My SMTP set up using ActionMailer to send emails with Gmail was working fine until one-day it went poof and I have no idea how to fix it.
So I decided to just use the Gmail API. My implementation is very straightforward. I run an app on MYDOMAIN.com.
- I have a Google Workspace* account with [email protected]
- I want to use the [email protected] email to send confirmation emails from my app's backend
- I don't need other user permissions
Thus, what I read through the documentation was that a Service Account would be appropriate. I followed all the instructions, tried the process twice, checked the heck out of the scopes and such, but kept running into an precondition check failed error. This is really not a very descriptive error... Maybe I will try to resolve that another day... but for this question let's put that aside.
I decided to instead use the Oauth2 implementation, the one where a user would have to grant access. But I want to check if I have a fundamental misunderstanding of this implementation or not...
First, when I read the docs, for example here, it's clear that in this implementation, the USER themselves have to take action in the browser to provide access. Because this API is flexibly designed for the use case where my app would send email on behalf of a user - again that's not what I need.
If I use this to "hack" the solution I need, whereby I act as the user [email protected], to grant access, is this a permanent solution? I.e., you can imagine it won't work if every time a customer places an order on my website I have to somehow grant them access...
The reason I'm very confused is basic common sense would lead me to say that the Oauth2 implementation is not right for me, exactly given what I described... users have to give access... which I don't need, and even if I were to hack it, I can't be on-hand for each transaction. For example, see this SO entry. And research tells me that tokens expire after 12 hours at the longest.
Yet, plenty of other sources online seem to echo what I empirically found with my precondition check failed error - which is that to send email PERIOD with the Gmail API, you need to use the Oauth2.
And since a lot of things change with Google's API over time, it's hard to get the latest info... Would really appreciate thoughts from folks who've implemented this before, thanks!
- I understand from research that this won't work with a standard account, since you need to delegate domain wide authority to the service account