installed-applications\">OAuth 2.0 with Gmail over IMAP for installed applications (Google.Apis)<\/a><\/li>\n<li>OAuth 2.0 with Gmail over IMAP for service account (Google.Apis)<\/li>\n<\/ul>\n<\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"alignleft\"><img decoding=\"async\" src=\"\/blog\/wp-content\/uploads\/2009\/11\/gmail.png\" alt=\"\" title=\"gmail\"\/><\/figure><\/div>\n\n\n\n<p>In this article I&#8217;ll show how to access Gmail account of any domain user, using OAuth 2.0, <a href=\"\/mail\">.NET IMAP component<\/a> and service accounts. The basic idea is that domain administrator can use this method to access user email without knowing user&#8217;s password.<\/p>\n\n\n\n<p>This scenario is very similar to <a href=\"\/blog\/2-legged-oauth-with-gmail\">2-legged OAuth<\/a>, which uses OAuth 1.0a. Although it still works, it has been deprecated by Google and OAuth 2.0 service accounts were introduced.<\/p>\n\n\n\n<p>The following describes how to use XOAUTH2 and OAuth 2.0 to achieve the equivalent of 2-legged OAuth.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Google.Apis<\/h2>\n\n\n\n<p>Use Nuget to download &#8220;<strong>Google.Apis.Auth<\/strong>&#8221; package.<\/p>\n\n\n\n<p>Import namespaces:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: csharp; title: ; notranslate\" title=\"\">\n\/\/ c#\n\nusing Google.Apis.Auth.OAuth2;\nusing Google.Apis.Auth.OAuth2.Flows;\nusing Google.Apis.Auth.OAuth2.Requests;\nusing Google.Apis.Auth.OAuth2.Responses;\n\nusing System.Security.Cryptography.X509Certificates;\n\nusing Limilabs.Client.Authentication.Google;\n\nusing Limilabs.Client.IMAP;\n<\/pre><\/div>\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: vb; title: ; notranslate\" title=\"\">\n' VB.NET \n\nImports Google.Apis.Auth.OAuth2\nImports Google.Apis.Auth.OAuth2.Flows\nImports Google.Apis.Auth.OAuth2.Requests\nImports Google.Apis.Auth.OAuth2.Responses\n\nImports System.Security.Cryptography.X509Certificates\n\nImports Limilabs.Client.Authentication.Google\n\nImports Limilabs.Client.IMAP\n<\/pre><\/div>\n\n\n<h2 class=\"wp-block-heading\">Google Cloud<\/h2>\n\n\n\n<p>First you need to visit <a href=\"https:\/\/cloud.google.com\/console\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google Cloud Console<\/a> and create a project:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateProject.png\"><img loading=\"lazy\" decoding=\"async\" width=\"649\" height=\"599\" src=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateProject.png\" alt=\"\" class=\"wp-image-6117\" srcset=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateProject.png 649w, https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateProject-300x277.png 300w\" sizes=\"(max-width: 649px) 100vw, 649px\" \/><\/a><\/figure>\n\n\n\n<p>Now create a new service account:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_0.png\"><img loading=\"lazy\" decoding=\"async\" width=\"767\" height=\"671\" src=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_0.png\" alt=\"\" class=\"wp-image-6122\" srcset=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_0.png 767w, https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_0-300x262.png 300w\" sizes=\"(max-width: 767px) 100vw, 767px\" \/><\/a><\/figure>\n\n\n\n<p>Add a service name and <strong>remember an email address<\/strong> assigned to your service:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_1.png\"><img loading=\"lazy\" decoding=\"async\" width=\"811\" height=\"493\" src=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_1.png\" alt=\"\" class=\"wp-image-6123\" srcset=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_1.png 811w, https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_1-300x182.png 300w, https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_1-768x467.png 768w\" sizes=\"(max-width: 811px) 100vw, 811px\" \/><\/a><\/figure>\n\n\n\n<p>Then you need to create a private key for this service:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_2.png\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"503\" src=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_2.png\" alt=\"\" class=\"wp-image-6118\" srcset=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_2.png 800w, https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_2-300x189.png 300w, https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_2-768x483.png 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_3.png\"><img loading=\"lazy\" decoding=\"async\" width=\"683\" height=\"425\" src=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_3.png\" alt=\"\" class=\"wp-image-6121\" srcset=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_3.png 683w, https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_3-300x187.png 300w\" sizes=\"(max-width: 683px) 100vw, 683px\" \/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_4.png\"><img loading=\"lazy\" decoding=\"async\" width=\"595\" height=\"385\" src=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_4.png\" alt=\"\" class=\"wp-image-6119\" srcset=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_4.png 595w, https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_4-300x194.png 300w\" sizes=\"(max-width: 595px) 100vw, 595px\" \/><\/a><\/figure>\n\n\n\n<p><strong>Download and save this private key<\/strong> (XYZ.p12)<strong>,<\/strong> you&#8217;ll need that later:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_5.png\"><img loading=\"lazy\" decoding=\"async\" width=\"753\" height=\"456\" src=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_5.png\" alt=\"\" class=\"wp-image-6120\" srcset=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_5.png 753w, https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/CreateServiceAccount_5-300x182.png 300w\" sizes=\"(max-width: 753px) 100vw, 753px\" \/><\/a><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Google Domain administration <\/h2>\n\n\n\n<p>Final part is to allow this service to access your domain. You&#8217;ll perform this steps in your <a href=\"https:\/\/admin.google.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">domain administration panel<\/a>. <\/p>\n\n\n\n<p>Remember <strong>the Client ID<\/strong> first, and go to your <a href=\"https:\/\/admin.google.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">domain administration panel<\/a>:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/DomainAdminConsole_0.png\"><img loading=\"lazy\" decoding=\"async\" width=\"884\" height=\"944\" src=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/DomainAdminConsole_0.png\" alt=\"\" class=\"wp-image-6125\" srcset=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/DomainAdminConsole_0.png 884w, https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/DomainAdminConsole_0-281x300.png 281w, https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/DomainAdminConsole_0-768x820.png 768w\" sizes=\"(max-width: 884px) 100vw, 884px\" \/><\/a><\/figure>\n\n\n\n<p>In the main menu select <strong>Security \/ Access and data control \/ API controls<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/DomainAdminConsole_1.png\"><img loading=\"lazy\" decoding=\"async\" width=\"571\" height=\"564\" src=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/DomainAdminConsole_1.png\" alt=\"\" class=\"wp-image-6126\" srcset=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/DomainAdminConsole_1.png 571w, https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/DomainAdminConsole_1-300x296.png 300w\" sizes=\"(max-width: 571px) 100vw, 571px\" \/><\/a><\/figure>\n\n\n\n<p>Then <strong>Manage domain wide delegation<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/DomainAdminConsole_2.png\"><img loading=\"lazy\" decoding=\"async\" width=\"605\" height=\"221\" src=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/DomainAdminConsole_2.png\" alt=\"\" class=\"wp-image-6124\" srcset=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/DomainAdminConsole_2.png 605w, https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/DomainAdminConsole_2-300x110.png 300w\" sizes=\"(max-width: 605px) 100vw, 605px\" \/><\/a><\/figure>\n\n\n\n<p>Use previously remembered Client ID and <code>https:\/\/mail.google.com\/<\/code>, which is IMAP\/SMTP API scope:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/DomainAdminConsole_3.png\"><img loading=\"lazy\" decoding=\"async\" width=\"677\" height=\"554\" src=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/DomainAdminConsole_3.png\" alt=\"\" class=\"wp-image-6127\" srcset=\"https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/DomainAdminConsole_3.png 677w, https:\/\/www.limilabs.com\/blog\/wp-content\/uploads\/2022\/05\/DomainAdminConsole_3-300x245.png 300w\" sizes=\"(max-width: 677px) 100vw, 677px\" \/><\/a><\/figure>\n\n\n\n<p>Alternatively you can use <code>https:\/\/www.googleapis.com\/auth\/gmail.imap_admin<\/code>\u00a0scope.<\/p>\n\n\n\n<p>When authorized with this scope, IMAP connections behave differently:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>All labels are shown<\/strong> via IMAP, even if users disabled &#8220;Show in IMAP&#8221; for the label in the Gmail settings.<\/li><li><strong>All messages are shown<\/strong> via IMAP, regardless of what the user set in &#8220;Folder Size Limits&#8221; in the Gmail settings.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Access IMAP\/SMTP server<\/h2>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: csharp; title: ; notranslate\" title=\"\">\n\/\/ C#\n\nconst string serviceAccountEmail = \"name@xxxxxxxxxx.gserviceaccount.com\";\nconst string serviceAccountCertPath = @\"c:\\XYZ.p12\";\nconst string serviceAccountCertPassword = \"notasecret\";\nconst string userEmail = \"user@your-domain.com\";\n\nX509Certificate2 certificate = new X509Certificate2(\n    serviceAccountCertPath,\n    serviceAccountCertPassword,\n    X509KeyStorageFlags.Exportable);\n\nServiceAccountCredential credential = new ServiceAccountCredential(\n    new ServiceAccountCredential.Initializer(serviceAccountEmail)\n    {\n        Scopes = new&#x5B;] { \"https:\/\/mail.google.com\/\" },\n        \/\/ Scopes = new&#x5B;] { \"https:\/\/www.googleapis.com\/auth\/gmail.imap_admin\" },\n\n        User = userEmail\n    }.FromCertificate(certificate));\n\nbool success = await credential.RequestAccessTokenAsync(\n    CancellationToken.None);\n\nusing (Imap imap = new Imap())\n{\n    imap.ConnectSSL(\"imap.gmail.com\");\n    imap.LoginOAUTH2(userEmail, credential.Token.AccessToken);\n\n    imap.SelectInbox();\n\n    foreach (long uid in uids)\n    {\n        var eml = client.GetMessageByUID(uid);\n        IMail email = new MailBuilder().CreateFromEml(eml);\n        Console.WriteLine(email.Subject);\n    }\n\n    imap.Close();\n}\n<\/pre><\/div>\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: vb; title: ; notranslate\" title=\"\">\n' VB.NET\n\nConst serviceAccountEmail As String = \"name@xxxxxxxxxx.gserviceaccount.com\"\nConst serviceAccountCertPath As String = \"c:\\XYZ.p12\"\nConst serviceAccountCertPassword As String = \"notasecret\"\nConst userEmail As String = \"user@your-domain.com\"\n\nDim certificate As New X509Certificate2(serviceAccountCertPath, serviceAccountCertPassword, X509KeyStorageFlags.Exportable)\n\nDim credential As New ServiceAccountCredential(New ServiceAccountCredential.Initializer(serviceAccountEmail) With { _\n\t.Scopes = {\"https:\/\/mail.google.com\/\"}, _\n\t' .Scopes = {\"https:\/\/www.googleapis.com\/auth\/gmail.imap_admin\"}, _\n\t.User = userEmail _\n}.FromCertificate(certificate))\n\nDim success As Boolean = credential.RequestAccessTokenAsync(\n    CancellationToken.None).Result\n\nUsing imap As New Imap()\n\timap.ConnectSSL(\"imap.gmail.com\")\n\timap.LoginOAUTH2(userEmail, credential.Token.AccessToken)\n\n\timap.SelectInbox()\n\n\tFor Each uid As Long In uids\n\t\tDim eml = client.GetMessageByUID(uid)\n\t\tDim email As IMail = New MailBuilder().CreateFromEml(eml)\n\t\tConsole.WriteLine(email.Subject)\n\tNext\n\n\timap.Close()\nEnd Using\n<\/pre><\/div>","protected":false},"excerpt":{"rendered":"<p>You can also read how to use: &nbsp; OAuth 2.0 with Gmail over IMAP for web applications (Google.Apis) OAuth 2.0 with Gmail over IMAP for installed applications (Google.Apis) OAuth 2.0 with Gmail over IMAP for service account (Google.Apis) In this article I&#8217;ll show how to access Gmail account of any domain user, using OAuth 2.0, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[15,33,25,77,84,57,85],"class_list":["post-3904","post","type-post","status-publish","format-standard","hentry","category-mail-dll","tag-c","tag-email-component","tag-gmail","tag-imap-component","tag-oauth-2-0","tag-vb-net","tag-xoauth2"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/posts\/3904"}],"collection":[{"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/comments?post=3904"}],"version-history":[{"count":73,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/posts\/3904\/revisions"}],"predecessor-version":[{"id":6442,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/posts\/3904\/revisions\/6442"}],"wp:attachment":[{"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/media?parent=3904"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/categories?post=3904"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/tags?post=3904"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}